Facebook Hack, Your Silence is Deafening

Over the last few months, we’ve been talking alot of social media applications like Facebook, LinkedIn, and all.  The discussion of security really did not get explored – and not because it’s not important because it is, but also because it really had not affected me personally yet.  Well this week it did.  My Facebook account was hacked and someone changed my password and primary email. Some chick named Victoria from the UK.

It started when I got a phone call at my house from my neighbor Rosanna. I am friendly with my neighbors, but I”m not one to “IM/chat” on the FB application.  Well, this imposter started chatting with my neighbor, and told her that I had met some great new beau and I was headed to the UK for holiday.  And oh, did Rosanna have any money I could borrow to make my escape?  Gee, my life just isn’t THAT exciting.

How mortifying really.  Then Miss Vicky chatted with another neighbor/friend of mine, who had already got the news of my hack thru Rosanna. Word travels quick here on North St, even faster than Twitter.  This time this friend was better prepared and called her out as the “hacker”.  Since then, Vicky has not shown up again.  The word got out, and fishing around my pond wasn’t working out.

But the whole experience really brought to light the lack of infrastructure Facebook has to support its customers.  At first, like any good online consumer, I contacted Facebook through its “Contact Us” page.

How the Support Experience Unfolded

1.  There was unclear direction on what to do if you get hacked.  There was a form to complete, but it did not give me any feedback or set expectation on response time. Just throw it out there into the ethers only to hear silence … for a couple of days.  Cricket, Cricket…  I sent 2 separate emails.  One thru the system.  Another through an email that was provided to me by a friend: abuse@facebook.com

2.  I tried Twitter’s @facebook’s identity.  The reality is that no one was “on” Twitter for days, as it appeared in the public stream.  They do use it but only to promote things, but they certainly are not using Twitter to “listen” to what’s happening.  A big mistake, they could have closed this out in the same day if they were listening.  And, I happened to connect with someone else who was hacked, and they had been waiting a full week to hear back from Facebook.  Hmmm….

3.  I tried calling headquarters only to hear from Facebook that there is no in-person customer support. They direct you to use the forms.  Another dead end.  But they do indicate to email them with the problem at info@facebook.com.  So I did that too.

So, while all this was happening, one’s anxiety rises due to uncertainty of what is really happening, and the silence was deafening.  I kept checking email, nothing.  Now, why wouldn’t Facebook deal with security breaches more swiftly?

Ok, so to give Facebook a little credit, I finally got an email from Facebook Support last evening, about 48+ hours post-breach with the message they changed my password.

The problem was I had already solved my own problem, the horse already left that barn.  I found a way to  fix my own password and remove the hacker’s email.   There seems to be a loophole in this process, and how easy it is to change one’s password.  So in retrospect it all worked out.  But in this day and age where security is a huge concern and the use of social media tools emphasize the “immediacy” of information, Facebook is not performing so well here.

Lessons Learned

1.  Friends are still our fastest chance of survival.  If I didn’t get the phone call from my neighbor, or the email from another friend on my site who sent me a few “precautionary” steps to take until I heard from Facebook, I’d be a raging case of frustration.  Those steps were:

– Don’t wait to hear back from Facebook.
– Send an email to abuse@facebook.com to explain the situation.  I’d also send it to info@facebook.com too.
– Change all other passwords that are remotely similar to that, and that use the same username/login

2. Revisit your own password approach. Is it easy to hack?  Seems like we’ve heard this before, but as hackers grow in sophistication we may as not just lock the bottom lock, let’s use a deadbolt too.  If your password includes a regular word found in the dictionary, change it.  NOW.

My Fix

So I did figure out how to change my password on my own. These are the steps I took:

1.  Logged out of Facebook and the browser.  Seems counter-intuitive, to close it out when you don’t know what the password is now.  But do it anyway – close both the application and browser.  Need to start with clean cache.

2.  Try to login with the original email used to open the account.  It will fail.  That’s ok.

3.  Click on Lost my Password.  It will bring up a screen that asks you to enter an email to send reset instructions to.  I entered my original email used to open the account.  Now here’s where the loop hole is.  Can you enter any old email address? And reset it from there? Is this how the hack works? I don’t know.  Someone should check.

4.  Receive password instructions at the email designated. Delete the hacker email from your account with the new password.

You’re done.  I hope this doesn’t happen to you, but if it does there is an end in sight. You can always close the account too, and open a new one with a different email address.

My question is, will Facebook survive without a serious customer support infrastructure? With all the accounts they hold, and with the growth rate, will they falter on themselves without this important piece of  customer support in the business?

I’m not the first person to be hacked, and will not be the last.  Seems that there should be some clear instructions from Facebook on how to handle the situation. Step by step. And some faster response time to address the concerns and fears of being a customer in that application.  A little hand holding will go a long way.

UPDATE: February 6th 2009

It seems that this issue has hit the national media with this recent CNN article on Facebook imposter hacks.  It seems that Facebook will be doing something to improve security in our accounts.  We need it fast, let’s hope they release something VERY Soon.  In this article, someone actually sent money to some imposter. Thank goodness that didn’t happen to my friends.

4 Comments

  1. Stales says:

    Great post. You offer some great advice on how to manage your online accounts. Passwords are a very important piece of online identity management – I’m going to increase the strength of mine today! We have to look out for each other, waiting for customer service to respond is no longer a viable option. The speed of which these hacks can spread and do harm can’t be contained by traditional customer service responses. Here’s hoping Facebook steps up and makes some changes. Thanks!

  2. Jim Cahill says:

    Juliann, What an awful ordeal! I hope everything has returned to normal and you’re things are OK with friends and neighbors. I’m glad it was ultimately resolved and you shared what happened so that Facebook will take action.

    Not doing anything would definitely be Facebook’s undoing.

    Take it easy, Jim

  3. Marc says:

    OK Juliann – just playing devils advocate on this…while you’re situation is frustrating, how much responsibility/customer service is Facebook required to do considering they are simply providing a gateway to a free service? Other than the technology (which anyone with Joomla/Mambo or other CMS program can offer – FB just happens to have capitalized on it big time) where does their level of responsibility enter that proverbial “grey area” considering you’re not paying for the service? If you were paying a fee – any fee – then I would think that there would be a higher level of “customer service” needed – but as the old adage goes, you get what you pay for.

    On the other hand – it still sucks. I get that. Better instructions, yes. A higher level of security – yea, why not? But better customer service? You might be wishing on a star for that.

  4. juliann says:

    Thanks Alicia, Jim and and Marc for your comments. I appreciate the insights.

    Alicia – It’s true, passwords are one of those things we don’t think about until we have to. It certainly opened my eyes. I’ve changed just about every online account at this point. We do need to be as self-reliant as possible.

    Jim – All is well with the neighbors. It’s a good thing they know me, they knew something was very wrong. I’m lucky, we do watch out for each other.

    Marc – Great point and playing Devil’s Advocate. True that it is a free service. That is a problem for many of the social media applications out there. At some point, things like this will begin to matter. Some folks store credit card info on there for advertising, but I am not aware of any more customer service offered for a paying customer vs. non-paying. Maybe there is. But nonetheless, any security breach is worthy of review. For example, each account owner has security questions set up in their profile, but these questions are not used when changing the password protocol. Why? Seems like a no-brainer to me. If you can’t offer in-person customer service, then you better make it as “self-serve” as possible, or provide discussion communities like Word Press does, so Facebook users can help each other.

Leave a Reply