Facebook Messages could be magnet for hackers

Posted by Emma Woollacott

Well, guess what? Facebook's new messaging service might not be all that great for security, Sophos has warned.

It's all in the settings, says the company, which is warning users that they should be aware of the risks and be prepared to spend some time creating their privacy settings.

Because most users will be forced to use their public Facebook username as their Facebook Messages email address, their email address will be public too.

It's thus important to change the default privacy settings to 'Friends Only' to avoid being spammed by all and sundry. The only problem with this is that if a friend then tries to send you a message from a different email address, that will be blocked too.

"The new features do increase the attack surface of the Facebook platform, and make the accounts of users all the more alluring for cybercriminals to break into," says senior technology consultant Graham Cluley.

"Facebook accounts will now be linked with many more people in your social circle - opening up new opportunities for identity fraudsters to launch attacks. Furthermore, because Facebook will be storing a complete archive of all of your communications with one person - there will be concerns as to how such data could be misused if it fell into the wrong hands."

Facebook will need to be ultra-vigilant about its filering techniques, says Cluley. For example, the new system allows users to send external files such as documents and spreadsheets to one another. These could be malware-infected or carry spam messages.

"It's unclear at the moment whether Facebook will put any restrictions on the types of files that can be attached to messages," says Cluley.

"Meanwhile, users will need to take greater care of the security of their Facebook account then ever before. "