Printable Version - Spam from Friends?

September 11, 2012


We’ve all been there.  There is an e-mail in our inbox from a Facebook friend, yet it is full of weird links and strange comments.  We look at it and think…did my friend send me spam?  Well, not exactly.


Facebook recently experienced a misconfiguration and even though it is now fixed, the spammers can still use data that they previously obtained.  The good news is that Facebook claims there was no leak of private information. 


Here is the statement from Facebook:

Recently, we discovered a single isolated campaign that was using compromised e-mail accounts to gain information scraped from Friend Lists due to a temporary misconfiguration on our site. We have since enhanced our scraping protections to protect against this and other similar attacks and will continue to investigate this case further. To be clear, there was neither a mass compromise of Facebook accounts nor any leak of private information.

 To help protect our users, we've built enforcement mechanisms to quickly shut down malicious Pages, accounts, and applications that attempt to spread spam by deceiving users or by exploiting several well-known browser vulnerabilities. We have also enrolled those impacted by spam through checkpoints so they can remediate their accounts and learn how to better protect themselves while on Facebook.

 Beyond these protections, we've put in place backend measures to reduce the rate of these attacks and will continue to iterate on our defenses to find new ways to protect people. In addition to the engineering teams that build tools to block spam we also have a dedicated enforcement team that seeks to identify those responsible for spam and works with our legal team to ensure appropriate consequences follow.


Bottom line, even if the sender is a friend, always be mindful when opening a link that you do not recognize.  If you accidentally click on the link in a spam message, make sure to let your computer support company know.

Print this Page