My Facebook account was hacked yesterday. Someone got into my account and started chatting with my friends who were online. Not idle chitchat. More like this:
I’m in London. I just got mugged and I need you to wire me $5000 immediately.
When I logged in, the hacker was talking to 3 of my friends at once and making up all kinds of stories.
Fortunately, I have savvy friends! They didn’t buy it. Two of my friends even called me on the phone to let me know immediately. Those are true friends! One of them even tried to string the hacker along and keep him on the chat until she got a hold of me.
1. These hackers don’t guess your password. You either absent-mindedly gave it to them or they have super-genius programs for hacking.
2. Still, it doesn’t hurt to have stronger passwords.
3. Change your passwords regularly–especially for highly trafficked sites that have lots of your personal information like Facebook.
4. Don’t use the same password for your social networking sites and for Pete’s sake, don’t use the same password for lesser sites as you do for your bank accounts!
5. If someone hacks into your Facebook account, don’t let them know that you’re onto them UNTIL you have time to go in and reset your password. This was an error I made. The hackers could have reset my password and then I never would have been able to get in. Luckily, I changed my password within seconds of interrupting their conversations with my friends.
I certainly don’t consider myself an expert in online security. I’m sure there’s lots more advice for this issue, so please leave yours in a comment.
Here are some other things you need to know.
- I never use the Chat function on Facebook, so if someone is chatting with you that professes to be me, be suspicious. Be extra leery of that person (me or anyone else) asks you for money.
- I would never ask you for money. Unless you're family or you owe me, consider your pockets safe.
UPDATE #1: 7/31 afternoon
Just got this email from Facebook:
Our systems indicate that your Facebook account has been compromised by cybercriminals attempting to impersonate you. These criminals often will try to trick your friends into sending them money by claiming that you are stuck in a far away location and need assistance. It is possible that your email account was compromised as well. As such, we have sent this email to all email accounts recently associated with your account. Obtaining access to a victim's email is one of the primary ways these cybercriminals have been operating. Please change the passwords to any email addresses associated with your account.
Once you regain control of your Facebook account, be sure to verify that you control all of the email addresses associated with your account on the Contact Email section at: https://register.facebook.com/editaccount.php
We strongly recommend that you select a new, unique password for any email address associated with your Facebook account. You should make sure to avoid using the same password for multiple sites. We also encourage you to visit the following page for more information about Facebook security and how to report suspicious material: http://www.facebook.com/security
I have now changed the passwords for my email accounts, but I would never click on a link like those above and enter a password. Instead, I would retype the URL just in case the link sends me to a nefarious site trying to nab my password.
UPDATE #2: 8/3 afternoon
At the end of that email that Facebook sent on Friday was a request to respond to the email so they could make sure everything was okay. Because I didn't read every single word, I missed that!
I think because I didn't respond, the Facebook Security Team grew worried and disabled the account so the hacker couldn't get into it. (This is good.)
When I finally responded to their email (today), they reset my password quite quickly and sent me a new one. I'm very pleased with their response.
I'm officially back on the Book of Faces (as Dean McCready put it).
Lesson: Read your emails carefully before you panic.