2 minute read

How Facebook Got Hacked and 6 Steps to Protect Your Account

Last Updated: April 16, 2015

Sam Black

Sam Black joined the Covenant Eyes team in 2007 after 18 years as a journalist, serving as a reporter and editor for newspapers and magazines in six states. Sam is the author of The Porn Circuit, and he creates partnerships with like-minded organizations to strengthen the worldwide fight against pornography.

With images of porn and gore flooding onto millions of unsuspecting Facebook users pages early this week, many users of the world’s largest online social network were left irritated and wary of future hacks.

The cyber attack on Facebook began Tuesday, November 15, with images of extreme violence, hardcore porn, and photoshopped images of celebrities in sexual situations being posted in newsfeeds and on users’ pages. The hackers did not try to scam users for money. Rather, the attack seemed aimed at shaking up people’s confidence in Facebook. For many people, it did just that with Twitter and blogs coming alive with promises to cancel Facebook accounts and coffee shop and water cooler discussions voicing concern.

“Knowing I have no control over what someone puts on my page makes me feel violated,” said Kelly Green, a Michigan mother of three. “Knowing that would be on my page would be embarrassing and shameful, because my network of friends and family know I am a Christian.”

The attack tricked Facebook users into clicking links by offering free gifts, an entertaining video, or answers to a quiz. Clicking the link led users to a page where they were asked to copy and paste a line of malicious code into the address bar of their web browser. Doing so led to inappropriate content being posted to a users’ Facebook page or to those on their contact list, usually without their knowledge. To make matters worse, the images and links spread when unsuspecting friends clicked or shared those links.

“This latest Facebook ‘virus’ is a classic Trojan Horse attack,” said Scott Hammersley, Vice President of Technology for Covenant Eyes. “The user perceives that they are installing or activating software that will provide some type of benefit. Instead, once the code is installed, it turns out to be destructive and does malicious things to their system or account.”

By Wednesday, Facebook said it had cleaned up the vast majority of the images and links and was working to produce additional security measures to prevent such attacks in the future. Facebook said that no users accounts or data were compromised.

Spammers target social networking sites because people are likely to trust the links and content they receive from the people they know. Scams and viruses can spread with ease.

“It’s very possible to see more of these attacks on social networks and it’s not hard to do,” said Covenant Eyes Web Developer Ray Hyman. “The more people use a system the more hackers want to attack a system.”

People are accustomed to being wary of questionable e-mails, even when they appear to come from a friend, Hyman said. They need to take the same precautions for links and items connected to their social media, not just Facebook but also Twitter, Google+, and other accounts.

A measure of caution is needed, agreed Dr. Michael McCarty, a Church of the Nazarene pastor who formerly served as the denomination’s Field Director for Southeast Asia. After 30 year in missions, he not only uses Facebook to communicate with church members, but with people around the world.

“I had a measure of mistrust already–it just reinforces my caution,” McCarty said, explaining that he has no intention of quitting Facebook. “Yes, there is a risk, but the value of the communication is worth that risk.”

To be proactive, Hammersley and Hyman recommend six tips to playing it safe on social networking sites.

  1. Report suspicious links on Facebook, even on friends’ pages. If a deal sounds to good to be true, take for granted that it is and don’t click that link.
  2. Never cut and paste unknown code into a browser address bar.
  3. Make sure your browser is up to date.
  4. Change your password on your Facebook and other online accounts, especially if your account was hacked.
  5. Remove unwanted Facebook apps. You have to take responsibility for the apps you load to your Facebook profile. Only keep apps you use often, and recognize that an individual app can be hacked.
  6. Use virus protection software, run a virus scan immediately, and keep your virus protection updated. AVG offers a free version of its virus protection software, and a paid version with additional features is also available.