2010’s Top 5 Social Network Foul-ups
Social networking hit its stride in 2010, as the titans – Facebook, Twitter and MySpace – provided hundreds of millions of people worldwide with open lines of communication and constant, to-the-second connections. Even newcomer Foursquare made a splash as users checked out the benefits of the check-in service.
But for all the friendships they’ve fostered and relationships they’ve rekindled, social networking sites have posed serious, and constant, cybersecurity threats this year. A look back on the top five security blunders might have you ringing in the New Year with fear -- or at least updated privacy settings.
Facebook 'farms' your private info
In October the Wall Street Journal broke the news that many Facebook apps, including "FarmVille," "Texas HoldEm Poker," "Mafia Wars" and "FrontierVille" leaked users' personal data to third-party advertisers and Internet tracking firms.
With 550,000 apps on Facebook, and 70 percent of account holders using apps each month, this security breach was a serious risk for Facebook gamers.
Soon after, Facebook was forced to face up to the government. The House of Representatives' Bipartisan Privacy Caucus, led by Edward Markey (D-Mass.) and Joe Barton (R-Texas), demanded a formal letter from Facebook chief executive Mark Zuckerberg addressing how his company planned to address the security slip-up.
MySpace is theirs, too
Sign up for the Live Science daily newsletter now
Get the world’s most fascinating discoveries delivered straight to your inbox.
Once the prominent social networking site, MySpace has steadily lost favor as Facebook’s influence grew. So it seemed only fitting that a week after Facebook was found to be leaking user data to advertisers, MySpace followed suit.
Popular applications, such as “TageMe,” “RockYouPets” and “GreenSpot” all leaked user IDs to advertisers.
The problems continued, as it was found that when account holders clicked on MySpace ads, their unique IDs were transmitted, meaning a person could access a user’s profile page and obtain their location and personal photos.
It’s tempting to chalk up MySpace’s privacy flub to routine error – or a pathetic attempt to be just like Facebook – but it turns out MySpace knew exactly what it was doing. In May, the Wall Street Journal first reported on MySpace’s privacy leak. After the report, MySpace promised to stop.
'Twidiots' and 'Firesheep' roam free on public Wi-Fi networks
In late October, a software developer named Jonty Wareing created a Web tool called "Idiocy," which was used to monitor Twitter accounts being accessed on unsecured public Wi-Fi networks. On the accounts he gained access to, Wareing posted warnings on users’ pages telling them they were vulnerable to a cyber attack.
Luckily for those tweeting from the supposed safety of their local Starbucks, Wareing designed Idiocy as more of a teaching tool than a hacking one. In a message on his site, he explained that he was merely demonstrating the security risks people subject themselves to when accessing Twitter on public Wi-Fi networks.
Idiocy went hand-in-hand with "Firesheep" a Firefox Web browser plug-in that took advantage of public Wi-Fi’s loose security settings to hack into 26 sites, including Foursquare, Twitter, Facebook, Yahoo, Google and the New York Times.
Just like Idiocy, Firesheep’s creator, freelance Web app developer Eric Butler, said he designed the program to demonstrate what users may face when going on Facebook, Twitter and Foursquare.
"Websites have a responsibility to protect the people who depend on their services. They've been ignoring this responsibility for too long, and it's time for everyone to demand a more secure Web. My hope is that Firesheep will help the users win," Butler wrote.
Of course the issue didn’t wrap itself up neatly. Firesheep was downloaded more than 200,000 times after its release, and sparked the creation of "FireShepherd," a tool to randomly scatter public Wi-Fi signals and put malicious Firesheep users out to pasture.
Google 'Buzz' stings
Google's foray into the social media world was met with harsh opposition and a backlash from those who wished to keep their personal lives just that.
In February, Google unveiled “Buzz,” a feature built directly into Gmail that allows users to post status updates, and "follow" the people users chat with and e-mail the most.
In theory, it seemed like a natural extension of Gmail’s popular chat feature, but it didn’t go according to plan.
The problems started when Google automatically made all Gmail account holders Buzz users, whether they chose to be or not. Even worse, a user’s "followers" were granted access to their entire Google profile, including e-mail address, contacts and even private photo albums.
Buzz for mobile phones posed another set of security threats. By default, people using Buzz on their smarthphones revealed their exact location when they posted messages.
Google has since addressed Buzz’s inherent privacy problems by letting users select the information they want to be public, but not before a Harvard Law School student filed a class action lawsuit against Google on Feb. 16, claiming that Buzz violated federal privacy laws.
As part of the lawsuit’s settlement, Google created an $8.5 million fund to promote groups that promote Web privacy.
The bitter 'tweet' trend continues
The final social networking foul-up finds Twitter again a top target for scammers.
When a celebrity is in the spotlight or there’s a worldwide event making worldwide headlines – see WikiLeaks, for example -- those names or events can most likely be found under Twitter’s "Trends" list. And in the world of cybertheivery, popular search terms are a hacker’s goldmine.
Towards the end of 2010, security experts began noticing online attacks that use fake Twitter messages loaded with the most popular terms of the day to lure people into clicking on corrupted links.
The campaign is similar to Blackhat SEO scams, in which cybercriminals trick search engines into positioning their malicious pages at the top of the results list for a popular topic.
The problem with Twitter’s trending scams is that with Twitter’s up-to-the-second updates, there is an endless amount of supply, and, as long as people are fascinated with whatever the day’s hot topic is, the temptation to click that one little link won’t go away.