Skip to main content

Facebook: Browser bug, not Anonymous, behind sex and violence spam attack

 facebook-shutterstockFacebook says that the flood of images depicting graphic sex and violence that engulfed many of its users over the past 24 hours was the result of a “coordinated spam attack.” The success of the attack was due to a browser vulnerability, the company said. In addition, a Facebook official tells the BBC that hacktivist group Anonymous, who some have blamed for the attack, was not in any way responsible.

A Facebook spokesperson says the company has the wave of spam mostly under control. We have received confirmation from multiple readers who were affected that the disturbing images are no longer appearing in their News Feed. The company also says that no user data was compromised as a result of the attack.

“During this spam attack users were tricked into pasting and executing malicious JavaScript in their browser URL bar causing them to unknowingly share this offensive content. No user data or accounts were compromised during this attack,” a Facebook spokesperson told InformationWeek. “Our engineers have been working diligently on this self-XSS vulnerability in the browser.”

So far, Facebook has declined to give details about which browsers contained the vulnerability that led to the attack.

Prior to Facebook’s clarification on the matter, some speculated that loose-knit hacker collective Anonymous was behind the attack. Last month, high-profile members of the group denied that there was a concerted plan to take down the popular social network, after an Anonymous-branded video proclaimed as much.

While this appears to be the case, some Anonymous members have reportedly unleashed a different attack, known as the “Fawkes virus” (in reference to 17th century anti-governement terrorist Guy Fawkes, who serves as the group’s mascot).

This past weekend, Internet security company Bitdefender said it had discovered the Fawkes virus using its Safego social media anti-virus tool. George Petre, head of social media security research for Bitdefender told us yesterday via email that it did not believe Anonymous was connected to the spam attack because “Anonymous would use something more sophisticated.”

[Image via 1000 Words/]

Editors' Recommendations