My Facebook account was hacked yesterday. Someone got into my account and started chatting with my friends who were online. Not idle chitchat. More like this:
I’m in London. I just got mugged and I need you to wire me $5000 immediately.
When I logged in, the hacker was talking to 3 of my friends at once and making up all kinds of stories.
Fortunately, I have savvy friends! They didn’t buy it. Two of my friends even called me on the phone to let me know immediately. Those are true friends! One of them even tried to string the hacker along and keep him on the chat until she got a hold of me.
Here’s what I have since learned from one person or another.
1. These hackers don’t guess your password. You either absent-mindedly gave it to them or they have super-genius programs for hacking.
2. Still, it doesn’t hurt to have stronger passwords.
3. Change your passwords regularly–especially for highly trafficked sites that have lots of your personal information like Facebook.
4. Don’t use the same password for your social networking sites and for Pete’s sake, don’t use the same password for lesser sites as you do for your bank accounts!
5. If someone hacks into your Facebook account, don’t let them know that you’re onto them UNTIL you have time to go in and reset your password. This was an error I made. The hackers could have reset my password and then I never would have been able to get in. Luckily, I changed my password within seconds of interrupting their conversations with my friends.
I certainly don’t consider myself an expert in online security. I’m sure there’s lots more advice for this issue, so please leave yours in a comment.
Here are some other things you need to know.
- I never use the Chat function on Facebook, so if someone is chatting with you that professes to be me, be suspicious. Be extra leery of that person (me or anyone else) asks you for money.
- I would never ask you for money. Unless you're family or you owe me, consider your pockets safe.
UPDATE #1: 7/31 afternoon
Just got this email from Facebook:
Our systems indicate that your Facebook account has been compromised by cybercriminals attempting to impersonate you. These criminals often will try to trick your friends into sending them money by claiming that you are stuck in a far away location and need assistance. It is possible that your email account was compromised as well. As such, we have sent this email to all email accounts recently associated with your account. Obtaining access to a victim's email is one of the primary ways these cybercriminals have been operating. Please change the passwords to any email addresses associated with your account.
Once you regain control of your Facebook account, be sure to verify that you control all of the email addresses associated with your account on the Contact Email section at: https://register.facebook.com/editaccount.php
We strongly recommend that you select a new, unique password for any email address associated with your Facebook account. You should make sure to avoid using the same password for multiple sites. We also encourage you to visit the following page for more information about Facebook security and how to report suspicious material: http://www.facebook.com/security
I have now changed the passwords for my email accounts, but I would never click on a link like those above and enter a password. Instead, I would retype the URL just in case the link sends me to a nefarious site trying to nab my password.
UPDATE #2: 8/3 afternoon
At the end of that email that Facebook sent on Friday was a request to respond to the email so they could make sure everything was okay. Because I didn't read every single word, I missed that!
I think because I didn't respond, the Facebook Security Team grew worried and disabled the account so the hacker couldn't get into it. (This is good.)
When I finally responded to their email (today), they reset my password quite quickly and sent me a new one. I'm very pleased with their response.
I'm officially back on the Book of Faces (as Dean McCready put it).
Lesson: Read your emails carefully before you panic.
9 thoughts on “Reset your passwords regularly”
I consider myself to be pretty tech-savvy and yet I fell for the TwitViewer scam from earlier this week. You never know how you’ll get caught, so always be protective of your personal information and passwords.
Tip #5 is right on – keep your awareness under wraps until you’ve changed all of your passwords.
Thanks for sharing this! I use Roboform, an easy downloadable app that will store all your passwords and you need only memorize one password to open the “vault.” Better, it will generate random passwords of letters and numbers. An IT person at my bank recommended it. I’m sure there are other apps out there as well. Glad you acted so fast and smart!
There is also something to be said about how to remember all these numbers and letters. Good thing is instead of random things to come up with something that looks random – example – I like to eat donuts = “I” LK 2 8 donuts = iLK28donuts
hard to guess for a hacker.
Oh my goodness. Thank heavens your friends were onto it. I use a different password for my bank account, but am not careful enough with the others. So my job tomorrow night is, yep, get into action and reset some of them. Thanks for the timely warning.
Pingback: Update Facebook account disabled — Art Biz Blog
Pingback: Web Security: Change your passwords frequently | The Crafted Webmaster
Well I don’t think I was hacked, but FB disabled my account on Friday, 8/14/09. I am utterly and completely shattered. I can’t get an answer or any help or a reason. I don’t know what I did wrong. i’m so sad.
Pingback: Password Hacking – Reset Your Passwords – It’s For Your Benefit
Pingback: Login Facebook Reset | Questions and Answers