Top 10 Data Breaches from 2011: #7

#7:  Facebook Pwn
SE1

Summary:  Social engineering may now be entering the next phase:  automation.  Recently, a new tool emerged which automates social engineering on Facebook.  Unlike hacking software, this tool doesn’t demonstrate any new theoretical security vulnerability.  However, the automation of the social engineering process may have significant practical security implications as it can be launched by every script kiddie.  The attack package is hosted on code.google.com: http://code.google.com/p/fbpwn/
Details:  It sends friend requests to a list of Facebook profiles, and polls for the acceptance notification. Once the victim accepts the invitation, it dumps all their information, photos and friend list to a local folder.  In other words, it automates the process of friending, sees who accepted and then collects all personal information in your profile as well as photos.  The software has seen thousands of downloads.
Why Significant:  This automated software package highlights how social networking is becoming the next big target for hacking.

Leave a Reply

You must be logged in to post a comment.