Tag Archives: Hack

Mitigating My Facebook Risk Exposure

Following two recent hacking attempts on my Facebook account, I have decided to take the necessary steps to protect my personal information and limit my potential risk exposure in the event that my account eventually crumbles under the assault.

Despite Facebook’s “duty of care” to its users,  we ( the users ) are  ultimately responsible for safeguarding  our own personal information. If we delegate this responsibility to Facebook, we do so at our own peril.

Being victim of a Facebook account hack can be a daunting experience. Some users have complained about the irretrievable loss of their entire information and contacts. Others have complained about their Facebook status being updated with explicit sexual prose. A few even mentioned noticing strange new friends on their Facebook friends list.

Contrary to what some people think, you really do not need to be computer savvy to protect your personal information on Facebook. Basically, it is a matter of applying common wisdom and enabling some of Facebook’s in-built controls. Following the two attempts on my Facebook account, I decided to step up my privacy controls to minimise my potential exposure.

My Personal Information: I have always been cautious about my personal information on Facebook.  As a result, my profile has just enough personal information for those who know me to find me on Facebook. I do not offer and share information about my relationship status, details of children, political views, mobile and home phone numbers and employment history. Some Facebook users list themselves as married to “X” ( their partner’s name) and also give names and ages of their children.  Of course, to each his own.  Personally, I am  simply not comfortable sharing this level of information on Facebook.

My Privacy Settings: historically, my personal information    has been visible to “friends of friends.” I have now changed this so that only friends can view this information.  Talking of friends, there are friends and there are Facebook friends. I recently came across a post on the internet where a Facebook user was asking for information to help him hack into a friend’s  Facebook account. Crikey indeed!

Public Search: in July 2010, the profile pages of 100 million Facebook pages was leaked on a torrent site as these users had not made their profiles invisible to search engines. Mine would have been one of the 100 million Facebook pages, although I have now made my profile invisible to search engines.

Pictures: I only have a handful of pictures in my Facebook album – clean pictures, I hasten to add. If you keep compromising pictures on Facebook, you may be in for a rude awakening. My personal concern is with pictures that I am tagged in, posted by others.  As a rule, I always untag pictures I am tagged in. But it is a shame that Facebook does not have a security feature which allows us to stop others  from tagging us in the first place.  Nonetheless, I have now revised my privacy setting so that I alone can view pictures that I am tagged in.

Applications: I currently have 37 third-party applications associated with my account.  The risk associated with using these applications is that my personal information now leaves the confines of the Facebook platform and becomes accessible to application designers and God knows who else on the Internet.

Given the privacy concerns of third-party applications, I am currently reviewing all my applications with the aim of reducing this number considerably.  As an added security measure, I have also edited my privacy settings so that third-party applications used by my friends can no longer access my personal  information.

Who Are My Facebook Friends? As a general rule, I only befriend those I know, albeit, remotely in some cases. For me it is more about quality than quantity.

Sometime in 2008 it was identified that 40% of Facebook profiles were fake. At the time, it was thought that these fake accounts were set up by spammers, various malware and virus writers. I am sure  fake Facebook accounts are also used by:  paedophiles;  unfaithful spouses;  suspecting spouses; gangsters;  pranksters; stalkers; debt collectors; and private investigators etc.  So what am I saying? Beware of cyberspace frenemies !

Something else I have done to limit any Facebook exposure is to install the Firefox browser, which  has  anti-phishing capabilities compared to my previous browser.

If you would like to step up your Facebook security / privacy settings and are not sure how to go about it, “Your All in One Guide to Facebook Security and Privacy” provides clear and detailed steps on how to do it.

Take care while in the Facebook jungle. Minimal information is best and do not interact with strangers.  Let’s hear from you about your Facebook privacy experiences.


My Facebook Account Under Attack

From Iceland With Love

Facebook recently notified me of an attempt to log into my account from Iceland and advised me to reset my account if I had not made the attempt. As I live 1,130 miles away from Iceland and have  never been there in my life,  someone was obviously trying to hack into my Facebook account.  But why?  It’s only a Facebook account not an American Express Platinum Card account or a Coutts bank account.   Anyway, I reset the account straight away.

Ten minutes after resetting my account I had another message from Facebook informing me of another attempt on my account from Iceland. Again, I went through the process of resetting my account. Of course, at this point I started to try and make sense of these events.  I started to think about Facebook’s security arrangements and whether they were robust enough. My thoughts also featured the risks I and other users are exposed to by virtue of our affinity for the social networking site.

As someone who works in the Risk Management industry, there are some risks I am willing to accept, but most I would rather mitigate.  Without further ado, risk assessment mode kicked in and all my thoughts were now prefixed with different ‘what ifs.’

What if Facebook was under attack, how long would it be before this cyberspace fortress surrenders in defeat? What would then happen to the personal details of over 400 million users?

What if Facebook employees have sold my personal details, and those of other Facebook users, to trade rivals, criminals or other unscrupulous types?  Afterall, there is precedent for this type of behaviour.  A few days ago account details of iTunes customers were on sale for 10p each in China.  In November 2009, a T-mobile employee sold thousands of customers details to a rival firm. In August 2008, over a million American Express, Royal Bank of Scotland and Natwest Bank customer details were sold directly on ebay.

What if Facebook really has links with the CIA and Facebook founder and CEO, Mark Zuckerberg, is snooping on us all. Afterall, Mark has previously been accused of hacking into the systems and emails of the Cameron and Tyler Winklevoss – the brothers he is alleged to have stolen the idea for Facebook from, and to whom he paid $65m in an out of court settlement.

I also then remembered a story I had previously read about Mark Zuckerberg and Facebook accounts.  According to  Silicon Alley Insider (SAI), “on at least one occasion in 2004, Mark used private login data taken from Facebook’s servers to break into Facebook members’ private email accounts and read their emails–at best, a gross misuse of private information.”

Ultimately, my risk assessment led me to conclude that I needed to take steps to mitigate the security risks posed, not only by  the cyberspace terrorists, but also by Facebook staff, Mark Zuckerberg himself,  as well as, other Facebook users.

Please look out for my follow-up post “Mitigating My Facebook Risk Exposure” coming soon.