I received several messages today from friends and family letting me know they’d received a message via Facebook which sounded suspicious. They feared my Facebook account had been compromised or hacked, and it looks like they were correct. I did NOT send the first message in the Facebook thread below, and still have no idea how this message was posted from my account.

Facebook Hack

As of this writing, I’m still not sure what happened. I HAVE changed my Facebook password, but I could not identify a Facebook application which I may have “authorized” to use my account which could be to blame for this. I am VERY wary of using / authorizing Facebook apps, and only have five that I’ve authorized in the past. One of the messages I saw orginated with “Facebook Mobile,” but that isn’t a “Facebook application” which I’ve authorized. It’s a bit scary to know someone has compromised my online account and I’m not sure how to be sure I’ve stopped them.

The following six suggestions were included in the February 9, 2009 CNN article, “Fears of impostors increase on Facebook” as security suggestions for Facebook users:

  1. Be suspicious of anyone — even friends — who ask for money over the Internet. Verify their circumstances independently, either by calling them directly, or checking with mutual friends.
  2. Choose a strong password and use unique credentials for each of your Web accounts. Facebook says hackers tap into one site and then try to reuse passwords on others.
  3. Use an up-to-date browser that features an anti-phishing blacklist.
  4. Use and run anti-virus software on your computer.
  5. Reset your Facebook password if you suspect your account has been compromised.
  6. Have more than one contact e-mail address. This will help if one of them is hacked.

If you have any suggestions about other steps I should take to secure my Facebook account, I’d love to hear them. For now I’ve just reset my password.

Technorati Tags:
, , , , , ,


Did you know Wes has published 3 eBooks, and 1 of them is available free? Check them out!

If you're trying to listen to a podcast episode and it's not working, check this status page. (Wes is migrating his podcasts to Amazon S3 for hosting.) Remember to follow Wesley Fryer on Twitter (@wfryer), Facebook and Google+. Also "like" Wesley's Facebook pages for "Speed of Creativity Learning" and his eBook, "Playing with Media." Don't miss Wesley's latest technology integration project, "Mapping Media to the Common Core / Curriculum."

On this day..

Share →
  • Yes

    I got this same exact scam TODAY on April 7th. Must be something new that’s floating around. Dunno what could’ve possibly done it either.

  • http://www.StriderORG.110mb.com Dago

    The same thing happened to me. I looked through my settings and everything seemed fine. I checked apps and the only thing I saw wrong was fluff friends on there. I never added it. I changed my passy and now I wait. I just hope this is just limited to Facebook.

  • irsocal

    I had the same thing happen today, with messages sent via Facebook Mobile. I changed my password and deleted the app off my phone.

  • http://www.magos-reviews.com Joe Nobles

    Hey Wesley. I just got a message from a friend, who has the same issue. I’m sorry to see you got hacked. I’m not sure, if there’s a removal tool, for this though. It reminds me of that email phishing scam, which has been going around.

    If it’s anything like the email version, the only thing that seemed to help me was by reformatting my computer. I tried using every anti-virus program to get rid of it, but nothing worked. When I changed my password, to my email account, it didn’t seem like it did anything. The virus or whatever updated along with it. When I reformatted and was able to get back online, I re-updated my password and seemed like it worked.

    Other than that, I’m not sure on what else to say. Hopefully, someone will know how to remove it, without reformatting. It sounds like the Facebook scam version is new, though.

    Thanks for sharing, and good luck on removing it.

  • Anonymus

    The same thing happened to me on April 7th. It seems like a new attack of some sort. I have also changed my password and email account on facebook. I do have and use a facebook app on my cell phone (iPhone). If others have a mobile app, please let us know. The phone might be the portal used for the attack ….

  • http://www.magos-reviews.com Joe Nobles

    I just had the same thing happen to me. It said my account was accessed from a location, in Turkey. It mentioned it was accessed through a mobile phone. I don’t use any apps, on FB. So, I don’t know how the person / people get the info to login, through our accounts.

  • Dhiraj

    if you see, closely it says sent via facebook mobile.

    Do you access facebook via any cell phone?

  • zure

    it happened to me too,i have this app on my Ipod touch.now i changed the password and deleted the app on Mobil:(

  • http://www.wesfryer.com Wesley Fryer

    I do use the Facebook application on my iPhone, but I have not enabled “Facebook Mobile” on the website on a cell phone, using the number to update my status via SMS for example. I did change my Facebook password and also deleted the Facebook iPhone application on my iPhone, and then re-installed it. I’m doubtful my iPhone app was hacked, but I suppose that’s possible. The messages which were being sent out 9 at a time (a total of 144 were sent) stopped before all my contacts were spammed / phished. I’m not sure what caused this script to stop which was apparently sending these. The send routine started alphabetically. Since this stopped before I changed my password, there must have been some other intervention (perhaps by Facebook admins) which stopped it. Alternatively the script could have been programmed to just send to a finite number of groups / contacts and then stopped.

    I’m relieved the message wasn’t something worse. It is quite troubling to have something like this happen, and people you know receive a malware-laden message which you did NOT create. Hopefully some more savvy Internet detectives will research this and let us know the full backstory.

  • http://reeves.web44.net Terence Reeves

    Another report of the same issue. Started getting funny messages from my friends about cnbc8 – had no idea what they were talking about because I was not aware my profile had sent any messages.

    Incidentally, I have never used a phone to access facebook.

  • Pingback: Scrape blogs: A mildly dark (and certainly irritating) side of open content licensing « Moving at the Speed of Creativity

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 Unported License.

Made with Love in Oklahoma City