Q: Help! Someone has hijacked my Facebook account and is posting nasty things about me. How can I regain control and get rid of the embarrassing lies?
A: Anyone with malicious intent and a little bit of tech savvy has a
frightening number of options at his disposal if he is interested in
taking over a Facebook account. In 2010 Seattle software engineer Eric
Butler developed Firesheep, a Firefox extension that made it easy to
hijack unencrypted browsing sessions on a public network. For a time
Firesheep made logging in to a social network in a coffee shop or
library an open invitation to your private account for anyone who was
looking. According to Tim Armstrong, a malware researcher at Kaspersky
Lab, Facebook now has default encryption built into its site, which
should fend off Firesheepers, but he believes that recent updates to
Facebook have opened up other modes of attack. "Facebook changed the
layout of the site recently so that it prompts you to reveal where you
went to high school, your family members, the town you live in—all this
information that is almost a one-to-one with password-reset questions,"
he says. Armstrong thinks the oversharing that occurs in a typical
Facebook profile makes it easy for others to research their way through
the typical questions that are asked by either Facebook or online email
providers when you forget your password.