Facebook accounts getting hijacked?


So today checking my mail, I was exited to see that an old college friend that I haven’t talked to much posted something on my wall on Facebook.

I checked the message, and the message ended up being:

Found some super potent legal bud at http://www.bobblak.com !!
Which clearly didn’t actually come from from the person which is listed on Facebook.
Going to the website (and being careful not to let it touch cookies, cleaned browser after), you see:
Maybe it was just a matter of time. Have spammers(hackers?) finally breached Facebook and begun posting impostor messages? If so, this looks like a pretty significant security issue. This is extra bad because we know that some employers (and other groups) are monitoring public facing facebook accounts.
If a potential employer of mine checked my Facebook profile (if it was public) and saw this he may assume that I use/want to buy Marijuana – there goes my job. After all, if a friend is offering me weed, there’s probably a good chance I smoked with him? (didn’t happen, I went to a boring college)
The difference between this and email spam is that if I get this type of message in an email, I assume (tin foil hat aside) that I and the spammer are the only ones who know a message was sent.
This will be a very serious issue if it is what it seems to be. After the Beacon fiasco, this might be enough to make me shut down my account.
Update:
It looks like the attackers are also erasing victims mini-feeds, so you won’t be able to see that this is happening easily. You’ll need to keep your eyes open for wtf? emails from friends…
Update:
Tina wrote:
how do these wallposts spread on facebook? is there any security measure we can take not to have such messages being sent from our account? and how can we know that such msgs were actually sent on our behalf?
Being that they are deleting feed information, its hard to determine whether your account has been compromised.

I doubt that there is anything you can do to stop this yourself short of terminating your account. This is something that the guys at Facebook will need to fix. I’m sure there are alot of developers there that haven’t had much sleep the past couple of days working on this.

The bigger question is whether the attackers have access to all your other data, and my guess is that THEY DO.

So your address, AIM, cell phone number, photos, and any other information could very well be leaked at this point. Additionally, as far as I know there is no guarantee that Facebook actually deletes information (messages, pictures, other personal data) when an account is terminated, so if the hackers have gotten in very deep (which seems likely) even data from terminated accounts may be observable to the attackers.

15 Responses

  1. Hey I got this message from a friend aswell… I got no clue what it is from.. I dont post on kijiji or craigslist anymore because of scammers and am beginning to worry… if you find more info please let me know…

  2. I got one of these as well. It’s worrisome, but I guess it was only a matter of time.

  3. I got one today as well !! Googled the site at once, cuz he who sent it, dont write to me in english.

  4. Well… It seems I’ve been the victim of this hack. I wonder if it was because I left myself logged in overnight??

    Anyway, I’ve had to write apologies to a number of people and have included this link for reference.

    So if you’ve come to this site from my link – once again, very sorry and embarrassed!

  5. This happened to me last night also. Although my account was the one that sent the message to my friends wall. I was logged into my account through my IPhone and I don’t regularly turn if off. I emailed a lot of appology emails, changed my password, and deactivated my account. Since then, I also contacted Facebooks privacy complaint email. I’m waiting for a reply. This sucks.

  6. I have got two today!! and They said they didn’t send this to me

  7. Also got one…

  8. the same happened several weeks ago with a spam ad saying: “it’s finally here, smoke”, apparently posted by a friend on facebook.

    documented here: http://assistedthinking.wordpress.com/2008/03/28/its-finally-here-smoke/
    but no clues yet about the origin

  9. […] 16/05: new spam arriving on facebook, again about super potent legal bud. more info here: This is extra bad because we know that some employers (and other groups) are monitoring public […]

  10. how do these wallposts spread on facebook? is there any security measure we can take not to have such messages being sent from our account? and how can we know that such msgs were actually sent on our behalf?

  11. They’re also hijacking Messenger.com accounts — old contacts telling me to click through to obvious spam. These hackers really need to find something better to do…or just need to be prosecuted. It’s stupid…

  12. i dont know what happen.. 1 week im not sign up on facebook.. n they tell me, i had sent it to they, its really weird… i never send bout it.. n i dont know why.. this happen come to me.. 1 question.. this is danger or not?

  13. I feel so sad about people without dignity..
    Get a life fucking wankers…
    and
    Light Love and Kittenz / The divine ;*

  14. ISn’t this just regulary phishing? Somehow you have entered your password for facebook in the wrong place where the hackers picked it up. Change your password and you are fine…

  15. […] about 3 months ago I wrote about a Facebook hack where someone was hijacking accounts in order to sell fake weed.  Looks like we have another big […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: