Yesterday, Facebook CEO Mark Zuckerberg had his fan page hacked. The virtual intruders posted the message you see at right, which reads,

Let the hacking begin: If facebook needs money, instead of going to the banks, why doesn’t Facebook let its users invest in Facebook in a social way? Why not transform Facebook into a ‘social business’ the way Nobel Price winner Muhammad Yunus described it? http://bit.ly/fs6rT3 What do you think? #hackercup201

The message was removed fairly quickly (by taking down the page), but not before it received some 1800 “likes” from Zuckerberg fans. Facebook still hasn’t commented on the incident.

I do want to remind people not to panic. As much as it looks like Facebook is insecure, this was a targeted attack against a high-profile page. It’s pretty unlikely someone would be hacking your personal Facebook page just to find out where you went to highschool.

Via: TechCrunch

This isn’t quite as bad as it seems, but it does give you a sense of what’s possible with all of the data on Facebook. A hacker named Ron Bowes from Skull Security wrote a crawler to compile data from all the publicly available pages on Facebook. Publicly available – that’s important.

It’s also important, though, that such a crawler could be written to grab that kind of data. Though you could just as easily search for these people and get their info, I’m not entirely comfortable with the idea that a bot could be written to compile the same. Facebook security remains a shifting target – for most people, there’s not a lot on Facebook they don’t want people to see. As Facebook continues to grow and expand its profitable operations, there could potentially be more and more truly personal data involved. In fact, that’s how Zuckerberg would prefer things. That’s why this is important.

I’ve been thinking about kicking Facebook for a while, and every time I get a story like this, even as unalarming and completely benign as this story is, it points to the ongoing lack of attention and concern it seems Facebook gives to user data.

I saw this post at TechCrunch and just had to pass it along. I often wonder where people like Facebook’s Mark Zuckerberg get their start. Were they just born to be badass coders or was their some kind of natural progression toward their newfound demigod status. It turns out the second is true, for Zuckerberg at least.

A TechCrunch reader who was also one of Zuckerberg’s classmates at Exeter offered up a site that Mark had written back in 2001 when he was just 16 years old. It’s…terrible. Awful. Even in 2001 it would have been way behind its time.

Check out the full post over on TechCrunch.

This weekend Zuckerberg sat down with Michael Arrington to talk Facebook privacy. I found Zuckerberg’s comments pretty disconcerting, even more so today after an anonymous employee gave an interview to The Rumpus.

The most interesting was when the employee admitted to a master password for every account, one that used to be ‘Chuck Norris’ spelled with letters, numbers, and symbols. Now, the password only worked from inside Facebook offices, but I can’t imagine a scenario under which an employee would need to actually log in to the site as anyone else. Wouldn’t there be internal diagnostic tools for viewing that information? A database viewer perhaps?

There’s also the fact that Facebook logs all of the information pertaining to your usage. That allows it to implement handy features like remembering whose site you visit most so it appears at the top of your searches. But that’s not all that gets logged. There’s also all of the information you’ve ever entered, including the stuff that you’ve deleted.

I hate to sound like a fear monger, but I think it’s important for people to be aware of how much information is held on Facebook’s servers and how many people have access to that information. It’s more than I thought, on both accounts.

I logged into Facebook last month probably three times, for all of which I was greeted by a screen that warned of new privacy settings. I ignored the messages and went about my usual routine, rejecting friend requests from the high school acquaintances and responding to week-old messages. Then the changes showed up in all the blogs I read and I went back to look over them. It was a serious shift and, as you probably know, a move away from the privacy we’ve all held so dear (or learned to guard after pictures show up).

The weird thing is, Facebook was built on giving users more privacy, not less. It was one of the major differentiators between Facebook and MySpace, the feature most people point to when they talk about why the former is so successful compared to its counterpart. Zuckerberg talked about the change this weekend with Michael Arrington. His reasons for the change are surprising, and a little disconcerting when you realize he’s helping direct the policy changes.

Here’s a quote that might scare you: “We view it as our role in the system to constantly be innovating and be updating what our system is to reflect what the current social norms are.” Here’s some news, Mark, you are the social norm. If anything, Facebook is setting trends offline, not vice versa, and that will only continue as more people come to the site.

Here’s another one:

“A lot of companies would be trapped by the conventions and their legacies of what they’ve built, doing a privacy change – doing a privacy change for 350 million users is not the kind of thing that a lot of companies would do. But we viewed that as a really important thing, to always keep a beginner’s mind and what would we do if we were starting the company now and we decided that these would be the social norms now and we just went for it.”

You know there are few things I want to hear less than “we just went for it” when it comes to information privacy. I can respect the philosophy behind the “beginner’s mind” strategy, but you also have to realize your multi-billion dollar valuation and the fact that you have permanently impacted the direction of the entire internet. That’s not the type of situation to just go for it because that’s what beginners might do.

If anything, the most recent changes to Facebook’s privacy settings have made me a much more discerning Facebook user. I’m much less prone to add people simply because I haven’t talked to them in a while. Honestly, I’m much less likely to keep my profile public for much longer. Sure, it can be a great way to stay in touch, but if it’s at the expense of making more and more of what I consider private information public, I’m more than willing to delete the account.