Hackers launch Facebook phishing attack

Perpetrators broke into some member accounts and sent messages to friends urging them to click on fake Web sites.

EMAIL  |   PRINT  |   SHARE  |   RSS
 
google my aol my msn my yahoo! netvibes
Paste this link into your favorite RSS desktop reader
See all CNNMoney.com RSS FEEDS (close)

Do you think the changes being made at Chrysler and General Motors will save the companies?
  • Yes, both of them
  • Only GM
  • Only Chrysler
  • Neither

BOSTON (Reuters) -- Hackers launched an attack on Facebook's 200 million users Thursday, successfully gathering passwords from some of them in the latest campaign to prey on members of the popular social networking site.

Facebook spokesman Barry Schnitt said Thursday that the site was in the process of cleaning up damage from the attack.

He said that Facebook was blocking compromised accounts.

Schnitt declined to say how many accounts had been compromised.

The hackers got passwords through what is known as a phishing attack, breaking into accounts of some Facebook members, then sending e-mails to friends and urging them to click on links to fake Web sites.

Those sites were designed to look like the Facebook home page. The victims were directed to log back in to the site, but actually logged into the one controlled by the hackers, unwittingly giving away their passwords.

The purpose of such attacks is generally identify theft and to spread spam.

The fake domains include www.151.im, www.121.im and www.123.im. Facebook has deleted all references to those domains.

Schnitt said that Facebook's security team believes the hackers intended to collect a large number of credentials, then use those accounts at a later time to send spam hawking fake pharmaceuticals and other goods to Facebook members.

The site fought off a similar attack two weeks ago, he said.

Privately held Facebook and rival social network MySpace, which is owned by News Corp. (NWS, Fortune 500) , require senders of messages within the network to be members and hide user data from people who do not have accounts. Because of that, users tend to be far less suspicious of messages they receive.

Hackers used a phishing attack last year to spread a malicious virus known as Koobface (a reference to Facebook). It was downloaded onto Facebook members' PCs when they clicked on a link sent to them in an email that looked like it had been sent by a friend on Facebook. To top of page

Features
They're hiring!These Fortune 100 employers have at least 350 openings each. What are they looking for in a new hire? More
If the Fortune 500 were a country...It would be the world's second-biggest economy. See how big companies' sales stack up against GDP over the past decade. More
Sponsored By:
More Galleries
5 ways retailers are tracking you If you think pesky salespeople are invading your personal space, check out these 5 technologies that are tracking your movements throughout a store. More
Moto X vs. Droid Turbo: Which Droid should you buy? Motorola has made the two best Android smartphones this year. Here's how they stack up. More
My part-time job is a dead end, but it's all I can find CNNMoney profiles 4 of America's 7 million part-time workers unable to find full-time jobs. More
Worry about the hackers you don't know 
Crime syndicates and government organizations pose a much greater cyber threat than renegade hacker groups like Anonymous. Play
GE CEO: Bringing jobs back to the U.S. 
Jeff Immelt says the U.S. is a cost competitive market for advanced manufacturing and that GE is bringing jobs back from Mexico. Play
Hamster wheel and wedgie-powered transit 
Red Bull Creation challenges hackers and engineers to invent new modes of transportation. Play

Copyright 2009 Reuters All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

Most stock quote data provided by BATS. Market indices are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer.

Morningstar: © 2014 Morningstar, Inc. All Rights Reserved.

Factset: FactSet Research Systems Inc. 2014. All rights reserved.

Chicago Mercantile Association: Certain market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved.

Dow Jones: The Dow Jones branded indices are proprietary to and are calculated, distributed and marketed by DJI Opco, a subsidiary of S&P Dow Jones Indices LLC and have been licensed for use to S&P Opco, LLC and CNN. Standard & Poor's and S&P are registered trademarks of Standard & Poor’s Financial Services LLC and Dow Jones is a registered trademark of Dow Jones Trademark Holdings LLC. All content of the Dow Jones branded indices © S&P Dow Jones Indices LLC 2014 and/or its affiliates.