David Cohen | Allfacebook
Facebook repaired a misconfiguration last week that briefly allowed spammers to obtain data on users’ friends and use those friends’ names on emails, but it’s now in the hands of email providers to locate and shut down the sources of the spam.
CNET reported that while the spammers no longer have access to any new data from the social network, they are continuing to use the information they were able to obtain last week.
Facebook said in a statement to CNET:
Recently, we discovered a single isolated campaign that was using compromised email accounts to gain information scraped from friend lists due to a temporary misconfiguration on our site. We have since enhanced our scraping protections to protect against this and other similar attacks, and we will continue to investigate this case further. To be clear, there was neither a mass compromise of Facebook accounts nor any leak of private information.
To help protect our users, we’ve built enforcement mechanisms to quickly shut down malicious pages, accounts, and applications that attempt to spread spam by deceiving users or by exploiting several well-known browser vulnerabilities. We have also enrolled those impacted by spam through checkpoints so they can remediate their accounts and learn how to better protect themselves while on Facebook.
Beyond these protections, we’ve put in place back-end measures to reduce the rate of these attacks, and we will continue to iterate on our defenses to find new ways to protect people. In addition to the engineering teams that build tools to block spam, we also have a dedicated enforcement team that seeks to identify those responsible for spam and works with our legal team to ensure that appropriate consequences follow.