Facebook hit by another hacking assault

Social networking giant Facebook has suffered another wave of hacking attacks, with the private details and passwords of some of its 200 million users stolen.

The attack comes just a few weeks after the site suffered a similar attack designed to obtain users’ login details, possibly from the same group of hackers.

The attack, which began late last week, was a type “phishing” assault that sends emails to a user’s friends urging them to click on links included in the messages.

The link then sends the user to a page that looks identical to the real Facebook page, but is a fake that collects the user’s password when they enter the site they believe to be real.

The hackers then use these details to gain access to those users’ real accounts.

Users are often willing to open emails sent within the Facebook system, due to settings that dictate who a user can receive messages from.

Facebook spokesman Barry Schnitt said that the site is clearing any damage caused by the attack, and is in the process of securing the accounts affected and changing passwords. But he will not reveal how many accounts had their details stolen.

The domains of the fake sites include www.151.im, www.121.im and www.123.im, with all references to them having been deleted by Facebook’s security team.

The intent of the attack was to not infect computers with “spyware” or viruses, but to gain access to private information that could have resulted in identity theft.

“Once the phisher had control of some accounts, they tried to monetise by sending out run-of-the-mill spam,” Schnitt told FastCompany.

In a blog post, the Facebook security team warned users to avoid phishing scams by always keeping an up-to-date version of the user’s primary browser, setting unique passwords, and always checking whether the “facebook.com” domain appears in the browser URL bar.

Related stories:

• Could this be history’s biggest ever computer virus?
• Businesses prefer Facebook