Sendible Attack May Have Uncovered A Big Facebook Security Flaw. Huge Pages Compromised.
We’ve just received about a half dozen rapid fire tips all showing the same thing: the Facebook app Sendible compromised in a major way.
It appears that several of the largest Facebook Pages including Google, Coca-Cola, YouTube, South Park, The Daily Show, Team Coco and others are now sending out a malicious link to all of their followers that reads “Change Your Facebook Background Here!” Obviously, don’t click on it.
A few people who did click on the link reported that it took you to a page outside of Facebook that asks you for some information about you. The bottom of the page reads “Powered By AWeber Email Marketing”.
The weirdest part is just how many other Facebook users are “liking” these links.
We’ve contacted Facebook about the issue and will update when we hear back from them. But these accounts compromised seem to suggest that this link is showing up in tens of millions of feeds right now.
Update: And it looks like most of the malicious links have now been taken down. But more tips are coming in that the attack is ongoing and other links keep popping up. Still no word yet from Facebook on the incident.
Update 2: From Mazy Kazerooni:
The Sendible hack hit Lil Wayne’s Facebook page (15 MM fans). I’m an admin, blocked the app. They tried to post multiple times
Update 3: And now Sendible is saying it wasn’t them that was hacked, instead this may be a Facebook security exploit:
Just to clarify, Sendible was not hacked. One of our users has discovered a major flaw in Facebook’s security.
Update 4: Says Facebook:
We’re looking into this now and will let you know as soon as we hear something.
[image via moyajaya]
One reason I am glad I closed my Facebook account.