Sep. 7, 2012 at 2:47 PM ET
Lately some folks have been receiving emails which appear to be from their Facebook friends, but actually show an unfamiliar email address in the reply field. Turns out that the strange spam attack was related to a Facebook security hole.
According to Facebook, a "temporary misconfiguration" on the social network allowed a spammer to scrape public information from users' friend lists. This spammer used that information together with a large number of compromised email accounts to send out a wave of spam messages.
A Facebook spokesperson told NBCNews.com that the social network's engineers recently discovered this "single isolated campaign," and since then, the have enhanced their "scraping protections to protect against this and other similar attacks" as they investigate the issue further.
"To be clear, there was neither a mass compromise of Facebook accounts nor any leak of private information," the spokesperson said, and provided this statement regarding what the social network is doing to enhance security:
To help protect our users, we've built enforcement mechanisms to quickly shut down malicious Pages, accounts and applications that attempt to spread spam by deceiving users or by exploiting several well-known browser vulnerabilities. We have also enrolled those impacted by spam through checkpoints so they can remediate their accounts and learn how to better protect themselves while on Facebook.
Beyond these protections, we've put in place backend measures to reduce the rate of these attacks and will continue to iterate on our defenses to find new ways to protect people. In addition to the engineering teams that build tools to block spam we also have a dedicated enforcement team that seeks to identify those responsible for spam and works with our legal team to ensure appropriate consequences follow.
While Facebook's team may have managed to shut down a spammer's ability to scrape public information from profiles and friend lists, the spam may not stop right away. After all, thanks to this recent security hole, someone still knows which names he or she can use to trick you into thinking an email is from a pal.
Want more tech news or interesting links? You'll get plenty of both if you keep up with Rosa Golijan, the writer of this post, by following her on Twitter, subscribing to her Facebook posts, or circling her on Google+.