20121211tu-facebook-hacked

Have you recently seen a post on Facebook similar to the one above? It’s a fake post to the Home Facebook newsfeed page.

It seems that someone managed to hack into Facebook today. This doesn’t seem to be simply an unauthorized use of a single user account. Instead, the hackers seem to have accessed the core Facebook operating system and created a posting similar to a promoted/paid story ad. However, it didn’t show up as a paid ad, instead it showed up as part of the normal listing of stories on many people’s Facebook “Home” news feed.

When I first saw this link had been “Liked” by a trusted friend, I was suspicious, and clicked the link to investigate further. Sure enough, the link went to what appeared to be a malicious website. I checked my friend’s wall, but the item wasn’t showing up on that person’s wall. Normally, if someone “Likes” a story or link, it shows up on their timeline.

Then, a short time later, this happened a second time — another friend seemed to have “Liked” the same link. I contacted that friend and they told me they saw that I had “Liked” the same item.

It seemed very unlikely that three people would simultaneously have their accounts hacked into, and then have the same story promoted virally, without any mention of the story on their personal wall, and without any alert from Facebook that a new device had accessed the account (as would normally happen).

Based on the above, it seems that someone has managed to hack into Facebook and manipulate the Home listing of stories by injecting any story they want.

Beware of suspicious looking stories posted by friends – even if their accounts haven’t been hacked into.

Greg Johnson, Technologist

%d bloggers like this: