SF Bay Area Indymedia indymedia
About Contact Subscribe Calendar Publish Print Donate

U.S. | Indymedia

Can we trust Facebook? In 2004 founder Mark Zuckerberg used TheFacebook to steal passwords
by can't truss it
Saturday Mar 13th, 2010 2:47 AM
Ben Edelman: "No one expects a web site to retain a mistyped password, and certainly no one expects a site admin to use that password to access a user's account on another site." Yet Zuckerberg was recording such mistypes from the very beginning of "TheFacebook" and he followed through by using them. Zuckerberg apparently will abuse whatever power and access he has, however it suits his purposes, if he thinks he can get away with it.

Mark Zuckerberg's 2004 Email Break-In Could Be A Felony

Nicholas Carlson | Mar. 11, 2010, 3:05 PM

Mark Zuckerberg's hacking of email accounts and user profiles in 2004 could be felonies under Federal and state law, according to privacy lawyers.

As we described last week, Mark used login data of early Facebook members to break in to the private email accounts of two Harvard Crimson editors. He also broke into the systems of competitor ConnectU and changed user profiles, also according to IMs.

Mark now oversees private data of 400 million people as the CEO of Facebook. Questions have been raised about whether this 2004 behavior violated laws and whether users can trust the company to keep their information from being misused.

We reported the details of these hacks last Friday. Here's a quick recap:

* In May 2004, as a sophomore at Harvard, Mark Zuckerberg learned that the Harvard Crimson was working on a story about the founding of TheFacebook.com, a site Mark had launched three months earlier that evolved into Facebook. Mark searched the site to find users who identified themselves as members of the Crimson's staff. Having located several accounts, Mark then scanned a log of failed logins, which members had entered while logging on to the site. Figuring that Facebook users might have accidentally entered the passwords to other services, such as email accounts, Mark tried the failed logins of these Harvard Crimson staffers on their email accounts. In this way, Mark successfully accessed the private email accounts of at least two Crimson staffers and read at least 11 emails, according to the IMs we viewed.

* Also in 2004, Mark Zuckerberg hacked into the systems of a rival social network for college students, ConnectU, and deactivated some accounts.

Since first reporting these hacks last week, we asked Electronic Frontier Foundation's top privacy lawyer, Kevin Bankston, about the legality of such behavior. Bankston says it could have violated laws:

"An email break-in like the one that's been alleged would likely violate the federal criminal statutes that regulate electronic privacy and prohibit computer fraud, and depending on the hacker's motives could even rise to the level of a felony punishable by up to five years in prison."

read more: