Our global nightmare might not be totally over, but at least it’s in the process of coming to an end. The flood of penises, dead babies, bloodied corpses and photoshopped Justin Bieber pics is being turned off by the folks at Facebook.
On Monday, users began complaining that Facebook had turned into a porn site – saying that their news feeds were inundated with hardcore images. As the images spread, users began reporting violent pictures and gory images of animal abuse. The images were popping up on people’s feeds, claiming to have been posted by friends – although people had no idea that they were propagating the content.
Facebook has issued a brief statement, blaming the spread of graphic images on a “coordinated spam attack that exploited a browser vulnerability.” The specifics involved oblivious users adding “malicious javascript in the browser URL.”
Here’s the full statement:
Protecting the people who use Facebook from spam and malicious content is a top priority for us, and we are always working to improve our systems to isolate and remove material that violates our terms. Recently, we experienced a coordinated spam attack that exploited a browser vulnerability. Our efforts have drastically limited the damage caused by this attack, and we are now in the process of investigating to identify those responsible.
During this spam attack users were tricked into pasting and executing malicious javascript in their browser URL bar causing them to unknowingly share this offensive content. Our engineers have been working diligently on this self-XSS vulnerability in the browser. We’ve built enforcement mechanisms to quickly shut down the malicious Pages and accounts that attempt to exploit it.
We have also been putting those affected through educational checkpoints so they know how to protect themselves. We’ve put in place backend measures to reduce the rate of these attacks and will continue to iterate on our defences to find new ways to protect people.
So Facebook is limiting users’ exposure to the penises – which is good. Users were a little more than incensed over the spam. Of course, spam attacks aren’t anything new to Facebook – but this one appeared to be particularly malicious.
While Facebook cleans up this latest mess, it doesn’t hurt to talk about what you the users can do to prevent stuff like this from happening.
First and most importantly, stop clicking on stupid links. Have an eye for stuff that sounds out of character for your friends to post. Anything that offers you a look into something private, or contains any of the phrases “OMG” or “I can’t believe this” might be a clickjacking scam. If a link offers to tell you how many people have looked at your profile page, for the love of god, don’t click it.
If you do find that you have fallen victim to something like this, it doesn’t hurt to change your password. And make sure that your privacy settings are set pretty tight on who can tag you in a photo.
Of course, if your friends fall victim to these spam attacks, you might not be able to stop the flood of unwanted imagery from hitting your news feed. Hopefully, with a little help from Facebook’s security team and a little more common sense from users, we can make this kind of thing happen less frequently.