Jail for ‘ethical’ hacker who bypassed Facebook security from his bedroom

Graham Cluley
Graham Cluley
@[email protected]

Glenn Steven ManghamA British student who breached security at Facebook last year has been sentenced to eight months in jail, despite arguing that his intentions were not malicious.

Glenn Mangham, who had previously been rewarded by Yahoo for finding vulnerabilities in its systems, unlawfully accessed and hacked into Facebook’s computer systems between April and May last year from his bedroom in York.

Specifically, Mangham breached a webserver used by Facebook to set puzzles to software engineers who might be interested in working for the social network.

Facebook software engineering puzzle website

Sign up to our free newsletter.
Security news, advice, and tips.

Mangham then gained access to the account of Facebook employee Stefan Parker, and used the staff member’s privileges to access Facebook’s Mailman server (used to run internal and external email lists), and the Facebook Phabricator server used by internal developers.

Prosecutors claimed that Facebook spent US $200,000 (£126,400) dealing with the aftermath of Mangham’s hack, which prompted a “concerted, time-consuming and costly investigation” by the FBI and British law enforcement.

Mangham’s defence team argued that he was an “ethical” or “white-hat” hacker, whose intentions – rather than being malicious – were to uncover security vulnerabilities at Facebook with the intention of getting them fixed.

Southwark Crown Court heard that Mangham thought Facebook would respond positively to having its security flaws brought to its attention. The York student explained:

"It was to identify vulnerabilities in the system so I could compile a report for lack of a better word that I could then bundle off to Facebook and show them what was wrong with their systems."

Judge Alistair McCreath, however, showed little sympathy for the argument that Mangham was attempting to uncover security holes:

"This was not just a bit of harmless experimentation - you accessed the very heart of the system of an international business of massive size."

"This was not just fiddling about in the business records of some tiny business of no great importance and you acquired a great deal of sensitive and confidential information to which you were simply not entitled... Potentially what you did could have been utterly disastrous to Facebook."

Others who are interested in uncovering security holes in Facebook’s systems might be wise to take heed of Mangham’s story. If you illegally access Facebook’s computers while investigating a potential vulnerability, the social network may take a very dim view of your actions.

According to a Daily Mail report, Mangham is believed to have Asperger’s Sydrome, which puts him in common with other notable hackers who have wrestled with law enforcement.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.