With more than 800 million active users, there’s no shortage of people looking for loopholes in the social network. The latest vulnerability has been discovered by Nathan Powers, who works for technology consultancy CDW. Powers has discovered a way for a user to send an executable file to another user who is not their friend. The risk, as Computerworld points out, is that “a hacker [could] send, for instance, a keylogging program to another user in a kind of spear-phishing attack.”
Facebook’s Security Manager Ryan McGeehan is downplaying the flaw, noting that “an additional layer of social engineering” would be required for the scam to work.
Security issues are nothing new for Facebook. In fact, as msnbc.com reports, buried deep in a recent security announcement, Facebook revealed that 600,000 accounts are compromised every day. Of course, Facebook put a different spin on it, saying “only 0.06 percent of 1 billion logins per day are compromised.” Still, 600,000 a day is nothing to scoff at as hijacked Facebook accounts lay the foundation for a number of misbehaviors, including cyberbullying and scams designed to trick unsuspecting users into coughing up money.
Editor’s Note: Facebook has clarified what they mean by “compromised.” According to TechCrunch:
Facebook wants it known that these accounts weren’t hacked or compromised on Facebook itself, they are compromised off site, such as through phishing scams, for example.
Facebook blocks access to accounts when they have reason to believe someone other than the true owner is trying to access it. Here is Facebook’s original infographic (PDF), which includes the numbers cited (.06% of 1 billion logins per day).