Facebook/System information and account hacking?

[Alex]

How You Are Helping Hackers
Here, we will see some obvious things you can do to make yourself immune to hacking.

1. Facebook Profiles
As the largest social network, Facebook profile is the first thing you need to secure. Go, check it out from the outside. Log out of your Facebook then look your account up, from an outsider’s point of view.

If your Facebook profile shows too much information, you will likely victimize yourself.

It is good to share your email address with the people you know. Otherwise, it is better not to share it at all.

Let’s do an experiment. Pretend you forgot your password, then go into Facebook. Facebook may ask you for your email address, your user name or your mobile number. You can provide that information, and it will send you an email with instructions to reset your password.

Previously, there was a method employed by Facebook to reset the password, and that method had your trusted friends involved for the purpose. It sounds foolproof unless you accept a lot of friend requests on Facebook. Picture this: You get a friend request from a few people that you don’t know. If you are the friendly type, you’d probably accept those four requests.

One thing you don’t know is that those accounts may be operated by one or more hackers. What they will do is simply raise a password reset request on your account, and select three of those four accounts as your "trusted friends". Facebook emails security codes to those trusted accounts, and boom, the hacker takes over your Facebook account. If you have problems with that, then you should take a look at this post of mine to figure out what to do.

Fortunately, Facebook no longer uses this particular method. It also doesn’t rely on security questions any more. Right now, in order to gather access to a Facebook account, the only way is by securing access to the original email address.
Hence, a hacker needs access to your email account to get into your Facebook account.

Which email service are you using? Depending on that, the security differs. If it is Gmail, I would extremely recommend that you start using the two-factor authentication.

Here are the steps:

1. Go to your Google Account settings (not Gmail settings) and go to the Security option.

2. You will see 2-Step verification option. Turn the status ON.

3. Add your phone number. Select to receive the codes by text messages or voice call.

4. Enter the code received to verify your account. Make sure you update the records if you change your phone number.

Another important thing on Gmail is notifications about suspicious login attempts. You can opt for email as well as phone notifications if any suspicious login is detected on your Gmail account.

Google has a security question that you need to set. Make sure it is set properly. While I was working with email security for AT&T, I have encountered elderly customers answering security questions very truthfully. Even though I took time in explaining to them what a security question is and why they needn’t submit the true answer all the time, most of them did not quite understand it.

Most people don’t realize the fact that a security question answer works exactly like a password, only less secure depending on how you through your information about. Talking about your pet Rover on Facebook a lot then setting it it as your Security question maybe risking it a little. Anybody can access your account, whether or not they know the password, just by making educated guess about your preferences, which would work if you are truthful with your security questions.

If you are using the customer service option to reset your password for your email, the customer service executive may ask you your security question. Within AT&T, we used to use security questions to verify customers, questions like "Who is your favorite hero?", and answers like "Batman".

Not only that, we were authorized to provide the first letter of the answer if the customer gets it wrong the first time. A hacker can easily fake it since the random operator cannot identify the voice of the caller, and is supposed to divulge a password if the caller gives the correct answer.

In other companies also, the customer service executives can easily give a hacker your password or other important information from your account (such as your birth date) based on a trivial verification process. The information obtained from this call, may be used to verify an account in another service, and the chain goes on. It is very important to know what services you are using and how you can successfully verify yourself with the customer care department of those services.

Today, we are using not a few but a huge number of online services to get things done. Social media and email may be somewhat unimportant to some of you but what about online banking? It goes without saying how important it is to secure your banking account. I know there are elderly people who have no idea what Phishing is or how to create a good password.

A painful truth is that the security experts working in the companies you trust with your information actually expect you to know a little more about security. A security expert barely stresses the importance of these things. They cannot explain how to make a good password to each and every customer while trying to come up with better and more powerful ways to keep your online accounts safe. It is hence the responsibility of each and every one of us to know more about security in today’s world and act intelligently.

Good luck!

-Alex