14 DAY TRIAL // When I said hackers like social websites, I didn't mean that they surf MySpace all day long searching for bands or who knows what. These guys are interested in the potential of these sites, in the resources they have and that the hackers could use in their criminal activity. In case you have not figured this out by now - these websites have huge databases with names and e-mail addresses, a fact which means that if they get hacked, huge spam campaigns could be launched using the acquired data.
Also, according to a recent report by security firm Symantec 61 percent of vulnerabilities studied were found in web-based applications. This study regards the first half of 2007 and comes with a little bit of a relief - progress is being made, with web-based application security. Last year, the number was 66 percent instead of 61, this year. Sure, 5 percent is not much - but it's a start.
Furthermore, these sites are not hacker priority only because they have that huge potential, but there are several other reasons. Their web 2.0 apps are sure good looking and fun, but when they thought of them, they left security last. The fact that it looks nice doesn't mean it's good too! These social security sites have plenty of holes in their security system and it's not just a poor journalist saying this - it's security giant Symantec. If you want more info on this, be my guest and take a look at this report.
But it's not only that - I think you've read news about hackers playing pretend plenty of times. Social websites are very large and you can never know who is behind a certain ID. And of course, hackers are exploiting this the best way they can, in pretending to be officials in need of data, when they're just phishing.