Jun. 24, 2009

Posted by in Facebook | 2 comments

Account Shutdown – Seriously? (Updated)

I received an e-mail today that personally I find rather upsetting.  Apparently Facebook has taken some action in response to the latest attack: shutting down the Facebook account of someone trying to spread the word about it.

An administrator for the group Rogue Facebook Apps Early Warning Group, which began as an effort to alert Facebook users to applications such as the infamous Error Check System, sent me word today that Facebook had disabled his account.  In Facebook’s defense, the administrator admits that he sent duplicate messages to some of the group members alerting them to the hack.  However, he did this not knowing it violated the TOS, and stopped sending such messages as soon as he received a warning about triggering Facebook’s spam detection.  (The size of the group prevented him from messaging the entire group at once.)

While I hope I’m wrong (and I very well could be), it appears that at least part of the reason for the account shutdown was that this user was spreading word about my Facebook attack.  It saddens me that other people are having to suffer on my account, and I will state here publicly that the group administrator was not involved in this hack in any way.

The account shutdown came before I’d posted any details on how the attack worked, and as I’ve now stated, the vulnerabilities I exploited have been known for months.  If Facebook views the attack as serious, they should take action to fix it, not punish users who publicize it.

I can handle not getting media/blogosphere coverage of my hacks, but if there was ever a time I’d want my readers to spread the word about a story, it would be now.  The more this Facebook user’s story gets out, the more likely Facebook will reinstate his account quickly.

Update: I didn’t want to include a name in my post without permission, but I see that Chris Almond has updated his public Twitter with more details on his deactivation.  This includes a copy of the e-mails he sent to Facebook and forwarded to me explaining his case.

Update 2 (6/25): Facebook just sent me a form letter saying they couldn’t help with my request since I wasn’t e-mailing from the address used to login to Facebook.  Did anyone there actually read my e-mail?

Update 3 (6/25): Facebook has reactivated Chris’ account! According to Chris: “They explained that users aren’t permitted to send messages promoting or advertising a product, service or opportunity. They said they are not able to supply more details about the warnings for technical and security reasons.” He also said Facebook asked him to “refrain from sending messages of this kind,” whatever that means.

  1. I’d really like to talk to this guy – can you put me in touch? sarah at readwriteweb dot com

  2. Re: Update 2 – Yeah, I got the same email.
    Re: Update 3 – This is great to hear, but it doesn’t sound like they wanted to admit an error on their part. Still, welcome back Chris.

Leave a Reply