Facebook announced several new features this week at its F8 conference showing grand ambitions to become the authoritative source for people’s identities online. However, a recent report from research security experts at VeriSign iDefense, found some 1.5 million Facebook accounts hacked and for sale online. Which raises the obvious question: Do we really want to give Facebook this much power and authority?
According to eWeek, the VeriSign report states that a hacker, known as “kirllos” and somewhere out of Eastern Europe, had posted the sale of 1.5 million Facebook accounts to an electronic fraud forum. The going price? 25$ for 1,000 accounts. For those that had more than 10 friends, $45 per 1,000.
Facebook did recently update its security center to make it more user-friendly and provide active tips to keeping user account’s safe. But with the new plans that let web pages connect and share users’ information, the company may have to revisit its security and privacy policies all together.
Concerns are already rising among users around overly sharing of personal information. ComputerWorld’s IT Blogwatch bloggers spotlight several, including the automatic opt-in to share your information when visiting websites through Facebooks new open graph feature. Fred Wilson, VC and principal of Union Square Ventures, discusses his preferences:
I want to share some things with the widest group of people that is possible. Those things end up on this blog and/or Twitter. I want to share some things with the smallest group possible (like checkins on Foursquare and financial transactions on Blippy). That behavior requires a very tight, very private social graph.
Asked about Facebook’s new policies and the related privacy concerns, a company spokesperson responded:
We invest heavily in helping people keep their accounts secure and have a team of security professionals who investigate specific attacks on our users and work with law enforcement to pursue those responsible.
We’ve also built, and are continually improving, complex technical systems that look for strange login behavior and other types of anomalous activity to flag accounts that may be compromised by phishing or malicious software. When we detect such an account, we block access before the bad guys can get very far and put the account in a remediation state where the true owner is asked to verify his or her identity and take steps re-secure the account. You can read more about this process here: http://blog.facebook.com/blog.php?post=107720572130.
We educate people on how to keep their online accounts secure through our blog (http://blog.facebook.com), as well as through the Facebook (http://www.facebook.com/facebook) and Facebook Security (http://www.facebook.com/security) Pages. The Facebook Security Page has over 1.7 million fans and is updated on a regular basis with tips and other helpful information.