Regular Anthill contributor Mark Neely has had an interesting couple of weeks.
It began with a phone call, around 7.30pm on January 14th. A concerned friend was calling from interstate.
Here’s how Neely describes the correspondence.
“Mark, where are you?,” he asked.
“I’m at home. Why?” I replied.
“So you’re not in London?”
“No.”
“And you haven’t been robbed at gunpoint and had your wallet stolen?”
“No! What on Earth are you talking about?”.
“Mark, I am on Facebook right now, talking to you, and you’ve just told me that you’re in London, that you have been robbed, and that you need urgent financial assistance so you can get back to Sydney”.
“Oh crap!”
He hadn’t been mugged at gunpoint in London as they feared, but that didn’t stop the criminals who had hacked into his Facebook profile from impersonating him and posting messages to his friends requesting money to rescue him from ongoing danger.
As you can imagine, Neely was concerned, yet it took him quite some time to track down contact details for Facebook’s security division and over a week to get any response from them. Even after his Facebook account was frozen and before he had even followed the steps to re-activate it, the hackers managed to muscle in again and resume their cyber grafting.
Neely’s account is a jaw-dropping read. It is compelling in an ‘Oh my gawd, could that happen to me? How would I react?‘ sense. But, as Neely points out, it raises broader issues about Facebook’s responsibility to secure user data and address such breaches in a prompt and efficient manner.
When an emailer suggested that we shouldn’t expect much from Facebook because it was a free services, Neely responded thus:
Complete claptrap.
Facebook’s service isn’t “free”. Users pay for it by giving Facebook access to their personal data (which they data mine for commercial purposes), and by giving attention to the (targeted) advertisements that Facebook generates as a result. We “pay” by paying attention.
In this day and age it is simply unacceptable for Facebook to have such a pitiful incident response infrastructure. If it’s “virtual” members were citizens, Facebook would be a sizeable country. It is the custodian of private data for tens of millions of people, and that data is all too frequently being misused by criminals.
Indeed.
