Facebook Hack, Your Silence is Deafening
Over the last few months, we’ve been talking alot of social media applications like Facebook, LinkedIn, and all. The discussion of security really did not get explored – and not because it’s not important because it is, but also because it really had not affected me personally yet. Well this week it did. My Facebook account was hacked and someone changed my password and primary email. Some chick named Victoria from the UK.
It started when I got a phone call at my house from my neighbor Rosanna. I am friendly with my neighbors, but I”m not one to “IM/chat” on the FB application. Well, this imposter started chatting with my neighbor, and told her that I had met some great new beau and I was headed to the UK for holiday. And oh, did Rosanna have any money I could borrow to make my escape? Gee, my life just isn’t THAT exciting.
How mortifying really. Then Miss Vicky chatted with another neighbor/friend of mine, who had already got the news of my hack thru Rosanna. Word travels quick here on North St, even faster than Twitter. This time this friend was better prepared and called her out as the “hacker”. Since then, Vicky has not shown up again. The word got out, and fishing around my pond wasn’t working out.
But the whole experience really brought to light the lack of infrastructure Facebook has to support its customers. At first, like any good online consumer, I contacted Facebook through its “Contact Us” page.
How the Support Experience Unfolded
1. There was unclear direction on what to do if you get hacked. There was a form to complete, but it did not give me any feedback or set expectation on response time. Just throw it out there into the ethers only to hear silence … for a couple of days. Cricket, Cricket… I sent 2 separate emails. One thru the system. Another through an email that was provided to me by a friend: email@example.com
2. I tried Twitter’s @facebook’s identity. The reality is that no one was “on” Twitter for days, as it appeared in the public stream. They do use it but only to promote things, but they certainly are not using Twitter to “listen” to what’s happening. A big mistake, they could have closed this out in the same day if they were listening. And, I happened to connect with someone else who was hacked, and they had been waiting a full week to hear back from Facebook. Hmmm….
3. I tried calling headquarters only to hear from Facebook that there is no in-person customer support. They direct you to use the forms. Another dead end. But they do indicate to email them with the problem at firstname.lastname@example.org. So I did that too.
So, while all this was happening, one’s anxiety rises due to uncertainty of what is really happening, and the silence was deafening. I kept checking email, nothing. Now, why wouldn’t Facebook deal with security breaches more swiftly?
Ok, so to give Facebook a little credit, I finally got an email from Facebook Support last evening, about 48+ hours post-breach with the message they changed my password.
The problem was I had already solved my own problem, the horse already left that barn. I found a way to fix my own password and remove the hacker’s email. There seems to be a loophole in this process, and how easy it is to change one’s password. So in retrospect it all worked out. But in this day and age where security is a huge concern and the use of social media tools emphasize the “immediacy” of information, Facebook is not performing so well here.
1. Friends are still our fastest chance of survival. If I didn’t get the phone call from my neighbor, or the email from another friend on my site who sent me a few “precautionary” steps to take until I heard from Facebook, I’d be a raging case of frustration. Those steps were:
- Don’t wait to hear back from Facebook.
- Send an email to email@example.com to explain the situation. I’d also send it to firstname.lastname@example.org too.
- Change all other passwords that are remotely similar to that, and that use the same username/login
2. Revisit your own password approach. Is it easy to hack? Seems like we’ve heard this before, but as hackers grow in sophistication we may as not just lock the bottom lock, let’s use a deadbolt too. If your password includes a regular word found in the dictionary, change it. NOW.
So I did figure out how to change my password on my own. These are the steps I took:
1. Logged out of Facebook and the browser. Seems counter-intuitive, to close it out when you don’t know what the password is now. But do it anyway – close both the application and browser. Need to start with clean cache.
2. Try to login with the original email used to open the account. It will fail. That’s ok.
3. Click on Lost my Password. It will bring up a screen that asks you to enter an email to send reset instructions to. I entered my original email used to open the account. Now here’s where the loop hole is. Can you enter any old email address? And reset it from there? Is this how the hack works? I don’t know. Someone should check.
4. Receive password instructions at the email designated. Delete the hacker email from your account with the new password.
You’re done. I hope this doesn’t happen to you, but if it does there is an end in sight. You can always close the account too, and open a new one with a different email address.
My question is, will Facebook survive without a serious customer support infrastructure? With all the accounts they hold, and with the growth rate, will they falter on themselves without this important piece of customer support in the business?
I’m not the first person to be hacked, and will not be the last. Seems that there should be some clear instructions from Facebook on how to handle the situation. Step by step. And some faster response time to address the concerns and fears of being a customer in that application. A little hand holding will go a long way.
UPDATE: February 6th 2009
It seems that this issue has hit the national media with this recent CNN article on Facebook imposter hacks. It seems that Facebook will be doing something to improve security in our accounts. We need it fast, let’s hope they release something VERY Soon. In this article, someone actually sent money to some imposter. Thank goodness that didn’t happen to my friends.