Facebook Hit By Massive Spam Attack | HuffPost

Facebook Hit By Massive Spam Attack

By

On Assignment For HuffPost

|

A massive spam attack is wreaking havoc on Facebook users' News Feeds.

ZDNET has covered the spamming for the last couple days and reports that the attack has flooded some feeds with graphic photographs, apparently distributed via hijacked accounts.

One Facebook user contacted The Huffington Post and reported that a friend's account had inexplicably posted a disturbing image of an injured dog. "I know [my friend] would never publish something like this on his own," the user wrote.

According to Sophos' Naked Security blog, several different images are spamming feeds across the site.

The content, which includes explicit hardcore porn images, photoshopped photos of celebrities such as Justin Bieber in sexual situations, pictures of extreme violence and even a photograph of an abused dog, have been distributed via the site - seemingly without the knowledge of users.

Although a Facebook rep was not immediately available for comment, the company has already confirmed the attack with a number of blogs. For example, Mashable writes that Facebook has acknowledged a "coordinated spam attack" that tricked users into copying and pasting "malicious javascript in their browser URL bar."

Detailing how they are handling the attack, Facebook provided Mashable with the following statement:

During this spam attack users were tricked into pasting and executing malicious javascript in their browser URL bar causing them to unknowingly share this offensive content. Our engineers have been working diligently on this self-XSS vulnerability in the browser. We’ve built enforcement mechanisms to quickly shut down the malicious Pages and accounts that attempt to exploit it. We have also been putting those affected through educational checkpoints so they know how to protect themselves. We’ve put in place backend measures to reduce the rate of these attacks and will continue to iterate on our defenses to find new ways to protect people.

Computerworld notes that some believe the browser exploit was written by members of hacker-activist collective Anonymous. Back in August, Anonymous was allegedly planning to attack Facebook on November 5, but that deadline came and went without incident; in addition, several individuals believed to be associated with Anonymous have denied involvement in the planning of a so-called "Operation Facebook".

Has your Facebook account been compromised by a spam or clickjacking attack? Check out our list of helpful tips (below) to find out how you can clean up your profile once it's been compromised. If you're curious about what kinds of Facebook scams to watch out for, check out our slideshow of the 9 most common Facebook scams (here).

Scrubbing You Facebook Profile: What To Do If You've Been Scammed(CLONED)

Change Your Password(01 of09)

If you fell victim to a phishing scheme or another hack attack, it's likely that someone else has obtained your password and is using it to access your account. You'll need to change your login credentials ASAP. Visit Facebook's Account Settings to do this. Remember, don't reuse passwords on different accounts and the more complex the password, the safer you'll be. (credit:Flickr: .::E1ement2048::.)

Verify Identity(02 of09)

If you believe someone has gained access to your Facebook profile and is posting unauthorized content in your name, Facebook's Roadblock tool can help verify your identity and secure your account against the spammer. (credit:Facebook)

Enable Login Approvals(03 of09)

One of Facebook's new security features will implement a two-step login process the first time your account is accessed from an unfamiliar device. If you enable this feature, Facebook will send a verification text to your mobile device before allowing access from the new location. You can save or block the new device via your handset. If a foreign device fails to log in, Facebook will notify you when you next log in from one of your approved devices and will give you the option of resetting your password if you suspect foul play. (credit:Facebook)

Clean Out Your Apps(04 of09)

When you approve a normal app, you "allow" the app access to your profile, trusting that the developers will post only updates about your in-app activities. However, spammers will use this open door to take over your profile. If you fell for a rogue app and mistakenly clicked "Allow," or if you notice excessive activity on your account, you should edit your list of apps and remove any suspicious ones. To do this, open the drop-down box under your Account tab, click "Privacy Settings" and find the "Apps and Websites" settings management tool (at the bottom of the page). This tool will help you manage your apps and the kind of information they can access. Your Apps Page lets you turn off all platform apps or remove/edit each app individually. It's a good idea to use this tool every now and again, since apps tend to pile up over time. (credit:Facebook)

Delete Spam Messages And Posts(05 of09)

As soon as you can, delete spammy posts from your wall and Facebook inbox. The fewer there are, the less likely you or your friends will be to click on them. (credit:YouTube)

Edit Your Interests(06 of09)

If you were tricked into "Liking" a scam, you'll need to edit your interests on your profile and remove any links to spam sites you may have acquired. (credit:Getty)

Notify Facebook(07 of09)

If you suspect your account has been compromised, you can alert Facebook through several channels. To report privacy breaches, you can direct reports to privacy@facebook.com. If a scammer gained access to your account password via phishing attack, you can fill out Facebook's phishing report. Facebook also provides a separate form for reporting a malicious link or website. (credit:Getty)

Scan Your Computer For Malware(08 of09)

Facebook recommends that you scan your computer hard drive for malicious software that could potentially tap into your profile again. If you don't have an antivirus app, Facebook suggests using a free trial of McAfee. (credit:Facebook)

End Session(09 of09)

If you've entered a line of malicious code into your browser and believe that someone has taken control of your profile and is in the process of spamming your friends, log out of Facebook to stop the attack. One of Facebook's new security features may also notify you of suspicious activity on your account, such as excessive "Likes" or posts. (credit:Getty)

Our 2024 Coverage Needs You

As Americans head to the polls in 2024, the very future of our country is at stake. At HuffPost, we believe that a free press is critical to creating well-informed voters. That's why our journalism is free for everyone, even though other newsrooms retreat behind expensive paywalls.

Our journalists will continue to cover the twists and turns during this historic presidential election. With your help, we'll bring you hard-hitting investigations, well-researched analysis and timely takes you can't find elsewhere. Reporting in this current political climate is a responsibility we do not take lightly, and we thank you for your support.

Contribute as little as $2 to keep our news free for all.

Can't afford to donate? Support HuffPost by creating a free account and log in while you read.

Support HuffPost

Before You Go

Suggest a correction

|

From Our Partner

HuffPost Shopping's
Best Finds

We Track Sales For A Living. These Are The Memorial Day Deals Actually Worth Shopping.

The Best Under-$30 Impulse Buys To Make During Memorial Day Sales

If These 20 Problem-Solving Products Look Familiar, It's Because They Were All On 'Shark Tank'

Amazon Customers Have These 30 Products On Their Wish Lists

Gen Z Has Officially Canceled Ankle Socks: 'They're For Old People'