Facebook Needs to Face the Security Music ... Now!
Three times in the last week or so, I've gotten "messages" from Facebook friends that linked me to at least, a bogus link, and at worst, a link that would infect my computer if I was dumb enough to click on it. (I admit the first time I was dumb enough, but caught myself in a nanosecond and stopped the site from loading before it could start.) But, every time this happens, a bit of my faith in Facebook slips away, as hackers take over the Facebook accounts of people I know. (If you've never gotten one of these messages, what they tend to look like at is at right.)
The faith slips away even more among those who were more directly victimized. When I alerted one of my Facebook friends about the hacker attack, he responded: "it's spam, not sure how one goes about handling this ... i really can't stand FB ... so this is the kind of thing that'll make me quit it again."
Another, who's fond of more colorful language, said: "Some fucker is using my facebook email to crank out spam... This is why social networking sucks. I'm trying to fix it. Cheers/George"
The problem, as media analyst Shelly Palmer describes in his daily newsletter, isn't just that Facebook needs to stop this from happening, but that it has to provide recourse for accounts that are attacked. It has to restore its users' faith. When his wife's account was taken over, Palmer tried everything, including leveraging connections within the company, to fix the problem and reinstate her account. When nothing happened, he concluded:
... The bigger problem for [Facebook founder Mark] Zuckerberg and company is the fact that my wife won't ever trust a cloud-based social network again. She won't bother to invest the time and energy to establish another virtual presence because she feels completely victimized. The hacker victimized her, then Facebook penalized, victimized and abandoned her. The damage is done, she's gone -- herein lies the challenge and the opportunity.There's another probem, too. Facebook, when it does react, isn't pro-active enough -- particularly when it comes to communicating to its broad user base about what's going on. One of the two people I cited above forwarded me an extensive email about phishing that he got from Facebook only after his account was hacked. In addition to this, Facebook needs to post security alert information right on the log-in page not only to protect users, but to make Facebook somewhat self-policing. If it can post material about the terms of service voting in such a manner, it can certainly do so with security alerts.
Most of the time when I write about Facebook, it's over how it should monetize itself, but if I had to pick a priority right now, handling the myriad issues around security would be my first priority.