Hackers Can Post Pictures and Text as You in Facebook Groups
The post-by-email feature in Facebook Groups has opened up a new wave of security concerns as The Next Web has reported how the feature can be easily abused by hackers. The feature could allow an online attacker to post pictures or plain text as anyone that is a member of any given Facebook group. In order to do this, the hacker would only need access to a local SMTP server and would need to know what your email address for your Facebook log-in is.
As for how it’s done, it’s devilishly simple. The attacker just has to change the “from” field in a new email and then send the email to the Facebook group’s email address. Facebook has no verification system; it simply sees that an email is coming from the user’s email address and assumes it’s actually them. Here are two possible solutions, as put forward by The Next Web:
Hopefully Facebook will act soon to solve this issue. What other simple steps could Facebook take to lock down its users’ privacy?