Our comments and trackback policy You Link We Follow, You Comment We Promote

There had been plenty of reports regarding the hacking of accounts as users type in their IDs and Passwords to various sites that claim at importing contacts directly, by being careless enough to share their passwords and more importantly get attacked by a worm that hacks their information; spreading via their contacts. There had been reports of a similar worm that had been reported by Max Kelly in his blog.

He came forward with clear instructions to Facebook users that highlighted how Facebook can tackle the situation or the very many of the like being helped by their users. His post included:

• Report any spam message or posting you see. The more reports we get, the easier it is for us to respond decisively.
• Never share your Facebook password with anyone. Never. No Facebook employee will ever ask for it, and no one else should know it. If you are ever prompted to log in to Facebook, make sure it’s from a legitimate Facebook web address. If something looks or feels off, go directly to www.facebook.com to log in.

Now I was a bit confused and found this quite contradictory to that they have said and they actually do. If I am not wrong Facebook does let its users to enter their username and password for Google, Hotmail, etc in order to import their contacts within the site.

Nik Cubrivolic also voiced similar opinion and it’s surprising that Facebook has mentioned a code of security that they themselves not follow. Why not Facebook utilize certain available API form services like oAuth etc that let users grant permission as to what level of access is granted to services, i.e. using the address book. I would simply suggest Facebook to make use of dependable data exchange tools to help protect users from such attacks.