14 DAY TRIAL // Mark Zuckerberg's official Facebook page was taken offline after a hacker hijacked it and posted a message to his 2.8 million fans.
The rogue update posted on the page read: "Let the hacking begin: If facebook needs money, instead of going to the banks, why doesn’t Facebook let its users invest in Facebook in a social way?
"Why not transform Facebook into a ‘social business’ the way Nobel Price winner Muhammad Yunus described it? http://bit.ly/fs6rT3 What do you think? #hackercup2011"
The bit.ly link led to the Wikipedia entry about "social business," a business model where a company's revenue is re-invested to achieve a social objective, instead of personal gain for investors.
The fake Zuckerberg post managed to gather over 1,800 likes and 500 comments before being shut down by Facebook's staff.
There is currently no information on how the compromise actually happened and the company might never reveal such details.
Possible scenarios include password guessing, phishing, credentials theft via computer infection, but regardless of the method used, the incident is quite embarrassing for Zuckerberg and the people tasked with maintaining his page.
Paul Ducklin, Sophos's head of technology for the Asia Pacific region, explains that when it comes to celebrity accounts managed by marketing teams, the risks of compromise are higher.
"In the absence of any sort of two-factor authentication, an account which can be accessed by many different users with many different passwords is at greater risk than an account used by just one person," the security expert writes.
But Zuckerberg is not alone in this type of security breach. Just this Sunday, the Facebook fan page of French President Nicolas Sarkozy was hijacked by a hacker who used it to announce his retirement. Mr. Sarkozy later said the attack reminded him that no system is foolproof.