Tuesday, January 3, 2017

I've Been Facebook Hacked

Did "hacked" come to mean something other than someone gaining unauthorized access to your account? I know kids these days have new words for everything, so I just wanted to make sure I didn't miss some of the hip lingo they're laying down.

I'm seeing so many people on Facebook lately claiming to have been "hacked" because their account is sending out posts/messages without their knowledge.

If you had been hacked, there are two possible scenarios:
1. Someone either figured out your password (you use your dog's name for all your passwords) or cracked it using what's known as a brute force attack (a program literally tries all the possible combinations until it finds the right one), or
2. your sibling/spouse/friend/ whatever finds out you didn't log out of Facebook when you walked away from the computer, and you don't notice until people start commenting on your post about how that sibling/spouse/friend is the best person on the planet (or that you pick your nose, depending on how kind that person feels at the time).

Here's why you don't see more brute force attacks on Facebook profiles: let's assume you have an 8-character password with 1 upper case, 1 number, 1 special character, and 5 lower case. That's 98,853,048,320 possible combinations. It would take 2hrs for a computer capable of trying 25 billion passwords/hour (that seems to be the average figure for brute force applications, and Facebook doesn't let you try that often). Adding even one more lower case character to your password adds roughly 48hrs to the cracking time needed. No one really wants to spend that much time just to get access to your Facebook account. Let's face it, all your selfies are on Instagram anyway.

So, in short: You were not hacked. On Facebook, that's known as permissions, not hacking. At some point in your Facebook journey, you clicked on something that gave another app permission to post on your behalf.

"But I didn't click on anything!" you protest.

Really?? This is Facebook, if you have a mobile device, you check Facebook an average of 14x/day. The average session is 20 minutes. Next to email and your web browser, Facebook is the most popular app. Almost 80% of smartphone users check Facebook within 15 minutes of waking up in the morning. 62% of users check Facebook immediately in the morning. Somewhere along the line, you clicked on something.

You probably didn't notice because you just hit OK on the pop-up message that was between you and the video you wanted to watch, or the quiz you wanted to take so you could see what kind of spatula you were in a previous life and didn't see the fine print that said you give this app permission to post to your timeline. These "hackers" don't need to waste time breaking into your account when you simply leave the door open for them.

No comments: