Forgot your password?
typodupeerror
The Courts Crime Social Networks News

Facebook Founder Accused of Hacking Into Rivals' Email 261

Posted by kdawson
from the what-we-in-bitter-tears-did-sow dept.
An anonymous reader notes a long piece up at BusinessInsider.com accusing Facebook founder Mark Zuckerberg of hacking into the email accounts of rivals and journalists. The CEO of the world's most successful social networking website was accused of at least two breaches of privacy. In a two-year investigation detailing the founding of Facebook, Nicholas Carlson, a senior editor at Silicon Alley Insider, uncovered what he claimed was evidence of the hackings in 2004. "New information uncovered by Silicon Alley Insider suggests that some of the complaints [in a court case ongong since 2007] against Mark Zuckerberg are valid. It also suggests that, on at least one occasion in 2004, Mark used private login data taken from Facebook's servers to break into Facebook members' private email accounts and read their emails — at best, a gross misuse of private information. Lastly, it suggests that Mark hacked into the competing company's systems and changed some user information with the aim of making the site less useful. ... Over the past two years, we have interviewed more than a dozen sources familiar with aspects of this story — including people involved in the founding year of the company. We have also reviewed what we believe to be some relevant IMs and emails from the period. Much of this information has never before been made public. None of it has been confirmed or authenticated by Mark or the company." The single-page view doesn't have its own URL; click on "View as one page" near the bottom.
This discussion has been archived. No new comments can be posted.

Facebook Founder Accused of Hacking Into Rivals' Email

Comments Filter:
  • by Anonymous Coward on Sunday March 07, 2010 @09:31PM (#31396018)

    Lawyers throughout the US just had orgasms....

  • Wow.. (Score:2, Insightful)

    by Anonymous Coward

    just wow.

  • So will he get a mug shot now?

    • by longacre (1090157)
      It's a civil case.
      • Unauthorized access sounds criminal to me. Penalty ceilings probably go way up too, and Zuckerberg's billions are probably starting to look tempting.

        • by longacre (1090157)
          If it happened in 2004, the statute of limitations is long gone.
          • by sthomas (132075)

            IANAL, but the window of limitations for criminal prosecution doesn't begin until the crime is (or should have been) discovered. Just because it was hidden for so long doesn't mean he gets away with it.

            • by GigsVT (208848) on Sunday March 07, 2010 @11:56PM (#31397126) Journal

              Good thing you are not a lawyer, it's from the date it was committed.

              The point of such statutes is because after a long time has passed, the defense is less able to form a coherent defense since a lot of the evidence is gone.

              • by micheas (231635) on Monday March 08, 2010 @05:18AM (#31398594) Homepage Journal

                Good thing you are not a lawyer, it's from the date it was committed.

                The point of such statutes is because after a long time has passed, the defense is less able to form a coherent defense since a lot of the evidence is gone.

                I Am Not A Lawyer, but I have a reasonable amount of experience doing legal research:

                Actually both parent and grandparent are correct. Generally, in civil cases where the standard is preponderance of the evidence or which was more likely, the statute of limitation is from the discovery of the damage, most of the controlling case law in the US in civil matters was established in the dalkon shield cases against A. H. Robins Company. a three year statute of limitations was held to not protect A. H Robbins 16 years after the faulty product was sold, and 15 years after the initial discovery of injury, but less then three years after the discovery of severe internal damage.

                The standards for criminal law are not preponderance of evidence, but beyond a reasonable doubt, and in criminal law, the statute of limitations are a way of saying that there is reasonable doubt by the passage of time, so we will not even try the case because the burden of proof cannot be met. Therefore criminal matters tend to have a statute of limitations that runs from the commission of the crime.

          • Re: (Score:3, Informative)

            by ehrichweiss (706417) *

            Actually, it can also be the case that the statute of limitations applies when the crime was discovered, not necessarily when it was committed. I am told this is especially so if they're trying to convict someone of "habitual criminal". I only know of this because a friend had to file embezzlement charges against an employee who had been stealing from him for longer than the statute of limitations and he was able to get them convicted of the entire string of crimes stretching back several years.

            In civil cou

            • Re: (Score:3, Funny)

              by JackieBrown (987087)

              The staue of limitations kicks end after the crime is completed.

              If it is ongoing, then it would kick in when over.

              IANAL but I have watched Law and Order. The sound wasn't on but I think I got the gist of it.

            • I couldn't find a resolution to that case however recently

              On February 14th, 2010, lead singer Doug Fieger died in Woodland Hills, California after battling both brain and lung cancer for several years.

              Bruce Gary died from lymphoma on August 22, 2006 at the age of 55.

              Of the four original members of The Knack (Fieger, Berton Averre - Guitar, Prescott Niles - Bass, and Bruce Gary - Drums), only Averre and Niles still currently play as The Knack.

              http://en.wikipedia.org/wiki/The_Knack [wikipedia.org]

    • Re: (Score:3, Funny)

      So will he get a mug shot now?

      If he does, do you suppose he'll use it for his Facebook profile?

    • Re: (Score:3, Funny)

      by ultranova (717540)

      So will he get a mug shot now?

      Why would he? He's a CEO, he's supposed [tvtropes.org] to act like a cartoon villain [tvtropes.org].

      The world makes a lot more sense when you stop assuming that various businessmen, politicians etc. are trying to further their self-interest in a rational, if ruthless, manner, and instead treat them as villains in a farcical drama movie. That way you don't have to wonder why someone who already has three billions would risk everything to get a fourth, or something to that effect. The implications of that

  • by Afforess (1310263) <afforess@gmail.com> on Sunday March 07, 2010 @09:36PM (#31396090) Journal
    This is a serious allegation. With all of the information Facebook aggregates, they potentially could unlock many people's emails and various other accounts with the family and personal information. Lots of people use simple things like their pets or parents birthdays as those reminder question answers, and Facebook could easily hold all the correct information to gain access to those accounts. If this case is proven true, I can see some new laws on how companies with this kind of information have to structure and protect it. Hopefully people will wake up and stop putting their personal information where Facebook and others can see...
  • by santax (1541065)
    He probably can write a book about what he's gonna face now.
  • This is why I use a different password on facebook than anywhere else.

    Actually it was when my account started spamming wall postings with links to Chinese drug sites I changed my password to something unique, but still, virtually the same thing.
    • by santax (1541065) on Sunday March 07, 2010 @09:45PM (#31396178)
      And what if all those other sites have a admin that can't be trusted? It's really not about facebook this issue. It's about broken trust and you can't really protect yourself against it. At least not if you want to use their services.
      • by Troed (102527)

        Correct. http://lastpass.com/ [lastpass.com] is one of very few cloud services that actually understands that for me to have trust in them they must design the infrastructure accordingly.

        There ought to be more than a few people at Slashdot working with cloud companies. I'd love to hear some explanations as to why they believe "oh don't worry, your data can only be seen by our admins and we trust them!" should satisfy the needs of a large corporation :)

      • by hairyfeet (841228)
        That is why they make wonderful little FOSS programs like keypass [keepass.info] my friend. The only thing the "bad admin" is gonna get is the single password for the single site he/she has access to, nothing more. Put in on a thumbstick and you are good to go, and even if someone gets it thanks to AES good luck getting your passwords out of it.
    • by Bronster (13157) <slashdot@brong.net> on Sunday March 07, 2010 @10:12PM (#31396384) Homepage

      Facebook also had a thing "give us your gmail or hotmail password and we'll log in and retrieve your contact email addresses and offer you to add them as friends if they have a Facebook account already" - presumably they stored those passwords as well.

      • by Anonymous Coward on Sunday March 07, 2010 @10:48PM (#31396668)

        Facebook also had a thing "give us your gmail or hotmail password and we'll log in and retrieve your contact email addresses and offer you to add them as friends if they have a Facebook account already" - presumably they stored those passwords as well.

        And I had a thing, "Anyone who asks for your password is lying. Don't give it to them. And if they say they really need it, don't do business with them."

        Of course, it was 1989. But the neckbeard taught me right.

      • by Like2Byte (542992) <Like2Byte.yahoo@com> on Sunday March 07, 2010 @11:25PM (#31396926) Homepage

        Yeah, Linkedin.com also asks for passwords to your multiple email accounts to scan them for contacts. Wow. What a gold mine that could be. If there's an email addy that they don't know or a name they don't recognize, they could start spamming them for registrations and, potentially, saying a friend or colleague provided your email address to us thinking you might be interested in joining our social club....

      • by chimpo13 (471212)

        I don't think they stored the passwords (even so I changed my password after letting fb have it), but I'm pretty sure they keep track of everyone you have emailed. I started a work email and it suggested most of the same friends. Even though it was in a different country with a slightly different name. Unless of course, they figured someone with the rare last name of "Smith" must know all the same people.

      • by mirix (1649853)

        I'm still stunned that people would actually give out their passwords.

    • by MikeUW (999162)

      So what you're saying is that you use the same password for everything else? I guess that means whoever guesses your email password now also has your online banking password...but whew, your Facebook account is safe. :)

  • Stupid Users (Score:3, Informative)

    by muphin (842524) on Sunday March 07, 2010 @09:44PM (#31396168) Homepage
    using the same password for their email account as they do with their social networking sites then people should expect to be compromised.

    I suggest you use 4 types of passwords, one for accounts that wouldnt effect u much, one for email, one for social sites and IM, and one for bank accounts; with none of the passwords having anything to do with each other, e.g redball, orangeball,greenball... or whiteball, soccer, redflag ... as this limits the guess work.
    this "hack" was probably just stupid curiosity which will probably get him arrested, and once that happens he will loose a lot of control of the company.
    • Re:Stupid Users (Score:5, Insightful)

      by Torodung (31985) on Sunday March 07, 2010 @09:50PM (#31396220) Journal

      Actually, Facebook directly asks you for your email password so it can "Automatically connect you to others" through your ISP information (phonebook, etc.). They get quite clever with it, even using the ISP's logo, making it seem like it is an official service of the ISP.

      This goes a bit beyond, "stupid." This is a confidence scam.

      --
      Toro

    • Re:Stupid Users (Score:5, Informative)

      by quantaman (517394) on Sunday March 07, 2010 @10:32PM (#31396550)

      using the same password for their email account as they do with their social networking sites then people should expect to be compromised.

      I suggest you use 4 types of passwords, one for accounts that wouldnt effect u much, one for email, one for social sites and IM, and one for bank accounts; with none of the passwords having anything to do with each other, e.g redball, orangeball,greenball... or whiteball, soccer, redflag ... as this limits the guess work.

      Supposedly they did,

      "Here's how Mark described his hack to a friend:

      Mark used his site, TheFacebook.com, to look up members of the site who identified themselves as members of the Crimson. Then he examined a log of failed logins to see if any of the Crimson members had ever entered an incorrect password into TheFacebook.com. If the cases in which they had entered failed logins, Mark tried to use them to access the Crimson members' Harvard email accounts. He successfully accessed two of them."

      this "hack" was probably just stupid curiosity which will probably get him arrested, and once that happens he will loose a lot of control of the company.

      I have no idea whether this stuff it true or provable, but if the article is accurate this wasn't curiosity. This was some seriously immoral/dishonest stuff.

      • Re:Stupid Users (Score:5, Interesting)

        by Culture20 (968837) on Sunday March 07, 2010 @11:36PM (#31396992)

        Mark used his site, TheFacebook.com, to look up members of the site who identified themselves as members of the Crimson. Then he examined a log of failed logins to see if any of the Crimson members had ever entered an incorrect password into TheFacebook.com. If the cases in which they had entered failed logins, Mark tried to use them to access the Crimson members' Harvard email accounts. He successfully accessed two of them.

        This is why I always have an "OH &*#$#^!" moment whenever I accidentally enter the wrong password into the wrong form. It's a mad rush to change the password to whatever service/server the password really belongs to. Thankfully, it's usually different usernames...

        • by butlerm (3112)

          If HTTP was designed correctly, web sites would never have a copy of a password you typed into a password entry field, ever. Secure hashing would be trivial, for example, making it a practical impossibility for a web site to determine what the original password was. All that would be stored would be a hash that was only good for logging into that web site.

      • by GraZZ (9716)

        This is why SuperGenPass [supergenpass.com] is your friend. Using one (or more) master password, you quickly generate a unique password for each domain you log in to, all through a handy bookmarklet. Also there's no password storage (except an optional hash for validation), so you don't have to worry about password product XYZ being hacked.

    • Re: (Score:3, Funny)

      >one for accounts that wouldnt effect u much

      YOU are the CANCER that is KILLING the INTERNET

  • by Kartoffel (30238) on Sunday March 07, 2010 @09:52PM (#31396238)
    When you look at Facebook's dismal history of privacy policies and changes, it's really not that surprising. A person with flawed ethical standards tends to do unethical things.
    • by Hurricane78 (562437) <deleted @ s l a s h d ot.org> on Sunday March 07, 2010 @11:04PM (#31396794)

      Best comment on the story.

      While we must note, that accusations are only accusations. I could accuse you of rape right now. Wouldn’t make it a single bit more true.

      But Zuckerberg to me has no better moral standards than a criminal. You know. Like an agent of some totalitarian state. Or like someone who steals other people’s identities for a living.

      I really want Facebook to die and be replaced by a version that honors privacy. Something with an ethical code.
      Oh, even better: A P2P social network. Wouldn’t that be something?

      • by daveime (1253762)

        You want a *social* network where everything is private ?

        Something like JohnDoe917 has just added you, JaneDoe375 likes this, etc ?

        Finding friends will be a blast. Search for JohnDoe ... 7 million results, would you like to narrow your search ? Sorry, no extra criteria available, everything is private.

        It's supposed to be public that's the whole point. If you don't want it public, don't post it in the first place.

        • Re: (Score:3, Insightful)

          by daver00 (1336845)

          The point is to honour what the user wishes to be private. Facebook lured people in by saying everything you post is private if you wish it to be, or only available for your friends to view. But then it became obvious how much money could be made by targeted advertising if this were not the case, and suddenly the rules changed mid game.

        • Re: (Score:3, Insightful)

          by digitalchinky (650880)

          WTF is wrong with having some information public, some information accessible to your friends, other information only for your family, etc. The parent said nothing at all about wanting a social network that is entirely private. He wants a social network that honors its privacy protocols and access controls. For the duration. Is that too much to ask? Apparently you are incapable of comprehending there might just be an option B somewhere between A and C.

          Since when did social networks have to be everything or

      • Re: (Score:3, Interesting)

        by Pecisk (688001)

        About P2P social network - XMPP aka Jabber just allows that :)

    • by TubeSteak (669689)

      A person with flawed ethical standards tends to do unethical things.

      Gross abuse and misuse of electronic communication has been a staple of Government and Corporations for the better part of 170 years, starting with the telegraph system.

      The only difference between then and now is that communications channels have become decentralized.
      The ability and desire to tap into those systems still exists and has never gone away.

    • Re: (Score:3, Interesting)

      by Dracos (107777)

      A person with flawed ethical standards tends to do unethical things.

      They also tend to gather people around them who have similar ethics. For everything he has done, who knows what his employees have done, either independently or at his request.

    • by im_thatoneguy (819432) on Monday March 08, 2010 @01:15AM (#31397546)

      And that's not even mentioning the history of accusations against Zuckerberg for questionably ethical behavior:

      http://www.rollingstone.com/news/story/21129674/the_battle_for_facebook [rollingstone.com]

    • by RobVB (1566105)

      Exactly. I laughed when I read this:

      The CEO of the world's most successful social networking website was accused of at least two breaches of privacy.

      I'd find it strange if he hadn't committed more breaches of privacy than you can count on two hands, even when counting in binary. But then again, maybe we should just listen to what he said earlier:

      After all, how can you breach something that no longer exists? And if that doesn't work, who said anything about doing no evil?

  • Breach of privacy (Score:5, Insightful)

    by SilverHatHacker (1381259) on Sunday March 07, 2010 @09:56PM (#31396278)
    Kinda puts his comments that "No one has any reasonable expectation of privacy anymore" into a whole new light, doesn't it?
    • Nah. Same old light. I kinda expected him to do even worse things.

      And that’s why I am very cautious, since all that happened, is somebody accusing him. It’s illegal to leave out the “accused” (e.g. in newspapers) in Germany for a very good reason.

      Let’s see how it turns out in court.
      It could just still also be a competitor who tries not-so-nice methods to get some of Facebook’s user share.

      • Re: (Score:3, Insightful)

        Very true; let's be careful not to forget he is innocent until proven guilty, regardless of how likely this may seem given his recent words and actions.
  • What else? (Score:3, Funny)

    by spruce (454842) on Sunday March 07, 2010 @10:04PM (#31396324) Journal

    Did he offer to buy the Caprica Bucs as well?

  • by IonOtter (629215) on Sunday March 07, 2010 @10:05PM (#31396338) Homepage

    A friend once made the observation that no big-time, fast-track success story in the world of IT ever makes it without doing something that gets them into serious hot water at least once. Once they do that, they offer a bunch of mea culpas, make a few donations here and there, then make bank. (The slow-track success stories don't usually fit that theory.)

    This is a bit different, seeing as he's already made bank, and it's a skeleton coming out of the closet, but I still think he'll get off easy.

    Remember, it's not how much justice you can get, it's how much you can afford.

    • by phantomfive (622387) on Sunday March 07, 2010 @10:41PM (#31396620) Journal
      In fairness, in the corporate world there are so many pitfalls that it's essentially impossible to navigate through them all without a strong team of lawyers and accountants.

      Laws in America are so complex and vague that the average american commits three felonies a day [wsj.com]. The same difficulties apply to companies. Even something as straightforward as paying a CEO takes legal specialists dedicated to that specific area of law. Even think of the difficulties of complying with Sarbanes Oxley from an IT perspective. It takes time to set up all the infrastructure, and if you were a startup, you may not even have had a dedicated sys admin. Then suddenly you have all these regulations you have to comply with.

      Not that I'm trying to excuse Zuckerberg. If he was stealing other people's emails, he should go to jail, a much better candidate for jailtime than Terry Childs.
  • by xlsior (524145) on Sunday March 07, 2010 @10:11PM (#31396378) Homepage
    He isn't exactly known to believe in privacy in the first place, after all:

    http://www.guardian.co.uk/technology/2010/jan/11/facebook-privacy [guardian.co.uk]
    The rise of social networking online means that people no longer have an expectation of privacy, according to Facebook founder Mark Zuckerberg.
    Talking at the Crunchie awards in San Francisco this weekend, the 25-year-old chief executive of the world's most popular social network said that privacy was no longer a "social norm".
  • Wasnt Mark (Score:3, Interesting)

    by gmuslera (3436) on Sunday March 07, 2010 @10:13PM (#31396398) Homepage Journal
    Was Chuck Norris [slashdot.org]
  • n00bsauce (Score:4, Interesting)

    by cosm (1072588) <thecosm3@gmail . c om> on Sunday March 07, 2010 @10:13PM (#31396406)
    The hilarity would be if his tracks could be traced down through their own system's perverse logging, maybe then would he regret his company's policy of practically 100% data retention. Pwned Mark Fuckerberg. Pwned.
  • The CEO of the world's most successful social networking website was accused of at least two breaches of privacy.

    In related news, something about hacking some email accounts as well.

  • by obarthelemy (160321) on Sunday March 07, 2010 @10:24PM (#31396490)

    The issue is my ASS: Availability, Safety, Security.

    I want my apps and data to be accessible at all times. Even when I'm off-line, or they are, or somethings dies in-between.

    I want my data to be safe, which means off-site, off-line backups.

    I want my data to be secure, which means no hacking. For every high-visibility CEO that gets caught, how many 3rd-world subcontractors' trainees don't ?

  • More to come (Score:2, Insightful)

    by oldhack (1037484)

    Expect a lot more of these stuff.

    The people who start social networks are a different breed than those that cooked up tech startups of past decades.

  • Well Duh! (Score:2, Funny)

    by coaxial (28297)

    And this is why don't provide any site any more information that the bare minimum that it needs.

    Nah. Facebook is a scam.

    Now excuse me, I've got to update my status.

  • i wouldn't entrust my passwords to a third party website, but if i had to do it, i guess i would have to change my password temporary, let the third party site access my account with the temporary password, and then change it back. but i've always felt very awkward that facebook is one website. Is it possible to make a distributed/cloud version of it using some form of client-side decryption, so that nobody "owns" any of the information in its entirety?
  • ...to avoid using Facebook.
  • no surprise (Score:2, Interesting)

    by Anonymous Coward
    Anyone familiar with the mechanics of Facebook's rise to prominence should not be surprised at the alleged ethical and legal violations. Zuckerberg et al. hacked and social engineered their way into dozens of college freshman admit lists so they could be the first to get new students online. This is not speculation. The "virality" of early facebook was not viral at all, it was good old fashioned spam to ill-gotten mailing lists.
  • by Jeian (409916) on Sunday March 07, 2010 @11:02PM (#31396776)

    It took me about 10 minutes to skim through the backstory, but it's pretty sparse on the details and supporting evidence.

    "Instead, he decided to access the email accounts of Crimson editors and review their emails. How did he do this? Here's how Mark described his hack to a friend:"

    Oh, a friend said Mark said... right.

    "Nevertheless, during 2004, Mark Zuckerberg still appeared to be obsessed with ConnectU. Specifically, he appears to have hacked into ConnectU's site and made changes to multiple user profiles, including Cameron Winklevoss's."

    "At one point, Mark appears to have exploited a flaw in ConnectU's account verification process to create a fake Cameron Winklevoss account with a fake Harvard.edu email address."

    It "appeared" that way? According to whom, and based on what?

    Seriously, the whole article is a long string of "it looks like" and "he said she said Mark said" with nothing to back any of it up.

  • by Anonymous Coward on Sunday March 07, 2010 @11:04PM (#31396804)
    This doesn't surprise me, only confirms what I've thought about Zuckerberg.

    1) I believe he stole Facebook from the ConnectU founders. I believe the assertions that he was hired as a developer and dragged his feet while forming his own company which eventually became Facebook.

    2) I believe he has no scruples when it comes to Facebook users' data. He has publicly stated that he knows what's best for "his" users and this arrogance shines through every time the UI is abruptly changed.

    3) I believe he will do whatever he pleases with users' information. I don't think that privacy laws provide guidance to him but instead are constraints that he will bypass given any opportunity.

    I'm pleased to see that he is being publicly exposed - I doubt anything will come of it - but am glad for him to be seen as he truly is, an arrogant and unscrupulous bad person. This latest revelation may finally send him where he belongs . . .

    banking.
    • For /. users that don't know #1 is proven. This investigation brought some logs to light. Mark is quoted as saying he will "fuck them in the ear" referring to him screwing over ConnectU. And quotes about him slowing them down and fucking them over.
  • At least he wasn't having sex.

It is impossible to travel faster than light, and certainly not desirable, as one's hat keeps blowing off. -- Woody Allen

Working...