Facebook IPO Exposes Hacking And Spamming Business Risks

Facebook identified hacking and spam as ongoing issues to comply with US regulations on disclosing IPO-related security issues

Facebook outlined some of the security risks and compliance issues the company faces on the social networking platform and related services that could impact its operations in IPO-related documents filed with the Securities Exchange Commission (SEC).

After months of intense speculation, Facebook filed S-1 documents with the SEC to raise a maximum of $5 billion (£3.2bn) for its initial public offering. The company plans to trade under the ticker symbol “FB”, according to the documents.

Credible threats

Facebook identified malicious cyber-activity, which included malware, viruses, spam, phishing and hacking, as being harmful to the business in the section “Risks Related to our Business and Industry” in the S-1 filing. These types of attacks have become “more prevalent” and have already occurred on company systems in the past and may occur again in the future, Facebook wrote.

“Because of our prominence, we believe that we are a particularly attractive target for such attacks,” Facebook wrote.

While it was difficult to quantify what harm would directly result from these malicious activities, “any failure to maintain performance, reliability, security and availability of our products and technical infrastructure” may harm the company’s reputation and its ability to retain users and attract new ones, according to the S-1 filing.

Late last year, scammers tricked users into cutting-and-pasting malicious Javascript code into their browsers, which caused a number of violent and explicit images to be plastered all over the social networking site. Many angry users threatened to quit the site because of the offensive nature of those images.

Aside from affecting user experience, spam also poses some problems for Facebook. Spammers using Facebook to send unwanted messages can “annoy” users and make Facebook seem “less user-friendly”. While the company has put tools and technologies in place to control spam, “we cannot be certain that the technologies and employees that we have to attempt to defeat spamming attacks will be able to eliminate all spam messages from being sent on our platform”, according to the document.

Payment transactions on the Facebook Platform could result in some compliance challenges for the company, according to the filing. Since users purchase virtual and digital goods from game developers using the Payments infrastructure, Facebook will need to examine laws and regulations in the United States, Europe “and elsewhere” governing how funds are transferred and data stored. Facebook expects its Payments platform to evolve over time.

“Our efforts to comply with these laws and regulations could be costly and result in diversion of management time and effort and may still not guarantee compliance,” according to the document.

The SEC issued guidelines back in October that companies should report cyber-incidents and other issues that could have an adverse effect on their finances or operations as part of the documents filed with the regulatory body. While it was just a guidance and not a requirement, it appears that Facebook is taking that step to disclose the risks.

IPO phishing attacks

While Facebook worried over the potential threats to its platform, security experts warned about scammers taking advantage of the IPO-frenzy to swindle users out of real money.

“With an IPO as hyped and widely anticipated as Facebook’s there are bound to be some bad eggs trying to take advantage of the situation,” Graham Cluley, senior technology consultant at Sophos, wrote on the Naked Security blog.

Facebook IPO-related scams will not be new, as the Financial Industry Regulatory Authority issued an alert back in March last year after seeing some scams. “While most pre-IPO offerings are legitimate, some are frauds in which con artists sell shares they do not actually have,” according to the FINRA statement.

Scammers may take advantage of Facebook users interested in the IPO by tricking them into clicking on links or joining pages claiming to offer free Facebook stock, Cluley said.

On the other hand, Facebook finally going public means the company would have to become more transparent about what it is doing with user data. The “smart money” says privacy, security and data ownership are the big winners of the Facebook IPO, predicted Jay Garmon, marketing director at Backupify, on the company blog. It would also have to be careful about not running afoul of the Federal Trade Commission’s consumer protection rules, Garmon said.

“Look no further than Google’s recent mini-dust-up over its unified privacy policy – and the Congressional oversight thereof – to see the level Facebook is playing at now,” Garmon wrote.