News Item

Someone Hijacked Your Facebook Profile—Now What?

By: N/A, Popular Mechanics

Q: Help! Someone has hijacked my Facebook account and is posting nasty things about me. How can I regain control and get rid of the embarrassing lies?

A: Anyone with malicious intent and a little bit of tech savvy has a frightening number of options at his disposal if he is interested in taking over a Facebook account. In 2010 Seattle software engineer Eric Butler developed Firesheep, a Firefox extension that made it easy to hijack unencrypted browsing sessions on a public network. For a time Firesheep made logging in to a social network in a coffee shop or library an open invitation to your private account for anyone who was looking. According to Tim Armstrong, a malware researcher at Kaspersky Lab, Facebook now has default encryption built into its site, which should fend off Firesheepers, but he believes that recent updates to Facebook have opened up other modes of attack. "Facebook changed the layout of the site recently so that it prompts you to reveal where you went to high school, your family members, the town you live in—all this information that is almost a one-to-one with password-reset questions," he says. Armstrong thinks the oversharing that occurs in a typical Facebook profile makes it easy for others to research their way through the typical questions that are asked by either Facebook or online email providers when you forget your password.

Read more...