Facebook spammer ordered to pay millions in damages

A Facebook spammer has been ordered to pay $873 million (579 million) in damages for sending users millions of unwanted messages.

Director of security Max Kelly revealed on the Facebook blog that after a San Jose court proceeding lasting four months, a judge awarded the damages against Adam Guerbuez and Atlantis Blue Capital.

It was the largest award made to date under the Controlling the Assault of Non-Solicited Pornography and Marketing Act' (CAN-SPAM). According to reports, Guerbuez tricked users into revealing passwords and usernames, using the information to gain access to their personal profiles.

Facebook alleged that he sent out more than four million messages. Kelly said that it was unlikely that Guerbuez and Atlantis Blue Capital could ever honour the judgement and pay the fine, but that the award acted as a deterrent to anybody who abused Facebook and its users.

Kelly said: "The judgement is a result of the tireless effort of our security experts, legal team and the other significant resources we've devoted to finding, exposing and prosecuting the sources of spam attacks.

"These efforts complement the sophisticated technical systems we continue to develop to limit the impact of these attacks or block them together.

Carole Theriault of Sophos warned that spam via social networks like Facebook was only possible about protecting their usernames and passwords. Phishing attacks which had previously been largely targeted at online bank customers were now being targeted at the users of these websites.

She said: "Hackers are keen to steal the usernames and passwords of Facebook users as it makes it easier for them to spam out convincing messages to a victim's circle of friends.

"You should not only choose a complex hard-to-guess password for these sites, but also defend your computer with up-to-date anti-virus software and security patches."