Fend Off A Facebook Hack Attack

A colleague recently wrote on her blog about her own father’s experience getting hacked on Facebook – and it serves as yet another useful reminder of why and how we can take measures to keep our online identities secure.

It appears in this situation that the hacker found his victim’s profile on Facebook, submitted a lost password request, and then answered the security questions with information that was easily found on Google. After taking over his Facebook account, the hacker repeated the process to gain access to the victim’s Gmail account and started emailing all of his contacts asking for money.

If this sounds vaguely reminiscent of something that was in the news a few years ago, it’s because a very similar technique was used by a college student to access Sarah Palin’s Yahoo account. One password reset request later, and Sarah Palin’s emails were all over the Internet.

The take-home here is simple: make sure that your security questions don’t ask about details that are available with a little digging (mother’s maiden name, city of birth, high school mascot). Go for more obscure ones like your first pet’s name or the name of the best man at your wedding (as long as you didn’t blog about your wedding!).  Also, take a good look at the privacy settings on all of your social networking profiles and don’t divulge more information than you have to. That will minimize the amount of damage a hacker can do if they do gain access to your profile.

Don’t assume that a social networking company is as worried about your privacy as you are. The Google Buzz debacle -- in which Google effectively used people’s personal email accounts as a platform for public social networking – illustrates that, for many social marketers, they’re more concerned about building a large and open network than they are about protecting the personal information of individuals. That means it’s up to you to stay on top of things and adjust the necessary settings when, for example, Facebook revises its privacy policy.

And remember that the more you share about yourself online, the more ammunition you’re giving potential identity thieves. That doesn’t mean you should shut down all your social networking profiles because someday somebody might hack into your Facebook account. It does mean that you should be careful about what details you share, where you share them, and with whom.