Hacking via facebook!

[Nabila-Nazem]

Hi Everyone:

Just a heads-up...my FaceBook was hacked into, and my profile is completely unavailable to me. Whoever hacked into my profile changed the login e-mail and phone numbers so that I can't identify myself to FB and restore access to my account. Please be aware of what's going on and keep tabs on what may be happening. The hacker also got into my e-mail account and changed the password and changed the password for my hosting account.

My very astute and clever webmaster not only alerted me to this, and has secured my hosting password, but did a reverse search of the IP address where the change came from: it was in Egypt. Some of my FB friends are in Egypt, as are friends of friends, and so on, and one of these people may have had their computer stolen or some other digital mishap; in any case, please take care of your online security, and please disregard anything posted on my profile!

[JeanneLF]

Errrrrk. Sorry this happened to you. Thanks for the heads-up.

[dunyah]

Where's the emoticon for SCREAM! I hate hackers. Sorry this happened to you. I heard a terrible story about a woman whose profile was hacked and they put up pornographic pictures with her face photoshopped onto them. It was horrible for her and it took a LONG time to get it resolved, with no help at all from FB! Turned out it was a prank by some high school students in another country!

I'm glad you have a good webmaster. I hope you can get this fixed soon.

[zorba]

....it took a LONG time to get it resolved, with no help at all from FB! ...

One more time, repeat after me...

[showtime]

Yet another reason I do not blog. Facebook, Twitter, etc involve too much sharing. I prefer the less-is-more approach.

[Nabila-Nazem]

I think that I'm going to have to be very calm and persistent. I have an attorney friend that I'll talk to about resolving this; I know good and well they're not going pay attention to me. There are countless stories of folks with the same or similar issues being ignored and getting nowhere, so I think I need official help here.

I know a lot of people don't like social media, but for me (and most of us in the NYC bellydance world) it's not a choice, it's an industry fact of life. It's the only way most of us communicate and it plays a big part in marketing oneself. We all collaborate on rates, standards, and other happenings this way as we almost NEVER see one another in person or talk on the phone. There is no class or nightclub that we congregate in, and in a business where so much rides on networking, reputation, and visibility, it's crucial to be connected. It's like any other social group; If all of the other monkeys are in a certain tree, then you need to be in that tree too, or you won't be recognized as a monkey and you won't get any of the fruit.

I will keep you all up-to-date on my progress in this area.

[Zumarrad]

One more time, repeat after me...

Zorba, you have a website and use email and message boards. You're at risk of being hacked, everybody is.

[*Shira*]

My very astute and clever webmaster not only alerted me to this, and has secured my hosting password, but did a reverse search of the IP address where the change came from: it was in Egypt. Some of my FB friends are in Egypt, as are friends of friends, and so on, and one of these people may have had their computer stolen or some other digital mishap; in any case, please take care of your online security, and please disregard anything posted on my profile!

I'm so sorry to hear this happened to you!

Just for curiosity's sake, do you happen to have any guesses regarding what security vulnerability they used to do this? Do you use "secure browsing" (https) when you access facebook? Did you accept an app invitation on facebook that may have exposed you? Did you have an easy-to-guess password, or did you reply to one of those "stripper name" games where you use the name of your first pet as your first name, etc - ie, did you reveal data points that are often used for security question purposes? Are your facebook friends in Egypt people that you actually know, or were they random strangers that you just accepted friend invitations from? Did you have an easy-to-guess password?

I'm not trying to blame you or make you feel bad, just wondering if we all can learn from what happened to you.

[zorba]

Zorba, you have a website and use email and message boards. You're at risk of being hacked, everybody is.

Yes I am. I take certain precautions to reduce that to a minimum - and reduce my exposure if it *does* happen.

My point above was the quote that FB wasn't doing anything to help - surprise, surprise.

[Zumarrad]

LOL Zorba in that case you will love this story *hijacks thread*: a colleague of mine has recently become the web editor for her regional newspaper, and part of that job involves maintaining the paper's Facebook page. She was having some difficulty with getting it to show up on searches, so posted, giving her professional credentials, asking for help.

The guy running the help page told her that he didn't bother responding to questions from people with obviously fake names as he found they tended to be arrogant.

She was posting under her real name - not exactly Jane Smith but not a wacky name either - which can be readily googled showing her as a writer for the paper! And even if she WAS using a pseudonym, which is now allowed apparently, that's hardly a reason to assume she was arrogant!

Eventually, to be fair, the FB guy apologised and the problem was resolved, but even so. Bad form! (Also to be fair, many online services have this human interface problem. Geeks are not always very good at liaising with other people in a conventionally friendly, reassuring manner.)

[zorba]

Geeks are not always very good at liaising with other people in a conventionally friendly, reassuring manner.

Tell me about it. I frequently trip over my own geekiness.

[Nabila-Nazem]

According to my webmaster, there are lots of password-generating programs out there, and sooner or later ...

No, I try to keep the weird apps and games out of my life, but who knows. And I only friend people whom I know who are friends or friends of friends or who look "okay." The whole point is to expand your horizons, no? Silly me...

In any case, I'm not so mad about that, it's unfortunately what humans like to do. What DOES make me angry, however, is he predictably crappy way FB treats these issues. They (like many other online companies) refuse to deal with individuals, and won't let me resolve the issue. They just won't communicate with me. The hacker changed my login e-mail, password, and removed or changed my phone contact, as well as any number of personal info so that I can't identify and secure my profile via FB's automated forms. They claim I don't exist, all the while I have screen captures of my profile taken from other people's computers. I can't even have my profile and page deleted, so for all I know clients and colleagues are leaving me friend requests or comments or messages, and if I don't respond, they'll think I'm a flake or irresponsible. Many, many others have had this problem and gotten nowhere, so now that I'm more calm, I'm thinking of other avenues to pursue getting the info. It's not like the info isn't there, they just won't deal with anyone personally.

Law enforcement can subpoena info, but I'm not quite in that serious of a fix. (as upsetting as this can be, no one is bleeding here.) I don't really have any rights here, and I know it. My attorney has offered to write a formal lawyer letter to them as their physical address, and while they're probably not legally obligated to give me any info, folks tend to take law enforcement and attorneys a little more seriously. I guess it can't hurt. If anyone has any suggestions as to the best way to interact with FB effectively, then by all means share!

[dunyah]

FB - too big to care, I guess. The woman in the story I heard on NPR was able to figure out who had hacked her by going through the facebook pages meticulously, I'm not sure how she did it, and it took months, but she figured it out and then tracked them down and contacted the principal and authorities at their school, since they were kids. Maybe your best bet is to try and figure it out on your own, maybe your webmaster has ideas about how to do it.

[zorba]

....What DOES make me angry, however, is the predictably crappy way FB treats these issues.

Word.

If anyone has any suggestions as to the best way to interact with FB effectively, then by all means share!

Sure. Stay away.

I know virtually everyone here is tired of hearing me rant about Face***k - but I hear about DRAMA and PROBLEMS with this site on a DAILY basis. Its at least an order of magnitude greater than its predecessors - MySpace, Tribe, Geocities, et al. - COMBINED.

Yes, anyone/everyone can have their password hacked. A responsible site will help its users. I don't see Face***k doing anything other than increase their "data mining" activity. Use a strong password, and use different passwords on every site "that matters". I recently read that among many other things, a strong password should have at least TWELVE (12) characters. Not many of mine are that long (one is actually 17) - but all of mine are at least 8, and I'm probably going to re-vamp my password scheme after reading that. Mantra-based passwords are one very good way; linking unrelated words with weird symbols is another. Throwing in intentional misspellings, mixed case, etc. are also good ways to strengthen - but sheer length trumps them all.

[*Shira*]

Tips for secure passwords that would be extremely difficult for automated processes to hack:

1. Don't use actual words that are in the dictionary. Make something up. For example, "floodlerakkum"

2. Somewhere in the middle of a word, replace at least one letter with a numeral. For example, instead of "meet&greet" try "m33t&gr33t" Or, using my example in #1, "fl00dler@kkum" where I'm substituting zeroes instead of the letter "o", and substituting "@" instead of the letter "a".

3. Use two words that are not related, and separate them with a punctuation. For example, "bunny#fingers"

4. Don't participate in social network "games" where you create your stripper name (or whatever) by taking the name of your first pet, and the name of the high school you graduated from (or other personal data) and combining them. These games often use the very same questions as the security questions the password retrieval system uses. The games are initiated by scammers who first friend a bunch of people, then post the questions, and then collect the info they need to hack into your account.

[beafarhana]

Face***k

Zorba, can I just mention that this is a very unfortunate, and for some people, offensively sweary-looking redaction of the word "facebook". It basically looks like a very uncouth word for a sex act, one which may be perceived as being offensive, demeaning and insulting.

I'm not saying *I'm* offended- I'm a very sweary person in real life! Maybe that's why I'm "reading" this use of asterisks in such a way! But I know for sure of at least one person who does find this particular usage horrible.

I respect that you don't find Facebook to your liking, that's fair enough, but if you can't even bring yourself even to type the word, then maybe Faceb*** is less open to misinterpretation than Face***k.

[zorba]

4. Don't participate in social network "games" where you create your stripper name (or whatever) by taking the name of your first pet, and the name of the high school you graduated from (or other personal data) and combining them. These games often use the very same questions as the security questions the password retrieval system uses. The games are initiated by scammers who first friend a bunch of people, then post the questions, and then collect the info they need to hack into your account.

Ditto on the first 3 - and I wasn't aware of this #4!