Facebook Blames Server Misconfiguration for Spam Campaign

Facebook says a recent spam campaign that masqueraded as emails from the recipient’s Facebook friends was the result of what it deemed a “temporary” server misconfiguration.

The error allowed spammers to harvest public data from user’s friends list. The spammers took the information and used compromised email accounts to launch the campaign. In a statement to NBC News, Facebook said:

To help protect our users, we’ve built enforcement mechanisms to quickly shut down malicious Pages, accounts and applications that attempt to spread spam by deceiving users or by exploiting several well-known browser vulnerabilities. We have also enrolled those impacted by spam through checkpoints so they can remediate their accounts and learn how to better protect themselves while on Facebook.

Beyond these protections, we’ve put in place backend measures to reduce the rate of these attacks and will continue to iterate on our defenses to find new ways to protect people. In addition to the engineering teams that build tools to block spam we also have a dedicated enforcement team that seeks to identify those responsible for spam and works with our legal team to ensure appropriate consequences follow.

This incident is a good example of why it is not a good idea to make any of your personal info public on Facebook or any other site. This includes the “friends of friends” setting.

The company was quick to point out that the error has been fixed, no accounts were compromised and no private data was accessed. Whether users will trust enough to take Facebook’s word for it remains to be seen. Facebook says they are continuing to investigate the incident and insist it was a solitary and isolated incident.

Written by Sue Walsh


  1. Maria Ortiz · September 15, 2012

    This proves once again that even if you do protect your data, if your friends fail you (not on deliberately, of course), you are still at the receiving end. I hope users have learned at least to use a dedicated email for Facebook rather than put there their primary email, or even worse – their business email.

  2. Alberto Rodriguez · September 19, 2012

    This makes me wonder what Facebook has been doing with its billions of dollars of income. Mark, what have you been doing? I am now getting tired hearing of Facebok privacy fail stories. Is this what you get when a company is started somewhere in a dorm and by a college guy who just happened to be smart and nothing else? Sorry, if I sound mean, but social networking websites, especially Facebook, are supposed to be well protected. After all, they’re like our private virtual sanctuaries. We share almost everything related to us, such as photos and data from friends.

  3. Lourdes Ford · September 20, 2012

    The problem is obvious. With all the money they have right now, Facebook needs to step it up and vastly improve its privacy policies and settings ASAP. It should make a change on how people register, because it’s just too damn easy. The nine-year-old son of a friend of mine had set up a Facebook! If it weren’t for the fact my friend loves to snoop, she wouldn’t be able to discover that. Now imagine if he got hold of this spam or even a virus, phisher, or whatever. His nine-year-old intelligence is limited to things like that. He surely wouldn’t know how to deal with it properly.

  4. Dosmond · September 20, 2012

    I know a lot of people wouldn’t believe me, and I may sound against the others, I am a huge fan of Facebook. Perhaps it’s because unlike thousands out there, I’m not in there to make business or expand my network. I have a lot of close friends and relatives abroad, and, well, let’s just admit that Facebook makes a cheap but effective mode of communication. But this one truly alarms me. These same people I care about don’t know a lot about spam or phishing so somehow I don’t know what they’re going to do should they become one of the victims in things like this.

Leave A Reply