Mark Zuckerberg’s Facebook page was hacked last night, bringing a smile to the face of anyone that feels the company isn’t doing enough to protect users’ privacy.
A message was posted under his name, reading: “Let the hacking begin: If facebook needs money, instead of going to the banks, why doesn’t Facebook let its users invest in Facebook in a social way? Why not transform Facebook into a ‘social business’ the way Nobel Price [sic] winner Muhammad Yunus described it? http://bit.ly/fs6rT3 What do you think? #hackercup2011.”
The message refers to the ‘microcredit’ concept designed to help people in the developing world start businesses with the aid of small loans.
Zuckerberg’s page has over 2.8 million fans, and more than 1,800 people ‘liked’ the post before it was pulled.
It’s not clear how the stunt was pulled off, although it’s likely that – as with most such ‘celebrity’ fan pages – quite a number of people had access rights to the account.
“In the absence of any sort of two-factor authentication, an account which can be accessed by many different users with many different passwords is at greater risk than an account used by just one person,” says Paul Ducklin of security firm Sophos.
“Given lots of passwords with sufficient power to deface a page or to steal personally identifiable information (PII), a hacker has many more opportunities to beg, steal, bribe or borrow a password to the crown jewels.”
The Facebook Hacker Cup is a programming competition announced by the company itself in December. We’re not sure this was quite the intention.