Hackers who posted pornography on Facebook may not have had much in mid beyond embarrassing the social network and its users. A spokesman for the site says it’s identified the hackers but isn’t revealing their names. It also hasn’t revealed how the hack was performed. Security blog Naked Security says it was performed through a known vulnerability in a specific browser requiring the user to post a URL in the address bar. A combination of social engineering and click-jacking allows images to post to friends pages without the user’s knowledge.
Says security consultant Graham Cluley:
The content, which includes explicit hardcore porn images, photoshopped photos of celebrities such as Justin Bieber in sexual situations, pictures of extreme violence and even a photograph of an abused dog, have been distributed via the site—seemingly without the knowledge of users.
The hack creates a serious problem for Facebook, which sees this kind of incident as a threat to its family-friendly reputation. It’s already been damaged by revelations that it tracks users after they log out.
The incident also further complicates companies’ decisions about whether to permit access to Facebook while at work. Pornography is usually forbidden on company PCs, and having it there is often grounds for dismissal. Remember, though, all images you view — whether they’re yours or not — are cached locally in temp files, and the source isn’t recorded. So if your company allows access to social media sites without amending its policy to allow for the ambiguity, you’re may be at risk for violations you didn’t intentionally commit. The advice: Stay off Facebook at work.