Case Study: Hacking Is an Equal Opportunity Sport

Not having a strict process for managing security, whether in the social media sphere or general IT infrastructure, can have unwanted consequences. With social media, the constant pace of changes makes managing security tactics more difficult. A recent example of not following a strict process for managing controls is the hack of the Facebook Fanpage of Facebook’s own CEO Mark Zuckerberg. In January 2011, his Fanpage was hacked, as shown in Figure 2-1. Although this incident had limited impact on the company’s reputation, it shows how even the largest companies are subject to attack.

Figure 2-1 Hacked Fanpage of Mark Zuckerberg

It is not clear how the hack occurred. Facebook did not provide many details about how the account was compromised. There are a number of ways that it could have occurred—anything from a weak password being guessed to the password being captured over an unencrypted connection to infrastrucre problems. For a large company such as Facebook, whose market valuation is estimated at $50B, its security budget should address these potential weaknesses. Security measures have to take into account people, processes, and technology controls to provide for a secure environment.

Oddly enough, the same week that Mark Zuckerberg’s page got hacked, Facebook announced that it would be forcing encrypted login over HTTPS, even making the feature available to developers to secure their secure connections to Facebook. This seems more like a reaction to the hack versus a controled change in the way Facebook handles the insecure login process. But this technology control will be of no use if a process is not in place to ensure users follow good security guidelines or if policies are not developed to provide security training.