A student who infiltrated Facebook in what prosecutors called “the most extensive and flagrant” case of social media hacking ever heard in a British court was jailed for eight months on Friday.
Glenn Mangham, 26, admitted hacking into the website from his bedroom in Yorkshire, between April and May last year.
“This was the most extensive and flagrant incidence of social media hacking to be brought before British courts,” said Alison Saunders of the Crown Prosecution Service.
Mangham, a software development student, claimed he had been trying to expose weaknesses in Facebook’s security and was not driven by financial motives.
“It was to identify vulnerabilities in the system so I could compile a report that I could then bundle over to Facebook,” he told Southwark Crown Court in London.
He then planned to “show them what was wrong with their system,” he said, claiming he had previously performed the same routine with US Internet giant Yahoo!.
The judge accepted that Mangham had not intended to pass on any information gained through the hacking or to make money from it, but said the consequences of the security breach could have been “utterly disastrous” for Facebook.
“This was not just a bit of harmless experimentation,” said judge Alistair McCreath. “You accessed the very heart of the system of an international business of massive size.”
“You and others who are tempted to act as you did really must understand how serious this is,” he added.
Mangham, described by his lawyer as an “ethical hacker”, had broken into into the account of a Facebook staff member and obtained restricted internal data while the employee was on holiday.
He tried to delete the electronic traces, but Facebook detected the security breach and on June 2 his house was raided by US agents from the FBI.
Facebook spent £126,400 dealing with the crime, which triggered a coordinated investigation by the FBI and British authorities.
Facebook thanked London’s Metropolitan Police and the Crown Prosecution Service for their work on the case, which they stressed had not compromised personal user data.
“We take any attempt to gain unauthorised access to our network very seriously,” said a spokesman for the website. “We work closely with law enforcement authorities to ensure that offenders are brought to justice.”