On 15-Apr-09, at 7:25 AM, Suresh Ramasubramanian wrote:
This is an exception I'd say - which is why I've escalated it to him
I don't know if its a result of this, but I just got a response from Facebook Support, saying they're looking into this.
The modus operandi of the attacks suggests that Nisha's account was being used to conduct them. However, we have established that her computer was secure and her password was not stolen. She changed it several times through the period, and towards the end, asked me to change it for her, and to leave the account offline for several hours before logging in again.
Facebook allows an account to be logged in from only one location at a time. How, then, could the vandalism have been carried out even when Nisha was always in control of her account? This is the point where I suspect Facebook's security vulnerability lies.
Best, Kiran
