Mark Zuckerberg's Facebook Page Hacked

dinscott writes "An unknown hacker broke into the 26-year-old internet celebrity's Facebook account and posted a bizarre message calling upon the firm to adopt a social cause. More than 1800 people 'liked' the update before Facebook took down their CEO's page. Facebook has made no public statement about how the hack occurred, possibly to save their CEO from embarrassment."

In other news...

[Magada]

The new /. still sucks. Yeah, mod me offtopic. I'll take the karma hit for a good cause.

Re:In other news...

[Anonymous Coward]

Hey, I got here from Googling my idol and my favorite site, Facebook.

This is sooo great here, ya know! It looks so kewl here! Can I make you my friend? I could use some of these karma hits you talk about myself. My life has been pretty sucky ....

Hey, this Slash Dot site is pretty good? Where's the Sash dot button on Facebook? .... My buddy theodore saw my face on Starbaucks ad! Isn't that kewl! This is rock'in! I think I'll put this page on my wall.

--Biffy

Re:

[derGoldstein]

I'm waiting for the "What do you think of the redesign?" poll. There are multiple scenarios in which /. simply became unusable.
Oh, and by all means mod me down too. If nobody criticizes, nothing will change.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[mehemiah]

you've been forced to preview for a while haven't u?

Re:

[Magada]

Hey... I just checked. The project log for slashcode on sourceforge is empty. The project seems unmaintained.

Re:

[similar_name]

Rather than vague complaints in comments of unrelated articles have you tried providing feedback to Slashdot? I see a lot of people complaining and thinking that because something is broken for them it is broken for everyone. I fail to see how your criticism would lead to change as you sight nothing specific. BTW this isn't just directed at you, but as soon as I saw the redesign my first thought was great, now all of the comments will be complaints about the redesign (before I formed my own opinion I dre

Re:

[Culture20]

(2) This new interface sucks. First my classic, text-only settings have disappeared which slows donw loading a LOT. Second the Menus and "reply" buttons do not appear on Mozilla Seamonkey or Opera. I have to set the "mask as internet explorer" flag to trick slashdot into believing Mozilla/Opera are IE. Bogus.

http://slashdot.org/users.pl?op=editcomm [slashdot.org] should help a little. You only get this link of javascript is turned off (and turning javascript off doesn't seem to help the D2 CPU hogging, BTW).

Re:

[mister_playboy]

(i.e. I'll create a third commodoreXXX account and just post the same message again. I will not be censored by governments nor corporations like slashfrak.)

MichealKristopeitXXX, is that you?

Re:

[JackieBrown]

It is offtopic and should be modded that way.

Here is the actual article discussion if you want to bitch on-topic.

http://meta.slashdot.org/story/11/01/25/163257/Slashdot-Launches-Re-Design [slashdot.org]

Re:In other news...

[Magada]

Think of it as burning karma for great justice. I'm sick of complaint departments that collect complaints and dump them and support e-mail addresses that don't support anything and free speech zones that aren't and generally of all the bullshit of manufacturing consent. I intend to be obnoxious in return.

Re:

[fishexe]

Think of it as burning karma for great justice.

The only things you're allowed to do for great justice are move 'ZIG' and take off every 'ZIG'. Even setting up someone the bomb is done in opposition to great justice, not for it.

Re:

[Magada]

Yes, yes. Think of my karma as "every ZIG". Then it will all make sense.

Re:

[Magada]

Irony and sarcasm really don't translate, do they?

Re:

[morethanapapercert]

I have no mod points today or I'd give them to you. I don't like all the whitespace, slashdot hurts my eyes now. The cool green glow has been replaced with a bright white glare.

Re:

[mehemiah]

its open source, Patches accepted.

Re:

[Magada]

Accepted where? By whom? Should I mail them to support@slashdot.org?

Re:

[Tubal-Cain]

The anouncement [slashdot.org] says you email Garrett Woodworth at feedback@slashdot.org

Re:

[Magada]

With patches? Are you serious?

Re:

[Tubal-Cain]

Well, bug reports. Assuming they do accept patches, that'd be a logical place to send 'em.

Re:

[Magada]

There's no indication that they accept bug reports, even. I sent three reports so far, didn't get as much as an auto-response. Also, you'd kinda expect them to set up a bug tracker if they really cared - given that most of their audience cares and knows enough to actually use it if it's there.

Re:

[Tubal-Cain]

There's no indication that they accept bug reports, even.

The announcement I linked to said "Please direct your bug reports and feedback (good and bad!) to Garrett Woodworth who is currently in charge of such things.". I think it's a pretty good indication, but that's just me.

I haven't received a response, either, although on of the issues I reported has been partially fixed.

Re:

[HarrySquatter]

Or they could just get off their lazy asses and actually fix bugs rather than just throwing more and more Web 2.0 junk on the site. Major, and hugely obvious, bugs like that should have never been pushed into production.

Zuckerberg is human...

[kevinkite]

On topic: He can be phished or bypassed just like 99% of the networked populations... Off topic/with parent: I can't see any stories on the front page. I got here from my igoogle gadget because that's the only place I can read the headlines. IE8 (at the office so no way of changing) if that helps.

Re:

[similar_name]

Not that you should have to, but if you can write anywhere (Documents, Desktop, etc.) you can install FF at least in XP..

Re:

[Culture20]

No patches required. Just revert. All parent posters are correct. This looks worse. This performs worse. This should have been detected in testing.

Re:

[RobertM1968]

Even the threshold slider is broken. The editing AND programming done by this site appears to be done by those with no more than a two-year community college degree. How STUPID can you people be to release something that is broken for most of the users? How is this supposed to be better? Please, enlighten me. Is it better because it looks new? Because you decided to surprise everyone? Come on. Enlighten me. --TSP

That's funny, the slider works fine for me. AND the site is a LOT faster than the previous nightmare (and more streamlined).

Security

[HaZardman27]

Maybe he'll start taking privacy and security seriously now, but probably not.

Re:Security

[mysidia]

Perhaps, but probably only his privacy and security. He can't give up the advertising revenue; it's FB's lifeblood.

Easy for them to adopt a social cause

[h00manist]

All they need to do is create "citizen council groups" organized by zip code or something, put everyone inside one, set some default topics such as health and education or public representative responsiveness, and they're done.

Re:

[BitZtream]

The company I work at offers software as a service, we provide a email marketing add on ... think company wide letterhead for your email messages from individual users in a company to individual users elsewhere, not bulk/spam mail.

Of course we use the service our selves, duh, and as a developer worried about this exact sort of problem I can tell you that ... no one can change high profile users within our organization without direct access to the database server hosts themselves. Their information is more

Re:

[mysidia]

Is it a dirty hack? Yes, but it'll save face in most cases ... not all of course.

If an application server is compromised, or a hole is found in the application, it is possible that the attacker will change the code or produce an SQL injection that will change database server contents, without having direct access to the database server.

If you were really paranoid.... instead of "hard coding"; you would have a special corporate procedure for changing important pages, such as PGP signing of the

Re:Security

[Yvan256]

What do you mean? An African or European slashdot?

Re:

[cayenne8]

"What do you mean? An African or European slashdot?"

I assumed universal, bit if picking...American.

Geez, I can't find shit in here...and when trying to hit options (with firefox), looks like half the options aren't showing up...

Re:

[Yvan256]

That's nothing, wait until you try to view this reply from your user page!

All I had was HaZardman27's comment at the top then I had to click on all the replies to get to yours.

Slashdot is borked. Let's create our own Slashdot, with blackjack and hookers. In fact, forget Slashdot!

Re:

[IshmaelDS]

Only half your options aren't working? I click on options and my window goes dark for a second and them I'm back. No movement at all.

Re:

[gnarfel]

There is no more unladen Slashdot.

Re:

[theaveng]

"He's a sellout."

Pretty much.
Like your signature, and it's sadly accurate: "My Dialup plan provides more data (13GB) than Verizon Wireless (5GB)." Or VirginMobile or Cricket or Sprint, also with 5GB caps. - A modern cellphone internet should not be providing LESS data than the old 56k plans.

Re:

[Anonymous Coward]

What does this have to do with privacy? Are you suggesting that if someone is able to successfully login into your Facebook page, including you, they should be unable to see any personal information? Might as well close down the site.

Re:

[Rockoon]

Perhaps you were already masking as FireFox?

Identify as Opera works perfectly with Opera.

if zuckerberg went away for a while

[Anonymous Coward]

and built up a few different anonymous networks of relationships incognito in Europe and Asia,

and came back, and realized "Shit. This network of Friends is totally useless for adding my new friends and lovers."

Then he would finally fix Facebook and make it appropriate for me to use. Until then, like all serious billionaires, celebrities, politicians, and just Renaissance men -- I'm holding out. Good luck, Mark.

Re:

[FredFredrickson]

That is the issue. It puts people who shouldn't know each other into one giant cesspool. Not all my friends are friends with each other.

Re:

[vlm]

it's even worse for people like me who were vegan activists but also were in the military. Come on.

"Don't ask Don't Tell?"

Then there's the ex-girlfriends issue, the MCSE studygroup vs Linux club issue, the "friend both my parole officer and my dealer" issue.

Also I strongly dislike the binary "friend" / "notfriend" situation. Can't they at least make it a small range of integers? I was meaning to delete my account for awhile, the thing that made me do it was this burnout dude from over two decades ago whom I hung out with in study hall a couple times wanted to friend me, and I'm thinking, so this dude a

Re:

[TheLink]

You can create friend lists and have people on that list get a very restricted view.

What I do is create an extremely restrictive list. Then if someone with a name I don't recognize (some random nick) and a profile photo I don't recognize (say some cartoon character) tries to add me as friend, and based on mutual friends it seems like I might know him, I can put him on the restrictive list first. Once I do that, since I am now his "friend" (and assuming he doesn't have "friends" default to restricted access)

Re:

[Culture20]

And you just added him to your Facebook "web of trust", so now everyone you know will also add him as a friend. A ton of people I went to highschool with friended a fake person on Facebook, and when I asked them about it, they said they did it because others apparently knew "her". It's just like pgp/gnupg's web of trust, except people don't check at all. There are several people who never defriended "her" after I pointed out this person was lying every step of the way.

Re:

[RadioElectric]

Can't they at least make it a small range of integers? I was meaning to delete my account for awhile, the thing that made me do it was this burnout dude from over two decades ago whom I hung out with in study hall a couple times wanted to friend me, and I'm thinking, so this dude and my wife are supposedly on the same level, according to facebook's way of thinking?

This is troubling you because you are letting Facebook influence the way that you're thinking. It is not some official list for keeping track of what your relationships are with the people that you know. I'd actually find such a thing abhorrent. What it does let you do is let you communicate selectively with a pre-defined (by you!) group of people. Is there really much you'd want to communicate privately to your wife that you wouldn't say or do in-person anyway?

Re:

[fishexe]

Can't they at least make it a small range of integers? I was meaning to delete my account for awhile, the thing that made me do it was this burnout dude from over two decades ago whom I hung out with in study hall a couple times wanted to friend me, and I'm thinking, so this dude and my wife are supposedly on the same level, according to facebook's way of thinking?

This is troubling you because you are letting Facebook influence the way that you're thinking. It is not some official list for keeping track of what your relationships are with the people that you know. I'd actually find such a thing abhorrent. What it does let you do is let you communicate selectively with a pre-defined (by you!) group of people. Is there really much you'd want to communicate privately to your wife that you wouldn't say or do in-person anyway?

Also, he didn't have to accept the burnout dude's friend request. Like you said, "pre-defined (by you!)". Nobody can force you to FB friend them.

Re:

[vlm]

This is troubling you because you are letting Facebook influence the way that you're thinking.

Well, yeah, thats kind of the point of "playing". If you don't want to play, you very well should take your ball and go home, as I did.

It is not some official list for keeping track of what your relationships are with the people that you know.

Thats open for debate. I think the majority hold the opposite opinion.

Re:

[story645]

You can use filters, groups, and security settings to manage the different types of friends (like livejournal), but the fine-graining is a total pain to enact retroactively if you've got more than a dozen or so friends.

Re:

[fishexe]

I was meaning to delete my account for awhile, the thing that made me do it was this burnout dude from over two decades ago whom I hung out with in study hall a couple times wanted to friend me, and I'm thinking, so this dude and my wife are supposedly on the same level, according to facebook's way of thinking?

They're not on the same level. Your wife gets to be in your friends list and your relationship status!

P.S. I use "whom" in every post to offend certain people. If this does not apply to you, please disregard the whom and this postscript.

It's all good 'cause you used it correctly.

Re:

[vlm]

People I don't want to be friends with want to friend me which leaves the terrible choice of accepting them, causing other people to wonder why exactly it is that you are friends with this person, or ignore them and give them the satisfaction of knowing you still dislike them.

Even funnier is when they start comparing whom you accept and reject ... So the guy I sat next to in "diversity training" for four freaking hours is now annoyed at me for not accepting his friend, when he knows I friended his coworker who sent me exactly one work related email but I liked his sig line so he made the cut.

Even funnier when it spills over into work... I was not involved, but I heard of some pretty serious problems where some people would only friend coworkers or reject coworkers of certain rac

Re:

[gislifb]

Concerning Diaspora. I signed up for an invite some 3 months ago and still nothing. So it seems they aren't sending out invites and if they are, they are doing it really slow.

Re:

[Culture20]

Who wants to sign on to a webpage and be shown pictures of dead friends and ex-girlfriends with it suggesting you be friends?

The ex-girlfriends I'm okay with (they usually try to friend right away), but the dead-friends thing is creepy. I wish a friend of mine would stop maintaining her sister's memorial page...

I'm still pissed ...

[KillaBeave]

... that he shot Bill Murray.

It will teach him...

[FranckMartin]

..not to let his computer unlocked at the office when he goes to have a piss!

His Fan Page, Not His Account

[eldavojohn]

An unknown hacker broke into the 26-year-old internet celebrity's Facebook account

I don't think that's an accurate account of what happened. It was his Fan Page [washingtonpost.com], not his personal page. That may or may not have been updated by him -- most likely it was some staff or fan of Zuckerberg.

Re:His Fan Page, Not His Account

[jgtg32a]

Why let a little thing like facts get in the way of a good headline

Re:

[HuckleCom]

He prolly doesn't post his own stuff to his -own- account either

Re:His Fan Page, Not His Account

[anti-pop-frustration]

Mark Zuckerberg has "fans"?

I guess sycophancy and worshiping the rich never goes out of style.

if you click "like" on this

[nopainogain]

does he create a list and delete your account?

Re:

[jimmerz28]

One of my friends quoted the headline on his wall and it was removed by Facebook. So that's probably not far off...

Re:

[nopainogain]

i fought the trend.. i didnt have a fb account until 2007. it eventually roped me in. Now I'm suceptible to the whims of that wealthy bahstahd. he hasnt bought out slashdot yet has he? (since im calling him a bahstahd)

Re:

[jimmerz28]

It's a good way to stay in touch with old WoW friends who don't play anymore.

Just like World Of Warcraft; everything in moderation.

New job opening

[Kildjean]

Will be available soon because someone will get fired today... I can tell you that...

Re:New job opening

[corbettw]

Yes, that's the proper course of action to take when something goes wrong: immediately affix blame and fire the person who made a mistake. Let's not take the time to learn from our mistakes and ensure we don't repeat them, just get rid of anyone who is at all imperfect.

This is why you are (probably) not in management and never will be. If you are in management, this is why your employees hate you.

Re:

[Abstrackt]

Yes, that's the proper course of action to take when something goes wrong: immediately affix blame and fire the person who made a mistake. Let's not take the time to learn from our mistakes and ensure we don't repeat them, just get rid of anyone who is at all imperfect.

This is why you are (probably) not in management and never will be. If you are in management, this is why your employees hate you.

Meanwhile, here in reality... How likely you are to get fired is directly proportional to how public your mistake is or was.

For example, if you make a public mistake on a website everyone's heard of odds are your head will be on the chopping block because investors need to see problems are dealt with swiftly and efficiently. If you just spill coffee on your company-issued laptop you're probably just going to get reprimanded and not allowed to have another one but you keep your job because you only made you

Re:

[TheSeventh]

Depends on the company. At a company I was doing contract work for, one of their engineers made a dumb mistake, by not paying enough attention to detail, (only a modest amount was needed anyway), and it ended up costing the company $500K. He wasn't fired, but his department and others had to come up with ways to keep it from happening again.

Knowing that the chances of you getting fired are pretty low for making even a stupid mistake helps people to acknowledge and own up to the mistakes faster and with

Re:

[TapeCutter]

"it ended up costing the company $500K. He wasn't fired, but his department and others had to come up with ways to keep it from happening again."

Yes, it's kinda silly to fire someone when you just spent $500K training them.

Re:

[Worthless_Comments]

That was the joke. You know, that it isn't the proper course of action.

But hey, wrongly assume you know what someone is talking about then start talking down to them and tell them they'll never be a success? Yep! Can definitely tell you're in management. Keep up the good work, somebody has to prove the stereotypes!

Re:

[tverbeek]

I haven't seen any evidence that having a fire-someone-immediately mentality keeps anyone out of management. Except of course the people who are on the receiving end of it. I've seen it (including up close and personal) more times than I want to think about.

Re:

[Kildjean]

You must be new in Slashdot. Being sarcastic is part of the culture here.
You are right somewhat, I don't manage people, I manage servers... Thousands of them.
People whine bitch and moan... Computers don't, most of them anyways...

Re:

[lennier]

People whine bitch and moan... Computers don't, most of them anyways...

I take it you've never tried to compile a Linux system from source and looked at the gcc warning logs?

Re:

[sjames]

Don't mistake observation for advocacy. You are perfectly correct that firing someone usually isn't a decent or useful response to this sort of thing. He is perfectly correct that all too often management scapegoats someone so they can sweep the problem under the rug or at least deflect attention from their own shortcomings (that actually lead to the problem) because they know that THEIR manager will take the same approach.

It's truly pervasive. Honestly, our entire society could be summed up by 2 phrases: "

Re:New job opening

[locallyunscene]

I don't think they can fire Mark Zuckerberg.

Re:

[denshao2]

And the hacker will be hired.

would your holiness care to change his password?

[Hydian]

Maybe god wasn't a good choice of passwords for the superuser account? He should have read the memo.

Re:

[Spectre]

Maybe god wasn't a good choice of passwords for the superuser account? He should have read the memo.

S'okay, the new password will be selected from the following list:
love
sex
secret
(since, "god" has already been used it has been locked out).

excellent. Now do /.

[roman_mir]

The next thing that needs to be hacked and improved is /.

I can't even imagine what can be done to the site at this point to make it any more ugly and less user friendly.

You can't invent anything better than BBS for this type of a system anyway.

Roy Castillo

[Anonymous Coward]

A few hours ago, many people were tweeting of a Facebook status update from someone called Roy Castillo appearing on their Facebook Wall. Could this be related?

Just geos to show..

[Stenchwarrior]

..no matter how much security you try to put around something, someone else can always get around it. That's the nature of the game and I hope it never changes.

Please god where is the like buton for this....

[Lumpy]

Kudos to the person that "hacked" it. what a better way to highlight the security problems with facebook than to target the head cheese.

"Causes"

[Fibe-Piper]

I get spammed by those "Causes" people all the time!

I love consultants

[snookiex]

From TFA:

Facebook users - famous or not - need to take better care of their social networking security," said Graham Cluley, senior technology consultant at Sophos.

Scott Adams has depicted them in so many ways [dilbert.com]...

wtf

[MickyTheIdiot]

How are we sure Slashdot hasn't been hacked.

Go ahead and mod this down, karma be damned... this is disconcerting.

One known vulnerability

[OverkillTASF]

One of my associates manages the Facebook page of a local baseball team. A while back, they started getting iPhone spam posted to their team's Facebook page. No one could tell why. He was changing passwords, taking away peoples' access, running offline virus scans on their hard drives... Losing his mind with it. Each time one of these messages got posted, they'd lose 1,000 fans due to the spam. That's a big deal for companies that use Facebook. Turns out, the issue was due to the "mobile updates" feature. According to him, there's a random email address that you send updates to, and that gets posted to your page. This is not something you can disable, you can only request that the address be changed. The result is that you can basically spam a whole ton of random email addresses in this format and get your message posted to a load of random Facebook pages. Facebook has not been helpful in stopping this or disabling this feature for their account. Since then, I have seen this happen to my girlfriend's Facebook page as well as her friends', etc. This vulnerability is a wide spread problem. It may not be what happened in TFA (I did not read it), but it's out there. And it's insane.

Re:

[OverkillTASF]

This is incredibly well thought out. I forgot that since this was a free service, you're not permitted to have any concerns about the integrity of information stored on it. Man I'm an ass. Would love to hear how your tune changes when someone starts sending penis enlargement emails to your grandmother directly from your GMail account.

Good. Karma?

[mujadaddy]

~nt~

Firesheep'D

[Godskitchen]

^^

Hackercup 2011

[Stregano]

Why would Facebook host something called Hackercup 2011 and NOT expect something like this to happen during it? It would be like me going to Def Con with a Windows XP machine, use they open wireless network, and get pissed and think it is weird that my computer got hacked. Seriously. Also, I checked the "Hackercup 2011" stuff they are doing, and it should be called just another programming competition. You put the word hacker in there, and something is getting hacked, for real. Maybe ol' zucky-poo should have thought that one out better. They should let the unknown hacker win the Hacker cup since he did a hack cool enough to not just make headlines, but some people that posted the headline to their status got it removed by FB. I would say that the person won regardless of what the even was (the hacker clearly marked at the end that this had to do with the Hackercup)

Re:

[a Flatbed Darkly]

I take it that they're referring to "hacker" as in Y Combinator's "Hacker News", as in "programmer in general", rather than the more classic meanings of "one who accesses systems without authorisation by means of exploiting vulnerable code, etc" or "skilled programmer with tendencies to the questionably legal".

"Hacked"?

[a Flatbed Darkly]

It's clear that none of Facebook's code was compromised, otherwise other high-profile pages would be being defaced. What's more likely here is that, through some human flaw of easy security questions or simple passwords (I can't see the Zuck or his immediate staff using unsecured wifi), the account was compromised. Ergo, not a hack. That pedantry aside, I'm very much pleased to see Facebook knocked down a peg or two, especially in the area of security.

ok, with it

[hesaigo999ca]

Its all good, as long as the message was positive, and made sense in the long run, should be ok, although it should also go to show that too easy to hack a facebook account and hack their info...I wonder if the perp, knows Zuck's private schedule now....unless Zuck himself knows not post all his coming and goings on facebook.

I can hear Nelson Muntz now

[sxedog]

Ha Ha. How appropriate

His password was

[Yadyn]

iloveericaalbright

You don't get to 200 million dollars [boxofficemojo.com] without exposing a few clues.

Re:

[lahs0n]

No username.

Password "admin".

Re:

[Anonymous Coward]

"password" or "XXXXXX"?

OT: Interesting security related thing about the new slashdot redesign, if you put your /. password into the comment, it will automatically be replaced with XXXXXX to protect your privacy...

Re:

[tverbeek]

Let me try: My password is i<3Taco. :)

Re:

[One Monkey]

but my password is XXXXXX... so I'd better make sure not to type XXXXXX into this comment or else everyone will be able to see that it's XXXXXX.

Re:

[BlackHwk98]

I'm gonna roll with his password was P^s5W0rd

Re:

[fishexe]

"password" or "123456"?

That's the combination on my luggage!