Today my local coffeeshop, then one just bellow my office, had their Facebook account hacked. And, while my wife and I both enjoy grabbing coffee there, and I sympathize with their predicament of animated images of people doing improper acts on their Facebook page. Many pages have not yet experienced a breach of this type so it begs the question, “What can be done to prevent this?”
First, you must understand that Facebook, in particular, has blurred the lines of personal and corporate. That is, you must login with a personal username and password to get access to your company page. This creates particular problems when corporations have strict policies on passwords corporately, but allow employees to connect their personal Facebook page to the brand.
How do they gain access?
Hackers typically gain access to a Facebook page through a compromised personal Facebook account that is an administrator on that page. Often the username and password were found because they were the same as another login.
What do they do?
Once they gain access, the first step is to remove any legitimate administrators from the page.
What can you do once you are hacked?
Secure your account and go to Facebook’s Hacked Account Page.
And more importantly…
What do you do to Prevent this from happening?
Change your password, make sure it is not the same as other logins like your email, itunes, Dropbox, travel sites, etc.
Applications like ours can detect when new administrators are added and alert, they can also limit the amount of Facebook administrators present. For those of you who go through social media audits through FFIEC or FINRA, you are being asked in many cases to limit the number of administrators you have on your pages.
We send emails that are flagged as “rogue messages” for any messages not posted through our system which can heighten awareness to potentially compromised accounts. Contrary to popular belief, apps don’t compromise administrator passwords; Facebook does not give those out to third-party apps. That is not to say that you could not have false messages posted through an app or for them to gain access to information you wished to keep private, so as always, know whose app you are accepting.