A blog about SQL Server, SSIS, C# and whatever else I happen to be dealing with in my professional life.

Find ramblings

Monday, July 20, 2009

Facebook and Yahoo! do not mix

A friend recently had this experience. In a game on a popular social networking site, one of the goals is to obtain a progressively larger network of friends to move effectively play the game. In this case, I'm talking about Mafia Wars on FaceBook. A common practice is to randomly add people in groups dedicated to increasing group size and after linking up, "defriend" them. The game does not require you to remain friends for purposes of increasing your group size.

A spurned "friend" used the unfortunately visible personal information to engage in a simple identity theft. Where it gets ugly is Yahoo! They allow a person to recover their account by date of birth and postal code. If you are on FaceBook, look through your contacts and see how many have that information exposed. My friend recovered his account and changed the password but Yahoo!, in their infinite wisdom, allows you to recover your account forever once you know birthdate and postal code as those two items are immutable. Once your Yahoo! account is compromised by that vector, it's game over. There is no way to make the account safe again. The best you can do is shut it down and create a new account. That was their advice to my friend.

I've urged my friend to report the activity to FB as well as the Police Department of the assumed cracker's hometown. A wonderful double edged sword these social networking sites---the gentleman exposed enough information about himself to allow me to track down his age, city, high school (surprise) and his activities (6 mph runner) but as I have no desire to expose myself to legal issues, I won't join this troll in the gutters. I would like to call his parents though, that'd be delicious.

No comments: