Facebook Claims Porn Barrage Is Under Control

Facebook says it's clamped down on pornographic and violent images spread by malicious code introduced by hackers.

  • Share
  • Read Later
Robert Galbraith / Reuters

Facebook CEO Mark Zuckerberg delivers his keynote address at the Facebook f8 Developers Conference in San Francisco, California September 22, 2011.

Is it safe to slip back into your favorite social network’s waters? Perhaps. Facebook’s saying this morning that it’s purged itself of a violent image and porn plague ostensibly caused by a hacker (or hackers) who took advantage of a browser vulnerability.

Over the past few days, untold numbers of Facebook’s 800 million users have complained that images ranging from celebrities in pornographic poses to acts of animal cruelty have filled their news feeds. The source for those images? People on “friends” lists, or so it seemed at first.

(MORE: Facebook Users Subjected to Bieber Porn and Dead Dog Photos)

In a statement on Tuesday, Facebook said the images were the result of a “coordinated spam attack,” and that users were tricked into pasting code to their browser’s URL bar, which, unbeknownst to them, executed “malicious javascript,” in turn summoning and disseminating the images. According to Facebook, the technical reason for the violations involved a “self-XSS vulnerability in the browser.”

This morning, Facebook’s saying the spam attack is in hand, that it’s scrubbed most of the images from its site, that “No user data or accounts were compromised during this attack” and, according to a BBC source, the company even knows who’s responsible.

Gossip site Gawker suggested on Monday that hacktivist collective Anonymous might be behind the attacks, following claims by the group it was plotting an assault on the social networking giant. But according to the BBC’s source, the perpetrator has nothing to do with Anonymous, and Facebook’s already prepping a punitive legal salvo.

“Our team responded quickly and we have eliminated most of the spam caused by this attack,” reads a statement issued by Facebook. “We are now working to improve our systems to better defend against similar attacks in the future.”

In the meantime, the company points to a fairly typical list of security “dos and don’ts,” e.g. don’t copy and paste unknown code to your browser’s address (URL) bar, always keep your browser up-to-date (and don’t use one that isn’t) and use Facebook’s “report links” feature to let the company know about anything encountered that’s suspicious or clearly inappropriate.

MORE: 10 Things You Shouldn’t Do On Facebook

Matt Peckham is a reporter at TIME. Find him on Twitter at @mattpeckham or on Facebook. You can also continue the discussion on TIME’s Facebook page and on Twitter at @TIME.