Yesterday we posted about the attack on Facebook and the subsequent pornographic images appearing on user pages.

Today Facebook said they have eradicated the problem and blame it on a browser vulnerability -- they will of course be working to ensure this can not happen again.

Facebook say they know exactly who started the attack and are taking legal advice.  They were quick to point out that is it not related to the recent threat by the "Anonymous" hacker group.

Facebook said the attack worked via a "self-XSS vulnerability in the browser".  They also said "During this attack, users were tricked into pasting and executing malicious JavaScript in their browser URL bar causing them to unknowingly share this offensive content. No user data or accounts were compromised during this attack."

They offer some advice:

  • Never copy and paste unknown code into the address bar
  • Always use an up-to-date browser
  • Use the report links on Facebook to flag suspicious behaviour or content on friends' accounts

I have to say I am slightly skeptical about the copy & paste issue.  I seriously doubt many people did this but millions of people seemed to be affected none the less. Could that the results of one or two people spawn a tidal wave of posts? This opens up more questions about Facebook Wall security if that is the case.

site by DAJ