A hacker may have done the Facebook world a favour by cracking the social network’s CEO and founder Mark Zuckerberg’s fan page. The posting of an unofficial status comment to the page shows the vulnerability of the simple plain text password system and such a high profile exploit may spur some action.

It is not known whether the hacker merely guessed the user name and password, brute forced the access using a dictionary attack or actually found a vulnerability to bypass the security system.

No Comment From The Z-man

Facebook has yet to comment on the circumstances of this attack, and of the recent similar attack on the page of Nicolas Sarkozy, the French president. But the Zuckerberg page has now been withdrawn.

The hacker posted the following message:

“Let the hacking begin: If Facebook needs money, instead of going to the banks, why doesn’t Facebook let its users invest in Facebook in a social way? Why not transform Facebook into a ‘social business’ the way Nobel Prize winner Muhammad Yunus described it? What do you think? #hackercup2011”.

The #hackercup2011 tag could indicate that it was the work of a would-be prize-winner in a current Facebook hacking competition.

As with a January 8 spoof news story about Facebook closing down in March, many people were taken in by the posting, despite the hacker effectively signing his or her work. Before the page was taken down by company officials, over 1,800 Facebookers had hit the “Like” button and more than 500 people had added Comments.

Graham Cluley, senior technology consultant at Sophos, has said that 2011 will be the year when social network security, or lack of it, comes to the fore as an issue. He told eWEEK Europe, that it may not be entirely Zuckerberg’s fault. “It’s possible that his fan page is administered by a cohort of minions, rather than just the Z-man himself,” he said.

He moved on to say that, despite details of the hack not being available, it underlines some basic principles. Passwords should be devised that are difficult to guess and not shared with others, and free Wi-Fi services – which are more widely available in the US, but available here at hotels and outlets like Starbucks – should be treated with caution.

“If you’re accessing the Internet via free Wi-Fi (think Starbucks) then either ensure it is encrypted or set up an https connection to avoid the threat of sidejacking by the likes of Firesheep. If [a hack attack] can happen to a high profile page like Zuckerberg’s – none of us are immune,” Cluley said.

Eric Doyle, ChannelBiz

Eric is a veteran British tech journalist, currently editing ChannelBiz for NetMediaEurope. With expertise in security, the channel, and Britain's startup culture, through his TechBritannia initiative

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

4 hours ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

7 hours ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

9 hours ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

1 day ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

1 day ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

1 day ago