web analytics

Facebook Hacked – Vulnerability Posts Fake Like of Video Link Stating “This girl killed herself, after her dad posted THIS to her wall”

20121211tu-facebook-hacked

Have you recently seen a post on Facebook similar to the one above? It’s a fake post to the Home Facebook newsfeed page.

It seems that someone managed to hack into Facebook today. This doesn’t seem to be simply an unauthorized use of a single user account. Instead, the hackers seem to have accessed the core Facebook operating system and created a posting similar to a promoted/paid story ad. However, it didn’t show up as a paid ad, instead it showed up as part of the normal listing of stories on many people’s Facebook “Home” news feed.

When I first saw this link had been “Liked” by a trusted friend, I was suspicious, and clicked the link to investigate further. Sure enough, the link went to what appeared to be a malicious website. I checked my friend’s wall, but the item wasn’t showing up on that person’s wall. Normally, if someone “Likes” a story or link, it shows up on their timeline.

Then, a short time later, this happened a second time — another friend seemed to have “Liked” the same link. I contacted that friend and they told me they saw that I had “Liked” the same item.

It seemed very unlikely that three people would simultaneously have their accounts hacked into, and then have the same story promoted virally, without any mention of the story on their personal wall, and without any alert from Facebook that a new device had accessed the account (as would normally happen).

Based on the above, it seems that someone has managed to hack into Facebook and manipulate the Home listing of stories by injecting any story they want.

Beware of suspicious looking stories posted by friends – even if their accounts haven’t been hacked into.

Greg Johnson, Technologist

By Greg Johnson

Greg Johnson is a freelance writer and tech consultant in Iowa City. He is also the founder and Director of the ResourcesForLife.com website. Learn more at AboutGregJohnson.com