You can’t always judge a Facebook post by its number of likes.
That’s one of the takeaways from a new study (PDF) documenting a security loophole that allowed at least a million Facebook accounts — some real, some fake — to generate more than 100 million “likes” and comments as part of so-called “collusion networks.”
As reported by CBS News, researchers from the University of Iowa and Lahore University of Management in Pakistan uncovered “a thriving ecosystem of large-scale reputation manipulation services that leverage the principle of collusion.”
The research was published Wednesday and will be formally presented at the Association for Computing Machinery Internet Measurement Conference on Nov. 1.
The research team found more than 50 sites offering free, fake “likes” for users’ posts in exchange for access to their accounts.
The collusion networks exploit OAuth code, which lets third-party apps like iMovie and Spotify access users’ Facebook accounts.
Of course, the more likes a post gets, the more it gets pushed up in other people’s feeds, ultimately bolstering attention to it and its influence. Authenticity has been a major issue for Facebook, which just Wednesday said itduring the election. It’s also been working to combat fake news on the site and last month said it’s from advertising on Facebook.
Facebook, in a statement Friday, said it’s blocked “the activity described in this research” and isn’t seeing it anymore on the site.
“Meanwhile, we are investigating different techniques that could be used to generate inauthentic ‘likes’ in smaller volumes,” the statement read.
On Thursday night, however, CBS News was able to enroll a fake Facebook account into a collusion network, granting it OAuth privileges through Apple’s iMovie app. CBS News “watched as, within minutes, two posts from the brand new account gained dozens of likes,” it said.
The Smartest Stuff: Innovators are thinking up new ways to make you, and the things around you, smarter.
iHate: CNET looks at how intolerance is taking over the internet.