“Facebook’s Inner Workings Facilitate Impersonation”, “How to Impersonate the CEO of Google—Or Anyone Else—on Facebook”, and “Being Eric Schmidt (On Facebook)” are just a few of the catchy headlines a lot of tech sites all over the Internet have given to their articles to explain basically, a possible security issue the popular site TechCrunch pointed out on Sunday by creating a fake account of Google’s CEO, Eric Schmidt.
Michael Arrington, founder of TechChrunch, explained on his site that he wanted to apologize to Schmidt “for impersonating him on Facebook”.
During this past sunday, Eric Schmidt’s account was created by Arrington after he received a complaint by one reader of his site who affirmed someone had been impersonating them on Facebook based on a real e-mail account they did not any longer use. Arrington explains it was “pretty easy, too easy” to impersonate Google’s CEO. He created “a fake Facebook account for Eric Schmidt based on his real email address. I tried to do this with a few Facebook execs first but it didn’t work because the emails I have for them are already associated with their real accounts. The email address I have for Schmidt, however, isn’t associated with any Facebook account. It worked” Arrington eplains. He adds that he “could have created a fake Eric Schmidt account without using his real email. But by using that email address Facebook immediately started suggesting friends” to him.
With the fake profile, he was even able to add real profiles of people like YouTube founder Chad Hurley as well as Facebook Vice President Elliot Schrage. The problem, as Arrington summarizes it, is that “you don’t have to verify email addresses to use them with Facebook”. “As soon as the account was created I was asked to verify the email address. I ignored that and instead just turned off all email notifications. But I can still use the account to add friends, accept friend requests, like status posts, and send and receive messages. Messages occasionally pop up saying “Before you can interact with other people on Facebook, you need to confirm your email address.” But most activity isn’t restricted at all.” he explains. “The person being impersonated may see the Facebook confirmation email. But since they didn’t just create an account the obvious thing to do is to ignore that email, not to click on the link. But by ignoring it they are letting me continue to pretend to be them.” Arrington adds.
Eric Schmidt, however, took this lightly, and through his official Twitter account, he said “Happy to have Michael Arrington impersonate me on Facebook, lets see how he handles everything !”. According to Tech.Blorge.Com, “This is another example of Facebook being lax with people’s privacy and information. But this particular example has a simple solution: force everyone to verify their email address before they can do anything, and I mean anything, on Facebook.”
Facebook has already bring the fake profile down.