NEW YORK – Raise your hand if you’ve had your identity stolen on Facebook.
Wow, that’s a lot of hands!
Now, let’s thin the mob. Raise your hand only if someone lifted private information on your own Facebook page, pretended to be you, befriended your friends, family members and business contacts and pried information out of them as if the “real” you were asking the questions.
Well, still quite a crowd!
Identity theft is a painful experience. Regardless of the extent of the damage, most victims feel totally violated.
Worse, we found, it appears Facebook doesn’t even have the courtesy to respond to subscribers’ complaints when their Facebook account is hacked.
After following all the necessary steps described on a Facebook page to report a fake account, you’ll find that Facebook doesn’t even send an automated e-mail saying, “We are sorry that this has happened to you,” or “Your fake account will be taken down immediately.”
Almost five hours later, the fake account will still be lurking out there, impersonating you and duping your friends.
Facebook’s offenses don’t end there, however.
The social media giant, having neglected to acknowledge your fake account report in the first place, goes into your actual Facebook page -- without your permission – and deletes the warning message that you posted to alert your friends that you’ve been hacked.
Facebook then goes a step further: Anyone who has responded by posting a consoling comment also gets deleted. Facebook – without permission or warning -- erases only comments specific to the latest identity theft on your wall.
Poof! Gone, forever.
Could it be that Facebook doesn’t want anyone to know how easy it is to use its platform to disrupt people’s personal lives?
This isn’t a hypothetical scenario. It happened recently to George Haber, a serial entrepreneur in Silicon Valley who is currently CEO at Cresta Technology Corp. (Santa Clara, Calif.)
On the morning of Feb. 7, a week after Facebook filed an IPO seeking to raise $5 billion, Haber’s wife, who was checking her e-mails in bed -- asked him: “Why did you invite me again on Facebook?”
Haber at first wasn’t alarmed. But he quickly found out that his younger son had already accepted a “friend” he thought was his father. Haber discovered that the impersonator had his picture – the same one on Haber’s real Facebook page. The pseudo-Haber also copied his entire “profile,” from schools to jobs.
Hardly a technology or social networking novice, Haber first sent a message to his doppelganger, asking: “Who are you? Why are you impersonating me?”
Haber reported the fake account to Facebook and asked them to block it – essentially following the procedure described on the Facebook website. Still no response from Facebook. Five hours later, the phony Haber was still out there. From Facebook? Zilch.
Haber says he immediately started sending alerts to his friends; posting a message on his real account, informing his hundreds of friends of the Haber impersonator. Be careful. Messages from “real” friends began pouring in to his page.
Haber kept waiting for the shadow Haber’s page to go down. Nothing happened. “I didn’t even get a ‘ticket item’ from Facebook,” he recalls. “It’s as though my request to Facebook — asking them to block this person — [had] gone into a black hole.”
Six hours later, Fake George finally disappeared from Facebook. Then, the strangest thing of all happened.
“My own message about this identity theft disappeared. Hundreds of my friends’ comments on the same topic disappeared at the same time,” says Haber. “And, of course, I get no message from Facebook telling me something like, ‘Hey, George, we took care of it.’”
Haber is from Romania. He grew up in a Communist state. “I lived through the time when someone tells the government on something or someone. I accepted that then.” He adds, “When this happened to me here in the United States, it really, quite shocked me.”
Most puzzling to Haber, and to me, is why his warning message and his friends’ sympathetic responses about the identity theft disappeared from his Facebook page. This couldn’t have happened unless someone with a clear intent went into Haber’s page to wipe out all mentions of identity theft, presumably to save face at Facebook.
Facebook has not returned our calls or repeated e-mails for comment.
Haber wonders why Facebook seems to be indifferent to preventing fake accounts on its site. “It’s not like they don’t have a technology to stop it in advance,” he notes.
While online impersonation is illegal in California, Facebook doesn’t seem to be interested in tracking down impersonators. Haber says, “It’s not like they can’t track him down. They have their e-mail address; they can trace the IP address. We’d have to assume that it’s just not in their best interest to do so.”
In fact, detecting fraud is against Facebook’s interest. One of the secrets of Facebook’s success is the vast number of members, estimated at more than 845 million worldwide. Facebook’s marketing dollars depend on that number being as big as possible. Facebook would be crazy to go cull the duplications from that whopping stat?
Creative hooliganism. A vending machine in the
Facebook HQ corridor.
An unknown user hacked my facebook account and was talking to my friends asking for ransom money. I was able to post on my wall that my account was hacked, and not to respond. I was also able to go into the account settings and change my password. It was surreal watching someone chatting as if they were me, and there was nothing I could do, until they logged out and the account settings were updated. I also had to refriend several folks that my hacker had unfriended, since they called him/her on the fact that it clearly wasn't me. My advice is to make your password very secure, and change it often.
If I may ask, do you have any idea how long did this fake person existed on Facebook pretending like you?
And since you had noticed it and notified that to Facebook, how long did it take for Facebook to take down the fake account?
The only way you can expect to protect your online data is to either run your own social network site out of your house on your own hardware with uber-secure passwords, or don't use social networks. I choose the latter. My personal information is far too valuable to me to simply give away for free to some faceless corporation to exploit with only it's own interests in mind. What people forget, is that the operator of these social network servers have complete admin access to all user account information public and "private". No thanks. I never jumped on that bandwagon. This is one of those cases where people get what they pay for.
This comment is potentially troublesome, but the larger community should be aware of how vulnerable we are around open WiFi hot spots. EETimes, delete this if you think it is harmful.
A programmer has posted "free-ware" that allows anyone to instantly scan surrounding computers in an open WiFi environment and take over another user's Facebook, Twitter etc sessions with just a single click. The link below explains just how easy this is. Software install is easy too. He did it to protest websites that do not provide end-to-end session encryption (HTPPS or SSL) leaving users vulnerable. It is eye-popping. This is not a function of the browser, rather the website.
Home wireless routers with encryption enabled will be safe from this attack. I understand banks are using end-to-end encrypt.
E-t-E encryption puts higher processing loads on site servers, hence their reluctance to add the additional cost for consumer protection.
Your last paragraph says it all.
The guys who are developing social networks are operating under the assumption that "the user should have no reason to expect any privacy at all."
We should be all reminded of it; and I wish the social network companies would say it outright. Just like surgeon general's warning on smoking.
That had happened to me too three or four years ago.
No, you can't undo it.
I remember that I received a ton of e-mails from my friends that my facebook page got hacked -- at 9:30p.m. That's when it hit me that my friends are NOT watching TV but they are reading FB pages!
Join our online Radio Show on Friday 11th July starting at 2:00pm Eastern, when EETimes editor of all things fun and interesting, Max Maxfield, and embedded systems expert, Jack Ganssle, will debate as to just what is, and is not, and embedded system.