I was scrolling through my Facebook newsfeed last night when I saw an update from B.L. Ochman, a social media friend, and colleague whose account had just been hacked. She clicked on a link, which unleashed the Trojan Ramnit on her Facebook account. While this worm has created untold headaches for the Facebook account holders whose data has been stolen, to date, the social network has not addressed the situation with its users. According to PC World, Facebook says it is bolstering its antivirus protection and reminds users to “protect themselves by never clicking on strange links and reporting any suspicious activity they encounter…”
Practical advice but not always easy to remember as we fly through updates and videos posted by friends we trust. In this case, Ochman’s friend’s account had been hacked first, and neither was aware of it.
ZDNet states that hackers have used a Ramnit worm variant to harvest 45,000 Facebook login credentials worldwide, purportedly mostly from users in the United Kingdom and France. According to a statement from the social network, more than half of the information stolen was from inactive accounts. However, as blogger Emil Protalinski points out, that still leaves about 20,000 people who, like Ochman, have had their accounts hacked. The possibility exists that infected Facebook account holders will find that the email accounts they have used to access Facebook have been infected as well.
So what do you do if, or more likely, when your account is hacked? First of all, do what I did right after reading my friend’s post. Change your password. Don’t use the same email you use for other accounts and make your password strong. Then change the password to the email account you use to access your Facebook account. And that’s just for starters. You may need to uninstall and reinstall your web browser. Monitor your account closely and close your account each time you leave the site. (Leaving your account open apparently leaves you more open to hackers.) Facebook encourages users to visit and “like” the Facebook Security page to receive updates about how to protect your information both on and off the social network. Yet the most recent post on the Facebook Security wall is from December 2011, with no mention of the Trojan Ramnit.
Finally, recheck your security settings and check the applications you have allowed access to your account. Some of us have so many applications installed that checking all of them feels overwhelming. Knowing which applications have permission to access your social network account is critical. A simple way to address this is to use the tool mypermissions to quickly and easily check and edit the permissions you have given to applications across the web.
Facebook has, for better or worse, become part of our daily lives. According to a survey by comScore, released in December of 2011, one in every seven online minutes is spent on Facebook. Facebook’s active user base has grown to more 800 million, and according to Facebook the typical user has 130 friends and is connected to 80 community pages, groups, and events. Take a second close look at your passwords, permissions and security settings. Share this story with your networks and remind them to do the same.
According to Zone Alarm, more than 20% of Facebook newsfeed links currently open viruses and 7 Facebook logins are compromised every second each day. The odds are pretty good that you may have to deal with this–or will know someone who does.