Sunday, April 25, 2010

Security Breach!

ALERT! ALERT! ALL CREW MEMBERS TO BATTLE STATIONS! WE HAVE A UNIFORM PAPA CHARLIE! I REPEAT, AN UN-AUTHORIZED PASSWORD CHANGE HAS OCCURRED! REPORT TO BATTLE STATIONS FOR FURTHER INSTRUCTIONS!

...Or, at least, that's what was happening in my head two days ago.

Honestly, I don't know what happened. I don't know if I was hacked. I don't know if two sites decided to simultaneously glitch. I don't know the logic or specifics of what went down. All I know is what I saw, and what I did to fix it.

I guess you could say this all started 3 (or-so) months ago, when Facebook first decided to be glitchy. Okay, I guess they were just being diligent, but it still ticked me off. I was trying to share a link to a page on my profile, and apparently Facebook had had reports from some(body/people) that the site was annoying and/or malicious, so it kicked me out and sent me an e-mail to reset my password:

Hey Vicki,

We have detected suspicious activity on your Facebook account and have reset your password as a security precaution. It is possible that malicious software was downloaded to your computer or that your password was stolen by a phishing website designed to look like Facebook. Please carefully follow the steps provided:

1. Run Anti-Virus Software: If your computer has been infected with a virus or with malware, you will need to run anti-virus software to remove these harmful programs and keep your information secure. [insert support links for Microsoft & Apple]

2. Reset Password: Be sure that you use a complex string of numbers, letters, and punctuation marks that is at least six characters in length.
To reset your password, follow the link below:
[insert link here]

3. Never Click Suspicious Links: It is possible that your friends could unwillingly send spam, viruses, or malware through Facebook if their accounts are infected. Do not click this material and do not run any .exe files on your computer without knowing what they are. Also, be sure to use the most current version of your browser as they contain important security warnings and protection features.

4. Log in at Facebook.com: Make sure that when you access the site, you always log in from a legitimate Facebook page with the facebook.com domain. If something looks or feels suspicious, go directly to www.facebook.com to log in.

5. Report Suspicious Activity: Please visit the following pages for further information about Facebook security and information on reporting material:
[more links]

Once you have performed all these steps, your account should once again be secure. Please be sure to visit the Facebook Help Center for further information regarding these security issues and let us know if you need assistance.

Thanks,
Facebook Security Team


Now, all those steps are good advice (which is why I copied the e-mail), but I was peeved nonetheless since it was ME trying to use my account and NOT someone else. Still, I went ahead, made a new password and gave up on sharing the link (it couldn't have been that important, since I don't remember what it was anyway).

Flash forward to April 21st (or 22nd - the panicking kinda warped my memory of precise time passage) 2010.

I'm on Firefox, with multiple tabs open, flitting back and forth between them. I click on Facebook's tab and find one of their in-screen pop-ups saying, "You must be logged in to see this page" (it was my profile page). I cock my head to the side quizzically, but do as I'm prompted and go to sign in again. I know that they've been doing some more updates recently, so don't think too much about some hiccup causing me to log out.

On the log-in screen I type in my password, no problem, and click submit. The page goes blank a moment, the loading symbol is in on the tab, but then the same page returns with a message in a pink box. Why pink? Was red too scary for them? Too gloom and doom for Facebook? Anyway, the message reads:

Please re-enter your password
The password you entered is incorrect. Please try again (make sure your caps lock is off).
Forgot your password? Request a new one. [<-link]


I try again, slower this time, making sure I hold the shift key for the correct letters and release it for the others.

And I try again.

And again.

And again.

By now I've started to grit my teeth because I know I JUST reset my password (a little while ago) and I don't feel like doing it again. But, with no other choice, finally I give in and click the Request A New One link.

It's fairly simple to request a new password, actually. Facebook simply sends you an e-mail (to the address[es] registered with your account) with an activation code, which you then copy and paste into the space provided. Then you type in your new password twice and are on your way. I click the confirmation button and then go to my e-mail tab.

Normally, I have it up and running, but my mom had just checked hers earlier, so I had yet to log in again.

So I go to the AOL/Netscape log-in screen and type in my username, at which point my Saved Password fills in, and then I click the Sign In button.

A small bit of red text appears above the sign-in: Invalid Username or Password. Please try again.

Now, I KNOW my password is correct, but I go ahead and type my username again, then manually enter my password.

The red message doesn't go away.

I try it again and again and again...again, but nothing changes.

I'm really starting to freak out now. Why would BOTH accounts suddenly seize up at the same time? That can't be coincidence, can it? I mean, this account is the only one registered with my Facebook (my school account closed 6 months after I graduated), so what better way to reset my password than to also hack this e-mail?

Wait...hack? Have I been hacked?!

I quickly follow the "Forgot your Password?" link for my e-mail, which takes me through AOL's steps for password resetting. Trickier than Facebook's (since they obviously don't want you to need to have multiple e-mails) their questions are actually personal. They ask for your birthday, your zip code, and then the answer to a security question which you picked (and answered) upon signing up. I went through everything quickly and easily and changed my password.

Then I went in and finished the process for changing my Facebook password. As an extra precaution, I also went through all my other e-mails (I have 4) and changed their passwords. All was well.

Or so I thought...

I come back the next day and find an e-mail in my inbox... "Facebook Password Reset Confirmation Code". And I'm kinda...O_o I didn't request another reset.

Lo and behold, I was logged out of Facebook again and my password didn't work. I went through the steps again and reset it (getting another confirmation code in my e-mail).

A few minutes...or an hour (again, my idea of time was not constant during this period) later, I was logged out of both Facebook AND E-mail.

Now, this is partly my own fault. I had assumed that the second time my password on Facebook had simply glitched out, and that I needed to reset it to what it used to be. DO NOT USED AN OLD PASSWORD OR A PREVIOUSLY HACKED/BROKEN PASSWORD ON ANY ACCOUNT. Seriously, even if you think it's a glitch, it's better safe than sorry.

It was around this time that I really started panicking. I filed a report to Facebook:

Security: Hacked account

My account has been compromised, but it has not been phished nor affected by the money scam.

My account has been hacked.

If you believe your account has been hacked and you can still access your login email address, you can secure your own account by resetting the password from this page: [link] , or by selecting the "Forgot your password?" link that appears above the on the login page. An email will be sent to you with steps for completing the process.

If your account has been hacked and the login email on your account has also been compromised or has been changed by the hacker, please send us information about the account so we can look into it further and hopefully restore access. Please click here [link] to submit your report.

OR

Login and Password: I can't log in to Facebook or access my account

I reset my password but it will not work the next time I log in.
If you are prompted to reset your password every time you log in, your problem may be related to your internet browser. Please follow these steps to troubleshoot the issue:

1. Follow these instructions [link] to clear your browser’s cache and cookies.
2. If you continue to experience problems, reset your password [link] and log in.
3. If you logout and confirm that you cannot log back in, please contact us [link].


Because my account hadn't been sending out spam, or participating in other malicious activity, I decided to follow the instructions for the second problem. I cleared my cache and cookies (even though I was 99% certain Firefox wasn't the problem) and tried again. Still no dice. So I contacted them and they replied quickly.

Well, I should say I contacted them, then went to reclaim my e-mail again. First I spent a little time Googling things like "what to do if e-mail is hacked" (fyi, apparently I'm the only one who still calls it e-mail instead of email) and "how to tell if account is hacked", only to get dreary news. Most sites gave condolences for having lost my account, 'but here's how to gain access for enough time to save your crucial e-mails.' Others (like Yahoo Answers) actually had people commenting about how they were experienced hackers (and then had replies asking for their services). *shudder*

With the help of a couple more cheery sites (My Email Account Was Hacked! How I Regained Control of It & Password Recovery Speeds [Chart]) I made a new password (1337-speak) AND changed my security question & answer.

Anyway, the Facebook e-mail was there, nice and succinct:

Hi,

Please reply to this email to verify that you are the owner of the account that you referenced in your Facebook support inquiry. This security step must be completed before Facebook can respond to your inquiry. We apologize for any inconvenience.

If this email address is not associated with your account, please reply to this email from an email address that is associated with your Facebook account, ensuring that this email is in your response (this may require you to copy and paste this text if your email client removes this email from your reply).

Please also note that if you have created an account, and you're having trouble logging in, please do not create another account using a different email address. Doing so may also increase the time needed to resolve the issue.

Thanks,
The Facebook Team


I replied with two short sentences:

I am the owner, though I'm also having issues with my e-mail at the moment. If you could please CC my other e-mail [link] I'd appreciate it. Thank you.

Oh, pardon me, three short sentences.

I decided to give Facebook one last try, and sent for the confirmation code once more, changing my password to something not even remotely similar to anything I've used before...

And haven't had a problem since.

I must say, after reading the horror story the first site described, my e-mail and Facebook intrusions were pretty tame. No sent messages, no deleting information, no adding contacts (or e-mails)... The only problem (or clue) I had was my passwords not working. And, even luckier for me, I don't keep other crucial information in my account, so other than links to websites I receive mail from, (that I know of) they didn't get anything from me.

I'm still on edge. Every time I mistype my new passwords, I bite my lip that my next attempt will work (and it does). I ran a (37 hour-long) virus-scan on my computer, which turned up nothing - always a good sign. I just hope this good fortune will last.

If anyone has any advice of things to look for, or how better to secure accounts, please leave a comment below.


...In lighter news, (if you hadn't noticed up at the top) I FINALLY finished Hitchhiker's Guide to the Galaxy! Most likely, I will give a review of the first 5 books together, then have a separate review of the most recent 6th installment by Eoin Colfer. Be on the lookout for that ;)

Hope you all stay safe until we next meet,

~Vicki

3 comments :

  1. UPDATE:
    My dad just sent me this tidbit- It's not paranoia if they really are out to get you:

    Sir Codelot writes
    "A hacker who calls himself Kirllos has obtained and is now offering to sell 1.5 million Facebook IDs at astonishingly low prices — $25 per 1,000 IDs for users with fewer than 10 friends and $45 per 1,000 IDs for users with more than 10 friends.

    Looking at the numbers, Kirllos has stolen the IDs of one out of every 300 Facebook users.

    Quoting: 'VeriSign director of cyber intelligence Rick Howard told the New York Times that it appeared close to 700,000 had already been sold. Kirllos would have earned at least $25,000 from the scam. Howard told the newspaper that it was not apparent whether the accounts and passwords were legitimate, but a Russian underground hacking magazine reported it had tested some of Kirllos' previous samples and managed to get into people's accounts.'"

    http://yro.slashdot.org/story/10/04/25/1439201/Russian-Hacker-Selling-15M-Facebook-Accounts?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

    ReplyDelete
  2. Facebook's acting up on Firefox -_- about time I moved on to Chrome. :D

    ReplyDelete
  3. Be careful about Chrome. When I had it (maybe 6 months ago) some sites didn't work at all on it. Different coding and such. They might have fixed problems with it by now, but still, be advised.

    ReplyDelete

Let me hear you howl!