Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Russian Hacker Selling 1.5M Facebook Accounts

Soulskill posted more than 4 years ago | from the army-of-pokes dept.

Crime 193

Sir Codelot writes "A hacker who calls himself Kirllos has obtained and is now offering to sell 1.5 million Facebook IDs at astonishingly low prices — $25 per 1,000 IDs for users with fewer than 10 friends and $45 per 1,000 IDs for users with more than 10 friends. Looking at the numbers, Kirllos has stolen the IDs of one out of every 300 Facebook users. Quoting: 'VeriSign director of cyber intelligence Rick Howard told the New York Times that it appeared close to 700,000 had already been sold. Kirllos would have earned at least $25,000 from the scam. Howard told the newspaper that it was not apparent whether the accounts and passwords were legitimate, but a Russian underground hacking magazine reported it had tested some of Kirllos' previous samples and managed to get into people's accounts.'"

Sorry! There are no comments related to the filter you selected.

Translation (5, Insightful)

eldavojohn (898314) | more than 4 years ago | (#31975320)

Looking at the numbers, Kirllos has stolen the IDs of one out of every 300 Facebook users.

Translation: it might not be a bad time to change your password if you use Facebook.

Re:Translation (2, Funny)

advocate_one (662832) | more than 4 years ago | (#31975396)

that's if I could get in... FB is currently down for me...

Re:Translation (1)

miggyb (1537903) | more than 4 years ago | (#31975426)

It's working fine for me. It might be time to panic.

Re:Translation (5, Insightful)

Bergs007 (1797486) | more than 4 years ago | (#31975492)

Actually... what this means is that you should change your banking passwords. It appears that what they are trying to do is use Facebook login credentials to go and see if there are any associated bank accounts with the same login information.

Re:Translation (4, Insightful)

pitchpipe (708843) | more than 4 years ago | (#31975694)

Translation: it might not be a bad time to change your password if you use Facebook.

Actually... what this means is that you should change your banking passwords.

Actually... what this means is that you shouldn't use the same password for more than one site. You should use an app that is encrypted and password protected to store all of your login info.

Re:Translation (2, Interesting)

init100 (915886) | more than 4 years ago | (#31975714)

Actually... what this means is that you should change your banking passwords.

Do any banks actually use ordinary password authentication? My bank has provided me with a Digipass, a small device with a numeric keypad, where I enter my PIN, select an authentication mode, input a challenge (a couple of randomly generated bank-provided numbers) and when confirming transfer orders, an amount. The device then displays a string of digits, which I enter into the bank login page. Using ordinary passwords seem pretty insecure in comparison.

Re:Translation (4, Interesting)

human spam filter (994463) | more than 4 years ago | (#31975802)

Being from Europe I was pretty surprised when I came to the US and learned that virtually all* banks use ordinary passwords for online banking.. *the ones I know of: Citi, Bank of America, US Bank

Re:Translation (2, Interesting)

hedwards (940851) | more than 4 years ago | (#31975866)

Honestly, E*Trade is pretty much the only one I can think of off the top of my head that uses something like that. Pretty much every bank in the country just uses simple passwords with verification questions. And an astonishing number don't bother to make their home page load via SSl.

The main reason being that they aren't generally held accountable for breaches that may occur due to their own lax security measures. In relative recent history it was still relatively common for ID thieves to be able to get lots of material dumpster diving. As well as for companies like TD Ameritrade to fail to notice that they'd been haxxored.

Mostly it's a side effect of the conservative's personal responsibility fetish. Basically make everything the fault of the victim even if it's clearly not their fault.

Re:Translation (4, Funny)

creimer (824291) | more than 3 years ago | (#31975896)

Basically make everything the fault of the victim even if it's clearly not their fault.

And charge a fee. Remember, in the financial industry, you're criminally stupid if you don't make money off the mistakes of those around you. That's American capitalism for you.

Re:Translation (0)

Anonymous Coward | more than 3 years ago | (#31976404)

>The main reason being that they aren't generally held accountable for breaches that may occur due to their own lax security measures.

>As well as for companies like TD Ameritrade to fail to notice that they'd been haxxored.

Thankfully, their TD Canada Trust at least have the following on the webpage:

Our online security guarantee
In the unlikely event you experience a loss from an EasyWeb or WebBroker transaction you did not authorize, you will receive 100% reimbursement.

WasyWeb = online banking

Re:Translation (0)

Anonymous Coward | more than 3 years ago | (#31976870)

Banks and many other businesses are not as stupid as you imply. They simply evaluate the cost of security measures vs the benefit. Corporations are under a legal and I would argue a moral obligation to optimize their owners return on investment. The fact that some customers are inconvenienced (or perhaps you prefer screwed) by fraudulent activity permitted by poor security measures is of no importance unless it impacts the banks' profitability.

Re:Translation (1)

c_sd_m (995261) | more than 3 years ago | (#31975954)

I know of a large North American bank that not only uses password auth, it limits pwds to 6 characters.

Re:Translation (1)

dotgain (630123) | more than 3 years ago | (#31977254)

My bank (ASB, New Zealand) is right up with the 1990's, and uses eight letters. They ignore case (but require at least two capitals in new passwords) to make up for it.

Re:Translation (1, Insightful)

Anonymous Coward | more than 3 years ago | (#31977154)

Hmm, I use 5 banks on a regular basis. Carrying around 5 devices with me so I can check my bank accounts seems awfully inconvenient.

Re:Translation (1)

capo_dei_capi (1794030) | more than 4 years ago | (#31975836)

Not exactly. According to TFA their plan is to send people links to malware hosting websites from "trusted" sources, and by means of malware get access to facebook users' bank accounts.

Re:Translation (1)

CarpetShark (865376) | more than 3 years ago | (#31976448)

There are banks that allow you to log in with the same username/password auth system that sites like facebook use? If so, you should probably expect it to have been hacked ages ago.

Re:Translation (0)

Anonymous Coward | more than 4 years ago | (#31975810)

Does FB even have encryption in their login? It seems that FB is not extremely concerned about privacy or security.

Re:Translation (1)

icebraining (1313345) | more than 3 years ago | (#31976344)

Yes. Although the homepage isn't encrypted, the login&password are posted to https://login.facebook.com/login.php [facebook.com] (which then redirects to another unencrypted page).

Re:Translation (4, Interesting)

tomhudson (43916) | more than 4 years ago | (#31975852)

  1. Write script to make a million face facebook accounts, friend each other at random
  2. Sell fake accounts.

Re:Translation (2, Interesting)

capo_dei_capi (1794030) | more than 3 years ago | (#31976340)

Some New Zealand guy found his account on a list that was published earlier by the hacker, sure he may be complicit in the fraud, but then that wouldn't explain why the Russian hacker magazine didn't notice anything special about those accounts, such as a lack of messages. Also I would assume that FB has some mechanisms in place for preventing one IP to be used for signing up several hundred times, so he would have to use stuff like a bot net, and a captcha breaker anyway. So creating 1.5M fake accounts wouldn't turn out much easier than just phishing, brute-forcing, or whatever.

Re:Translation (1)

icebraining (1313345) | more than 3 years ago | (#31976368)

Only if they can break the reCaptcha shown when you register a new account.

Re:Translation (2, Interesting)

atisss (1661313) | more than 3 years ago | (#31976622)

Which has been already broken in OCR farms

Re:Translation (4, Funny)

Hurricane78 (562437) | more than 3 years ago | (#31976116)

As if you needed a password to get the data of a Facebook account...
Dude, just ask Zuckerberg nicely. You’re by far not the first one he sold account data out to.

Re:Translation (0)

Anonymous Coward | more than 3 years ago | (#31976888)

it seems he got hold of 'master password', so he can login any id

I'll take them (5, Funny)

kyrio (1091003) | more than 4 years ago | (#31975324)

I can increase the size of my friend network and be the biggest star on the net!

Re:I'll take them (0)

Anonymous Coward | more than 3 years ago | (#31975924)

25 bucks and you can increase the size of your farmville farm!

That's my chance... (2, Funny)

celibate for life (1639541) | more than 4 years ago | (#31975342)

... to become a new man.

hope this was just phishing and not brust force... (1, Insightful)

Anonymous Coward | more than 4 years ago | (#31975356)

wow that sucks.... *changes FB password just incase*

Immature nut (1, Insightful)

Anonymous Coward | more than 4 years ago | (#31975372)

Facebook is so passe, move on.

Re:Immature nut (1)

aembleton (324527) | more than 4 years ago | (#31975702)

Move on to what? And, how do we know this 'hacker' hasn't generated these 1.5 million accounts to sell, rather than going through the trouble of hacking?

Re:Immature nut (0)

Anonymous Coward | more than 3 years ago | (#31976748)

Just give up on the sort of site once and for all.
Exposing all sorts of 'stuff' about yourself to all & sundry in the world is just plain crazy and asking for all sorts of trouble.

I don't and will never use sites like Facebook, LinkeIn etc etc. I had my identity stolen in 1973 by someone intercepting my mail. Just think how easy it is to steal all sorts of data about you now that we have the internet?

Pah
 

It is simple. (0, Troll)

For a Free Internet (1594621) | more than 4 years ago | (#31975386)

You do not understand. Russians are friendly people. On the contrary, Amrericans are jerks and stupid illiterate fat shit heads. So why is eve3ryone so up in ar,ms that Russians have more friensd? It is because you are ignorant and ugly, stop blaming other people for your problems you Yankee cock suckers.

Re:It is simple. (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#31975410)

Russia's friends are Iraq, Venezuela, China and North Korea.

Not exactly the whos who of friends lists.

Re:It is simple. (2, Interesting)

hedwards (940851) | more than 3 years ago | (#31975892)

Probably because unlike in the US, Russia seems to turn a completely blind eye to cyber criminals. Granted we don't do such a good job ourselves, but we do look for them and prosecute them when found. It's rich that a country with a very serious problem with organized crime would even pretend like there's no justification for pointing a finger back at the lack of enforcement.

Re:It is simple. (2, Interesting)

FuckingNickName (1362625) | more than 3 years ago | (#31976046)

Ah, cyber crime, the offence of sending ones and zeros down a wire to produce forbidden tones [youtube.com] .

To specify, money in a bank is just an entry in a database. Someone fraudulently reduce some entry by $1000 and increase another by $1000? Roll back.

Banks have a problem with the administrative burden? Luckily, mine is owned substantially by the state now, so shouldn't be much of a problem enforcing this.

Re:It is simple. (1)

228e2 (934443) | more than 3 years ago | (#31976786)

Are you seriously trying to defend cybercrimes?

Re:It is simple. (1)

FuckingNickName (1362625) | more than 3 years ago | (#31976912)

Defending them? I'm just contextualising the problem.

To wit, cybercrimes cause precisely as much harm as your bank/government in your country wants them to cause. It's like spam: you could pretend that you can shut down all spammers across the world at source, or you could deploy education and effective antispam solutions to protect potential victims.

NOOO! (3, Funny)

Anonymous Coward | more than 4 years ago | (#31975462)

What is going to happen to my beautiful farm :(

Great PoE (4, Insightful)

BountyX (1227176) | more than 4 years ago | (#31975504)

I'm suprised they are not worth more since they represent a great point of entry for social attacks. Think Personalized spam (i.e. "Hey John, I think Laura wanted you to buy this for the concert you are attending next week"), targeted dictionaries, localized phising (i.e. location data deploys phising to compromised machines near you). Once you break a single friend in the "network" you gain additional information to everyone in that scope, so the return on entry is very promosing. An attacker can begin profiling ideal targets in the guise of friends. Ah, so many possibilties. Such a gold mine.

Re:Great PoE (3, Interesting)

Bigjeff5 (1143585) | more than 4 years ago | (#31975570)

The wonderful thing about his product though, is that he can keep selling it even after he has sold it.

He doesn't have 1.5 million accounts to sell once, he has 1.5 million accounts to sell over and over and over. He may only be able to get $50k for the lot, but he can sell them all a dozen times. Depending on if they catch him or not, and how effective they are at getting people to change their passwords (the only way to make the accounts worthless), this guy could make half a million dollars or more pretty easily.

Re:Great PoE (4, Funny)

phillips321 (955784) | more than 4 years ago | (#31975630)

The wonderful thing about his product though, is that he can keep selling it even after he has sold it.

He doesn't have 1.5 million accounts to sell once, he has 1.5 million accounts to sell over and over and over. He may only be able to get $50k for the lot, but he can sell them all a dozen times. Depending on if they catch him or not, and how effective they are at getting people to change their passwords (the only way to make the accounts worthless), this guy could make half a million dollars or more pretty easily.

Not if I'm the first to buy them and change the passwords on the accounts....

Re:Great PoE (0)

Anonymous Coward | more than 4 years ago | (#31975738)

lol
Too bad I don't have any mod points right now.

Re:Great PoE (3, Interesting)

Anonymous Coward | more than 3 years ago | (#31976158)

Yes, but that would make the accounts worthless pretty quickly. The "value" of the account is that both the buyer and the actual account owner know the password. So it looks like a completely legitimate thing when the buyer (pretending to be the actual account owner) sends messages to the account owners "friends" asking them to go to certain sites, run certain "cool" programs, etc. The value goes down pretty quickly if the original owner is locked out by a password change and tells all their "friends" that they can't get in to Facebook anymore and had to make a new account. It makes any messages coming from that old account pretty suspicious even to the average idiot user.

Re:Great PoE (2, Funny)

poena.dare (306891) | more than 4 years ago | (#31975736)

In other news, FB has slashed prices on IDs to their spamverstisers!

Re:Great PoE (3, Funny)

timeOday (582209) | more than 3 years ago | (#31976542)

He may only be able to get $50k for the lot, but he can sell them all a dozen times.

Are you impugning the dignity of this entreprenuer? A man's word is his bond, and the most valuable asset he possesses. I'd be surprised if he isn't contacting legal counsel to initiate legal action against you for defamation of character as we speak!

Re:Great PoE (1)

DarkOx (621550) | more than 4 years ago | (#31975848)

Don't forget the value of all the answers for to factor authentication as well. Lots of banking sites and stuff will after you enter your password/username pair correctly also ask you something like, what is your mothers maiden name, or What is your favorite kind of car, or what elementary school did you attend, etc etc. All things that someone with access to your facebook account might have a very good shot at knowing.

Re:Great PoE (0)

Anonymous Coward | more than 3 years ago | (#31977034)

FYI: A password recovery question is not two factor authentication. It is no different from a password and probably less useful since most people forget the answers.

Re:Great PoE (1)

DarkOx (621550) | more than 3 years ago | (#31977120)

Right and decent banking sites don't use those for password recovery questions. They use them for an additional check each time you logon; they usually have you answer a number of questions when you setup your online access and challenge you with one in a semi-random fashion using a window of time as the seed so an attacker can't just try again in hopes of getting a question he can answer right away; he will have to wait an hour or something.

They usually lock your account pretty quickly two or three tries for bad password or bad answers. To get it unlocked / recover your password you usually call customer service and they ask you for a number of things most attackers should not know like, the full account number, the last X transactions for the previous months statement, your SS number.

Play with fire (5, Insightful)

Becausegodhasmademe (861067) | more than 4 years ago | (#31975576)

According to the Facebook statistics page the average account has 130 friends. If 1 in 300 accounts are compromised and you have circa 130 friends then the odds are quite high that the personal data you have "only available to friends" is going to become available to some fairly unfriendly people shortly.

Reminds me of the evertrue saying 'play with fire and you'll get burnt'. I have always been mindful of the threat FB poses to my privacy and have completely closed down my account several times, but keep giving in and going back due to peer pressure from family & friends. This time I'm killing it off for sure. No organization, be it governmental or corporate should have control over so much of an individuals personal data.

Re:Play with fire (3, Informative)

Anonymous Coward | more than 4 years ago | (#31975636)

For those of you who don't know how to leave Facebook... http://www.facebook.com/help/contact.php?show_form=delete_account [facebook.com]

Re:Play with fire (1, Offtopic)

daveime (1253762) | more than 3 years ago | (#31976318)

I'M SORRY ANONYMOUS COWARD, I CAN'T LET YOU DO THAT.

Filter error: Don't use so many caps. It's like YELLING. Nope, I'm just trying to emulate what was done on Tron and later revamped on Southpark. Stop being so fucking judgmental, you don't know me !

Re:Play with fire (1, Funny)

Sir_Lewk (967686) | more than 3 years ago | (#31977022)

I'm just trying to emulate what was done on Tron and later revamped on Southpark.

"I'm sorry [NAME], I can't let you do that." is a reference to HAL 9000 of 2001: A Space Odyssey fame.

Not get off my lawn!

Re:Play with fire (2, Insightful)

Nidi62 (1525137) | more than 4 years ago | (#31975778)

No one forces you to fill in all the information. Just have a page with your name on it if friends and family want you to have one. Just leave blank all the other sections. Then you have no problems with your personal information.

Re:Play with fire (3, Informative)

Ron Bennett (14590) | more than 3 years ago | (#31976132)

No one forces you to fill in all the information. Just have a page with your name on it if friends and family want you to have one. Just leave blank all the other sections. Then you have no problems with your personal information.

Wrong! This is one of the biggest misconceptions people have. The true value isn't one's profile per se, but who one's "friends" are and the various interactions between them.

Unless your friends are all strangers who know little about you, your personal information is likely more exposed on Facebook than you realize. Often I see instances of a parent, sibling, in-laws, significant other, etc post personal details on one's Facebook wall, gallery, etc that are often visible to others on one's friend list, and even often to friends of friends too.

And that's not even getting into the issue of rogue friends, which can easily sneak in to gather information; among the value of stealing FB IDs ... it's not always about getting passwords, but rather collecting data for other uses, such as, spear-phishing / more targeted attacks - learning one's security questions they have setup on say a banking site.

Ron

Re:Play with fire (1)

Nidi62 (1525137) | more than 3 years ago | (#31976190)

Your friends aren't going to be putting where you live, where you work, your phone number, or any of that other crap on their page. And even if they are, you just tell them, don't put my personal information on there". If they don't respect your wish, de-friend them. You are throwing the baby out with the bathwater if you simply cancel your whole account.

Re:Play with fire (1, Funny)

Anonymous Coward | more than 3 years ago | (#31976526)

It's a pretty ugly and annoying baby, though.

Re:Play with fire (1)

GrumblyStuff (870046) | more than 3 years ago | (#31976674)

Maybe not outright but little details add up. Keeping track of said details could be a full time job with some FB addicts.

Good luck explaining why you defriended someone though.

Re:Play with fire (1)

GIL_Dude (850471) | more than 3 years ago | (#31976202)

I removed my personal information by just changing it to random cities, phone number of a business in that random city (address too). I was one of those who had some level of "real" info there in the past that was locked down to be visible by certain users only. However, with all the "privacy" changes (read turning off privacy) that FB has been making lately I went and changed the info to false info. I'd imagine some cache somewhere will still have the real stuff for awhile, but that it will become harder and harder over time for people to access it. The profile is still "locked" so that only certain people can see it and "friends" can't share it - it will be interesting to see when FB "leaks" that fake info.

Re:Play with fire (0)

Anonymous Coward | more than 4 years ago | (#31975798)

The sorta weird thing about Facebook I find is that it's only really useful for people you still would meet face-to-face anyway. for example at uni, i got to know people, there were always fb messages flying back and forth during my time there, etc. about where we would meet, etc. after uni, the conversations basically died down and i will only message maybe one or two ppl, let alone even visit their profile.

bottom line is, get the e/mail(s)/phone(s)/skype of those you _truly_ want to stay in touch with, build those relationships up, and forget about everyone else, it's not really worth the privacy risk.

as a side note(s), someone should launch a social neworking website like fb as a foundation. that way, theres no incentive to profit from the user information, and donations could keep it afloat. that also means everything that is stored could maybe be encrypted...

lastly, it is inevitable that corporations will creep into facebook. soon there are going to be ads for subs, burgers, shampoo and that crap littering status updates/posts/etc. facebook needs to start making money somehow...

Re:Play with fire (1)

larry bagina (561269) | more than 3 years ago | (#31975890)

corporations are already on facebook. Look at the slashdot homepage sometime. And facebook does advertising, somewhat like google ads but less relevant (for now...)

Re:Play with fire (1)

GillyGuthrie (1515855) | more than 3 years ago | (#31975998)

facebook needs to start making money somehow...

They're already making tons of money! The CEO of Facebook is the world's youngest self-made billionaire!

Re:Play with fire (1)

Ron Bennett (14590) | more than 3 years ago | (#31975914)

Exactly. Makes spear-phishing a cinch.

You mention closing down your FB account permanently. If so, be sure you delete everything out of it, including unfriending everyone, all public / private messages, gallery pictures, etc. If you've recently closed your account, just log back in and reactivate it (may be occur automatically), delete everything, and then delete the account again. And to ensure your FB account remains deleted, do not try logging into it for a month (FB says wait two weeks, but don't trust that; wait the month).

On a related note, I personally deactivated (different than deleting) my lightly-used FB account about a month ago. I deleted everything out, but only deactivated the account and selected, to paraphrase, "This is temporary, I will be back." reason. That way my basic profile should remain in their system as a placeholder for potential future use; preventing use of my email address and vanity name by others who register there.

Ron

Re:Play with fire (2, Interesting)

flyingfsck (986395) | more than 3 years ago | (#31976200)

Uhmm, you keep going back and keep keying in real personal data?

Your Geek Card should be revoked.

I also have a FB account, with nothing in it. Well, nothing that is remotely true anyway.

Re:Play with fire (1)

ChienAndalu (1293930) | more than 3 years ago | (#31976426)

This time I'm killing it off for sure.

No you won't.

Re:Play with fire (1)

tpthompson (658704) | more than 3 years ago | (#31976456)

Permanently delete FB account (inside)

Given the 2010 track record of FB this sends the 'correct message'...the captcha during delete is something else (ymmv)...takes 14 days inactive before they comply with request.

Log-in, then paste the direct link: http://www.facebook.com/help/contact.php?show_form=delete_account [facebook.com]
which will auto rewrite to https for two stage authentication post actions

Explain page> http://www.facebook.com/group.php?gid=16929680703 [facebook.com]

Re:Play with fire (1)

Weirsbaski (585954) | more than 3 years ago | (#31976970)

According to the Facebook statistics page the average account has 130 friends. If 1 in 300 accounts are compromised and you have circa 130 friends then the odds are quite high that the personal data you have "only available to friends" is going to become available to some fairly unfriendly people shortly.

Of course, the way facebook itself is headed odds are high that "only available to friends" data is already going to be available to everybody shortly. At least that's what facebook's retroactive TOS changes say.

FB has been quite liberal with users' privacy (4, Informative)

blind biker (1066130) | more than 4 years ago | (#31975662)

...and yet, time after time, FB users ignored the abuse and kept on using the service. I really have little sympathy for such blatant and above all, stubborn disrespect for one's own security. And for what? To have "virtual friends"? To "keep in touch"? Both friends, conversing and socializing are more fulfilling when done in some of the more traditional ways.

Re:FB has been quite liberal with users' privacy (2, Insightful)

davepermen (998198) | more than 4 years ago | (#31975824)

what do you care about your security if all you do is post crap? i care about my security for personal things. but those don't happen on facebook, where community things happen. and i don't care about privacy, there, at all. why should i?

Re:FB has been quite liberal with users' privacy (4, Insightful)

Anonymous Coward | more than 4 years ago | (#31975838)

You know, I really despise these "High and mighty" posts about how all FB users are irresponsible idiots. There are a number of great uses for Facebook, and many of us actually PREFER to be contacted via facebook by our friends, rather than the endless deluge of phone calls and text messages. If you're having a get-together, I'd much rather you invite me on FB than tell me in person, because chances are, I'm going to forget. And I don't really see the point of the privacy crap either. I only put information on a social site that I'm comfortable sharing socially. I don't get it.

Re:FB has been quite liberal with users' privacy (0)

Anonymous Coward | more than 3 years ago | (#31975938)

believe it or not, you can use facebook in an effective and secure way without replacing real life social interaction

i swear, it can be done.

Re:FB has been quite liberal with users' privacy (1)

lennier1 (264730) | more than 3 years ago | (#31976234)

Post all information as RSA encoded strings?

Re:FB has been quite liberal with users' privacy (0)

Anonymous Coward | more than 3 years ago | (#31975922)

That's the problem... Facebook is *really* good for setting up real-world interaction. If I want to set up a small gathering at my house tomorrow, I could spend 2 minutes to get it done on fb or an hour calling around, making sure I'd gone thru and not forgotten anyone, had people suggest others I could call and call them, etc. I could email, but I'd have to go thru and hand check any people who I'm friends with *and* work with to make sure I was sending to their home email and not their work, and so on. So yeah, it's not "virtual friends" I lose, but a significantly more efficient tool for communicating with my real friends to get to see them in reality.

that said, fb is about to get one more "John Doe" in their database...

Don't hate the players... (3, Insightful)

msimm (580077) | more than 3 years ago | (#31976044)

...Don't hate the players hate the game dawg!

Facebook users aren't security experts, they're family members, friends and loved ones. You remember those, right?

Living in my IT bubble in San Diego it was easier for me to bag on Facebook and 'look down' on it's users but now that I'm unemployed and living temporarily with family I seen how useful it is for them to keep in touch with friends and relatives in a way that letters or email simply can't emulate.

Besides, if we really thought Facebook was that bad instead of bitching about it we'd be the talent pool responsible for creating a better alternative (unless you believe that only venture-funded MBAs can take on such a technological challenge). For instance, I've never liked any of the popular/available dating sites, so what do you think I'm doing while I learn Mongodb in my free time?

Re:FB has been quite liberal with users' privacy (3, Insightful)

Haeleth (414428) | more than 3 years ago | (#31976254)

Both friends, conversing and socializing are more fulfilling when done in some of the more traditional ways.

Like what? Email, so my messages can get lost in the sea of spam? Phoning, during the roughly 1 hour each day when both I and my overseas friends are awake and at home, and they're exhausted after a long day and I'm rushing to get off to work? Maybe I should just hop on a plane every weekend to meet people face to face -- I'm sure that would be a fulfilling use of my time and money!

Sorry, but services like Facebook fill an important gap that nothing else really caters for. If you don't like it, think of something better, but don't go round bashing it just because you personally have never moved out of your home town or made any friends who lived more than a street away.

Re:FB has been quite liberal with users' privacy (-1, Flamebait)

Dyne09 (1305257) | more than 3 years ago | (#31977064)

"Sorry, but services like Facebook fill an important gap that nothing else really caters for. If you don't like it, think of something better, but don't go round bashing it just because you personally have never moved out of your home town or made any friends who lived more than a street away." If you're this much of a douche in person, it's no wonder your friends chose to interact with you remotely.

Re:FB has been quite liberal with users' privacy (-1, Flamebait)

blind biker (1066130) | more than 3 years ago | (#31977092)

If you don't like it, think of something better, but don't go round bashing it just because you personally have never moved out of your home town or made any friends who lived more than a street away.

Actually, I've traveled far and wide, visited the USA a couple of times, traveled around Asia a bit, even dipped my toes in Oceania (New Zealand), finally met my wife somewhere in the middle (Thailand) and am living in Northern Europe, even though I was born and raised in Southern Europe. I have, therefore, left my hometown. Judging by your myopic comment, I guess I travel more on my bike every day, than you do in a week using any means of transportation.

And I'll continue bashing FB as much as I please. Unless that hurts your sensitivities very, very much. I guess the average Facebook user is an emo type, in addition to be devoid of a clue, so I should be mindful of that.

Re:FB has been quite liberal with users' privacy (0)

Anonymous Coward | more than 3 years ago | (#31976262)

Intelligent Facebook users will set up multiple friends lists and grant appropriate access as needed. Additionally, I have "Hacked" friends list which allows me to move any of my friends who have had their fb account compromised into.

Basically, if you pay attention to the privacy and security options that fb provides, you can maintain a secure and private fb account.

Re:FB has been quite liberal with users' privacy (3, Insightful)

rliden (1473185) | more than 3 years ago | (#31976394)

I have a FB account. I have reestablished contact with old friends and very distant family members I didn't otherwise have contact with. The alternative to finding someone you have lost contact with (if your other close family and friends don't know where someone is or how to contact them) is by searching Google and hoping you find a reasonable match. Even then most sites that find a person for you want an idiotic amount of money and a buy in to their scam service to get the contact info. Then there isn't a guarantee that it is the right person or the contact info is still relevant.

People do use FB for more than asking someone to fertilize their crops or signing some mob-mentality world solving petition. It's possible to use social networking in a responsible manner. Facebook does seem to have a blatant disregard for their users and it's possible that a better service will come along and people will move to it. Another point condescending pedants might be missing is the exposure of security and privacy risks can help to educate people who might not otherwise even know about them. That is, just because people aren't using social networking doesn't make them any more safe on the internet. There were plenty of online scams and security risks before social networking; at least now people can communicate the nature of them and educate users how to safeguard themselves. One of the first things I did after seeing that CBS news story is post it on FB so that people could change their FB and email password info.

Re:FB has been quite liberal with users' privacy (1)

Frosty Piss (770223) | more than 3 years ago | (#31976604)

People do use FB for more than asking someone to fertilize their crops...

Disgusting.

Re:FB has been quite liberal with users' privacy (2, Insightful)

Ritchie70 (860516) | more than 3 years ago | (#31976842)

Agreed. I've had a lot of fun catching up with high school friends I haven't seen or heard from in almost 25 years.

Would I have ever gone and found these people via a more traditional mechanism? Of course not.

Is it fun to chat with them, hear about who died, who had kids, and argue about politics? Yes.

Could I live without it? Yes.

Re:FB has been quite liberal with users' privacy (0)

Anonymous Coward | more than 3 years ago | (#31976776)

Facebook does serve one purpose, because of its user base: getting in touch with long lost friends. It's the only reason I keep an account there, with the bare minimum info that would allow someone to identify me (not my real birtdate or year for instance, but close enough that someone might recognise me). I also use a disposable e-mail address with it. Something that I can safely discard if it becomes compromised. No photos of my son or anything where location might be identified, etc. photo, and all settings set to myself only. Where information is required I typically put false information. Someone who knew me might recognise me, but nobody could use it to impersonate me.

But it IS good to have an account there to get back in touch with people. I left high school long before e-mail became common. Once going to university, it becomes so easy to lose track of old friends, life gets in the way, people move, phone numbers are no longer used, and without any kind of e-mail address, well it can be hard to track them down. That is where Facebook does come handy. People just have to learn to share responsibly. It's not because they have a field to fill that you HAVE to fill it, and even if it's required to fill, you don't HAVE to fill it with real information.

Re:FB has been quite liberal with users' privacy (1)

at_slashdot (674436) | more than 3 years ago | (#31976810)

You are on Slasdot on Sunday, it's not like you have friends or social life, so stop pretending and get down from the high horse...

Re:FB has been quite liberal with users' privacy (1)

blind biker (1066130) | more than 3 years ago | (#31976924)

When you have a newborn at home, you don't have time to go out much. Especially when the baby has colics.

But you're right: I don't have much of a social life at the moment. I definitely don't feel lonely, though!

Can someone please tell me... (1)

Yvanhoe (564877) | more than 4 years ago | (#31975784)

...the use of owning 1000 Facebook IDs ? What is the idea ? Who would want it ? I may be dense but appart from spam senders I don't see the use of this.

Re:Can someone please tell me... (5, Funny)

larry bagina (561269) | more than 4 years ago | (#31975876)

1. collect facebook ids
2. ???
3. profit!

Re:Can someone please tell me... (1)

Becausegodhasmademe (861067) | more than 3 years ago | (#31976040)

This was covered less concisely further up by BountyX, here are a few uses:

1. Using the personal data of the compromised accounts to make a person-specific dictionary to guess passwords and/or secret questions of other websites, including internet backing, eBay, Amazon etc.
2. Using the personal data of friends of compromised accounts to accomplish much the same thing as 1.
3. Sending spam to the email address associated with the account that are crafted to look like they're from friends.
4. Social Engineering 'hacks' such as IMing someone pretending to be their friend on a different IM account.
5. Grabbing pictures of beautiful girls from the photo album of the compromised account and friends. Think teenage girls. 4Chan will love this.

Which means, even if your account hasn't been owned and you change your password, you're still not safe from the wider ranging implications of this hack/security leak.

Re:Can someone please tell me... (1)

ArundelCastle (1581543) | more than 3 years ago | (#31976128)

It's much bigger than spam. Thousands upon thousands of other websites will let you log in by using only your facebook credentials. It takes two clicks (easily automated). If you don't already have an account, it typically just creates one for you.

Now think about what those other websites might be.
Now think about what those websites do with information in order to sell you things.
Now think about what kind of information people would put on those other websites, knowing that "only facebook" has weird privacy policies.

Thousands of computers testing thousands of permutations with facebook accounts and other websites.
Every nightmare scenario you can imagine about identity theft and fraud is at work here.

Re:Can someone please tell me... (2, Insightful)

drinkypoo (153816) | more than 3 years ago | (#31976162)

...the use of owning 1000 Facebook IDs ? What is the idea ? Who would want it ? I may be dense but appart from spam senders I don't see the use of this.

You can make them all your friend to give you more power in Mafia Wars...

Does it matter? (1)

DarkOx (621550) | more than 4 years ago | (#31975792)

I am pretty sure Facebook was going to enable "post-on-behalf-of" for everyone on their next privacy settings revision anyway for extra fun.

What about FB? (1)

cdgeorge (775179) | more than 3 years ago | (#31975960)

It's pretty clear to me that the hacker actually broke Facebook security and stole bulk data. Question is, what is Facebook doing about it? Shouldn't they be chasing after this in some way? After all, it's their service I'm using ...

Re:What about FB? (1)

Ron Bennett (14590) | more than 3 years ago | (#31976248)

No. Presumably, the user id / password pairs were acquired via security exploits in web browsers, plug-ins, etc. Not from Facebook itself.

While 1.5 million is a lot, it's still only a small fraction, as in less than 1/2 of 1 percent, of Facebook's user base.

Ron

YeS! lfp (-1, Troll)

Anonymous Coward | more than 3 years ago | (#31975990)

"Hacker"? (1)

Hurricane78 (562437) | more than 3 years ago | (#31976082)

Pff, I bet I can get those accounts for a couple of bucks, by just asking Zuckerberg.
After all, according to him, there is no privacy. Just make an app or something, and there you have the data.

Man am I happy that I deleted my Facebook account. (Which was, other than the friends list, completely empty anyway. But you know. Friends, photos, messages... that’s already too much.)

Use good unique passwords (1)

1s44c (552956) | more than 3 years ago | (#31976216)

To anyone who didn't get the message yet, there are three rules you should follow:

1) Never use the same password in more than one place.

2) Store the passwords somewhere safe.

3) Use good quality passwords.

Unix fans can generate good quality passwords with:
od -N4 -tx4 /dev/random | cut -b9-
or slightly better ones with:
dd if=/dev/random count=6 bs=1 | uuencode -m - | tail -2 | head -1

Re:Use good unique passwords (1, Informative)

Anonymous Coward | more than 3 years ago | (#31977162)

To anyone who didn't get the message yet, there are three rules you should follow:

1) Never use the same password in more than one place.

Ridiculous. People have lives. They don't want to spend it keeping track of passwords.

Fake accounts (1)

Culture20 (968837) | more than 3 years ago | (#31976222)

They're probably just the type of fake accounts I've seen before attempting to friend random people. Most of them probably are female, with pretty photos lifted from the internet. The tipping point for price belies their nature: under or over ten? Real accounts usually have at least over fifty, if not hundreds of friends. That said, this still is a big security issue given the amount of data people's friends can get on their profile, and the proclivity for the younger kids to add anyone who friends them. Of course, a lot of these fake accounts are probably only friends with other fake accounts, and will probably be sold in batches that prevent this fact from being apparent for the first few weeks after a sale.

i think he got me (2, Interesting)

perryizgr8 (1370173) | more than 3 years ago | (#31976324)

facebook today told me: "your account was accessed from an unusual place and has been blocked." then i had to do all sorts of things to prove i'm human and it told me to create a new password. i created such a strong password that i have forgotten it. now will have to change it again.

No friend (0)

Anonymous Coward | more than 3 years ago | (#31976536)

What about accounts with no friends?

Why does Facebook know your Facebook password? (2, Informative)

Animats (122034) | more than 3 years ago | (#31977050)

Facebook shouldn't be storing your Facebook passsword, just an hash of it. That's how login systems have worked for thirty years. Doesn't anybody there have a clue about security?

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?