I woke up at 7am on Friday morning to about 10 pop-ups on my computer screen from Sametime (IBM's internal messaging service) and YIM - telling me the same thing: my Facebook had been hacked (Rob Wunderlich even had a blog posting up about this one before I got out of bed - gotta love the blogosphere!).
Evidently, someone had hacked, or, "phished" (as the facebook team calls it) my password from some sort of link that I clicked on off of Facebook. They then accessed all my contacts with last names beginning with A, B, and C, and spammed the following note and link to my friends' walls:
I feel awful about it - but it was just spam, and luckily it looks like it's not one of those things that forwards on if you click it. And the spam message? Brilliant. I mean, if I was going to message my friends, I definitely would start out with "YO." And then include words like "wanna." These guys know me all too well... (note sarcasm)
That said, it was an awful experience trying to figure out how to get all of this sorted out. I emailed the facebook team several times, and spent the better part of an hour trying to track down a customer service number (there isn't one, FYI). You would think that a company that collects that much data on their users would consider having a customer service number. Nope. And the email response time? NINE HOURS. I don't know, maybe that's how they cut costs. Interesting given their executive indulgences.
Here are a few easy tips on how NOT to get hacked on FB, and, if you do, what steps to take:
- Avoid clicking on any links/URLs within Facebook that don't start with www.facebook.com. These are not authorized by the FB team.
- If you do get hacked, immediately sign out of FB. Then email firstname.lastname@example.org. Someone will get back to you (give them at least 9 hours :) )
- I would recommend *not* immediately changing your PW or trying to contact your friends to let them know (by Facebook, that is). This could lead to additional spam, etc - since you don't know the extent of the damage done, best not to accelerate anything that might already be doing damage. Also, the FB team will automatically reset your PW for you when you contact them, once they know everything is okay with your account.
- Update your PROFILE message by your cell phone to let folks know not to click on the link you may have sent them. Also email which ones you can via something different than FB.
- If you get a random posting on your wall from someone you know - and it doesn't sound like something they would be say - don't click on it. It's probably spam.