Forgot your password? Click here to have it emailed to you.
Facebook, Social Engineering, & Me
October 28th, 2009 by WillDuke

Someone hacked my Facebook page.  There, I said it.  It’s humiliating.

I’m a computer guy.  I know a lot about security.  I know all the right things to do.  I tell people all the right things to do.  My network password is 17 characters long!

I didn’t practice what I preach.

When I setup my Facebook account I thought Facebook wasn’t that important.  Surely nobody would bother hacking my account.  Ironically I am quite proud of the community I’m building there.  My password was a good password, but not great.  Okay, maybe on the low end of good.  7 characters, numbers and letters, but there was a dictionary word as a part of it.

My wife noticed before I did.  She woke up in the middle of the night and saw strange postings being attributed to me.  When I woke up, she told me.

I IMMEDIATELY changed my password.  Then I proceeded to delete all of the entries someone made.  I had to delete them from my wall, and from 25 of my friends walls.  Unfortunately I could do nothing about the emails that Facebook sent out.

So what happened?  How was a technical expert like myself compromised?  Well, I’ll never know for sure.  There’s no way to get hold of Facebook and ask.  But I think I know.

I was careless.  A prompt came up asking for my username and password.  I had been playing around with Tweetdeck and hootsuite, and twitter and this new blog which has an rss feed into Facebook.  Lots of stuff going on, and in the midst of all that I was prompted, again, to enter a username and password.  I had been doing it so much, that without thinking I just put it in again.

As you probably know there’s a hack, there’s always a hack, going around that tricks you into entering your Facebook user-name and password.  I would give more details, but I don’t remember what it said.  If I had read it, I might have not entered my information!

So look for a forthcoming entry on security.  In the meantime, read things before you fill ’em out.  And if you weren’t expecting to get something, don’t fill it out.  It’s called Social Engineeering.  And it’s going to be a great post.


1 Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URL

Leave a comment