Facebook security problem (again)

Friday 29 April 2011, 7.20pm HKT


Hackers are at it again, this time trying get password resets to your Facebook accounts. The last time this happened on a large scale was around March 2010. This time the exploit seems a little more sophisticated.

What’s taking place

Anytime now, you’ll be getting a Facebook email with subject line “Facebook Password Reset Confirmation” or “You requested a new Facebook password” or variations of them.

The email is FAKE, but the language and links look very legit. One version reads like below (only for your information, don’t click on the links below):

You recently asked to reset your Facebook password. To complete your request, please follow this link:

https://www.facebook.com/recover.php?n=pLePBJFsP&id=520163655&s=100

Alternately, you may go to https://www.facebook.com/recover.php and enter the following password reset code:

pLePBJFsP

Please note: for your protection, this email has been sent to all the email addresses associated with your Facebook account.

*Didn’t Request This Change?*
If you did not request a new password, let us know at:

https://www.facebook.com/login/recover/disavow_reset_email.php?n=pLePBJFsP&id=520163655

Thanks,
The Facebook Team

It’s actually impossible to tell if the message is spoofed or if Facebook got ‘engineered’ into sending out a legitimate notification. Either way, the solution is to work only with Facebook Help Center at the Facebook site itself.

Workaround solution

  1. Don’t click on any link in that email.
  2. Don’t download any attachment that the email contains.
  3. Ignore and bin the email.
  4. Go to your Facebook account, change your login email, and change your password.
  5. Inform Facebook of the exploit and disavow the password reset using only Facebook’s own Help Center.
  6. Done!

The password reset exploit was last seen around March 2010. That time, the exploit was a straight fake email containing a downloadable keylogger or virus. But this time, Facebook itself might have been fooled into issuing legitimate notifications.

If your account still ends up getting hacked, reclaim your account by following the directions on this Facebook help page.

Be sure to let your friends know about the email scam so they don’t become victims as well.

Updated 11/11/2011:
Comments now closed for this post — because of spam. We do apologise for this.

© The Naked Listener’s Weblog, 2011. Updated 11/11/2011.

7 Responses to “Facebook security problem (again)”

  1. Woman said

    You get Facebook in Hongkong??? I am so jealous!!!!! But good info to know for next month!!! Thank-you!!!

    Like

  2. Bonnie James said

    It is not my password that is messed up, it is my email address. For years I have the email address of poodlelover@_____.com Someone changed it to dogs.com

    Like

Comments are closed.

Diary of a Psychokiller

take a trip with me to the darkside

Lipsync Lawyer

Stop bitching and know your law differently

Daring Fireball

Hearing ordinary lives talk

Girl in Florence

A Tuscan Texan immersed in Florentine life: passionate about food & wine | random moments | and travel

One Drawing Daily

I've been drawing and painting and learning (almost) every day since the 9th September 2014

An English Man In SF

a diary of life as an immigrant

MB Forde

Ghosts, Legends, Folklore and Writing

Motorcycling in Hong Kong

On two wheels in Asia's World City

Tinkerbelle

Making her way back to Neverland one day at a time...

The Naked Listener's Weblog

Hearing ordinary lives talk

Basti in China

Random stuff from Hong Kong and China

Making Maps: DIY Cartography

Resources and Ideas for Making Maps

Pointless Diagrams

A new, meaningless diagram drawn daily, just 'cause.

This Blog Needs Words

The greatest WordPress.com site in all the land!

The London Column

Reports from the life of a city, from 1951 to now, compiled by David Secombe

Vintagerock's Weblog

Just another WordPress.com weblog

%d bloggers like this: