Hackers have a far better understanding of the weakness of Facebook's privacy issues than any of us. Right now, thanks to some devious cyberjerks, many of my Facebook friends think I'm an obnoxious, knockoff Nike shoe vendor. Donna Antebi: Shoe Hawker.
The nightmare began when I logged-on to Facebook and, to my horror, found that "Donna Antebi" was hell-bent on selling her friends knock-off, gold lamé, tricked-out Nike sneakers. My closest friends knew immediately that I'd been hacked. Think about it. Could this really be me? Recommending shoes without heels? That's obviously an impostor! Messages from my not-so close friends rolled in: "Hey, Donna. Thanks for the cheap shoes. Unfriending you, boycotting Nike. Btw, have you been drinking?"
Mortified, I tried to report the problem to Facebook, hoping I could quickly retrieve my account. No such luck.
The hackers hit me with a one-two punch that thwarted my ability to access help from any of the usual Facebook security solutions. First, they hijacked my www.facebook.com/donnaantebi account and changed the URL to www.facebook.com/losokana. Next, they used my stolen registration information -- which included my password, email, and cell phone number -- to set up a new Donna Antebi account www.facebook/antebi.donna. They even pre-loaded it with some of my friends and personal photographs. They then began a campaign to relentlessly harass a few thousand of my nearest and dearest friends by spamming them with fake Nike solicitations.
The hackers' new party trick was effective. Changing the name of my URL, and setting up a decoy account, meant that all of my complaints and subsequent Facebook security solutions bypass my real account, which is no longer under my name, and instead, get redirected to the fake Donna Antebi account. The hackers made it impossible for me to correct the problem via computer complaining -- which is the only frustrating way to communicate anything to Facebook. Genius.
Every day since April 22, 2012, I have emailed back and forth with a Facebook robot in their virtual complaint department, trying in vain to regain custody of my account. All the usual, "reset your password," "send a code to a trusted friend," or "show your identification" solutions continue to be redirected to the fake account. It's maddening.
These scammers are bold. On my hijacked account, they even pretend to be me and respond to my friends as if I'm answering. "Hey Donna, is this really you?" "Oh yes, I just really love these Nike shoes!" There is nothing I can do but watch as the bad guys leisurely have their way with thousands of my very aggravated friends.
My Facebook detractor friends launched into a sea of "I told you so's" and "that's why I don't use Facebook." But the fact is, Facebook is here to stay, and I would like to have my account back. Realizing the futility of an automated solution, I decided to call the company, and that's when I got an even bigger eye-opener. Telephone prompt option one: "Thank you for calling Facebook. Unfortunately, we do not offer customer support at this time." Then it gets even more alarming. Option two is for law enforcement. "Please note that due to a large call volume, current call back time is 2-4 days." For law enforcement? How is that for disturbing? What if the FBI is hot on the tail of a child-abduction lead? Too bad. Get in line like the rest of us.
I wanted to understand how this could happen, so I searched "How to hack Facebook." Much to my surprise, 294,000,000 results came up! Hackers go after Facebook 600,000 times a day! Not only is hacking Facebook a potential felony, it's also very big business. There are pages and pages of people and companies that, for a fee, will either hack into Facebook for you -- guaranteed, or teach you how to do it yourself. Want discover what your boss is doing? Or maybe how to gain real insight as to why your relationship status is "complicated?" You can, for a price. Really? Maybe they can fix this for me.
Everyone on Facebook should understand what is at risk if they are hacked. I have discovered the hard way that the implications of privacy violations are far greater than marketing companies appropriating our data to sell us targeted goods, or the inconvenience of losing friends and starting over from scratch. Being hacked flings the door wide open for identity theft -- the fastest growing crime in the United States.
I gave my home address to friends on Facebook. I have also acknowledged the identity of my sweet mother, who still lives in the town where I was born. Two clicks on www.genealogy.com and the hackers have my mother's maiden name. Bingo. My Facebook disclosures have inadvertently rolled out the red carpet for criminals to access my bank accounts, and I've set myself up for credit card fraud too. Also -- if you think Facebook is the photographic time capsule of your life, you better think again and back up those photographs now. You are only one hack away from being violated and walking a mile in my counterfeit Nike shoes.
Hey, Facebook, are you listening!? This is America. We believe in quality products and customer service. You have made company growth a priority at the expense of customer care. Doing business "the hacker way" allowed you to swiftly create a corporate Godzilla. Your philosophy of "Done is better than perfect" has clearly worked well for your wallet. Your letter to investors outlined many things, including your five core values: Focus on Impact, Move Fast, Be Bold, Be Open, Build Social Value. What you failed to mention is concern for the user or the quality of your product -- which is nowhere near perfect.
Mr. Zuckerberg, the IPO is completed. It's now time to stop counting your money and catch your breath. You need to focus on shoring up Facebook infrastructure before funding more expansion. Facebook hacking is out of control. If user privacy and security is not strengthened, then Facebook should issue a bold warning on every page -- just like the cigarette companies do. "Warning! Facebook is not a secure site. Users may be targeted by criminals, and are at serious risk for personal and professional violation."
On behalf of all Facebook users, I would like to say that when robot solutions run dry, the ability to reach a fraud division with real, live human beings should not be too much to ask. By the way, your plan to offer privacy software that your users pay for, and Facebook profits from, is not good enough. Facebook can afford to do a better job. There are no good excuses for not doing so. You spent one billion dollars to acquire Instagram. How about parting your wallet for some Instahelp? Remember, corporate greed is uncool even if people under 30 run the company.
And regarding Nike, Mr. Parker, CEO -- all press is not good press. Certainly the incessant solicitation to buy fake Nike's seems like something that would pique your interest? Maybe you'll have more luck getting through to Facebook than I did. I suggest you start by tracking down who is behind "losokana" and prosecute. Demi Lavato's hacker just got one year in prison, so maybe we have a case. Hey... if you do manage to speak with Mark Zuckerberg, Chris Cox, Dustin Moskovitz, Adam D'Angelo, Jeff Rothschild, Chris Kelly, or any one of Facebook's 3,559 tech-savvy employees, could you please ask them to rescue my thousands of friends and associates from the hijacker operating as facebook.com/losokana and return the account to me: facebook.com/donnaantebi?
Right now I am going to do something that's becoming less common -- pick up the old-fashioned telephone. I need to apologize to my friends and family for suggesting they buy ugly, gold, bedazzled fake shoes. Wish me luck. I have a lot of explaining to do. In the mean time, you can all reach me at what I hope will be my temporary Donna Estes Antebi Facebook account, with the ridiculously long URL: www.facebook.com/people/Donna-Estes-Antebi/617185477
(Note: Post-Facebook hack, my mail has been stolen, my banking has been compromised and two checks linked to my credit card were cashed. I tried to reach the Facebook PR department for comments, but as of this publication, I still not have heard back).
Follow Donna Estes Antebi on Twitter: www.twitter.com/donnaantebi
Sure, like AOL and Compuserve, no doubt about it.
Would you put out your personal info out on a CB radio? That's what Facebook is except more permanent.
I don't even use my real name or birthday on FB. I don't store passwords and if you found my computer you'd be hard pressed to find out who it belongs to because I don't keep identifying info on my box. I disable the microphones and put black tape over the camera.
FB is just a bit of fluff so best not to get too attached.
This is Hari from www.funbutlearn.com
Using public WiFi is an extremely dangerous thing to do if one doesn't take precautions. In such situations, you should have a software firewall on your machine and only connect to websites via an encrypted connection. If there is no "https" in the URL, don't log into it. Anyone with a packet sniffer will be able to get your login credentials. There's also the risk that the public Wifi access point you are hitting is a fake and that, when you login to a site like "Facebook," it's actually a fake page that harvests your data for an attacker before passing you on to the real site. For those who truly need to be security conscious, they are better off using a personal cellular modem that plugs directly into their computer. There are prepaid models with plans for as cheap as $10-$15.
I didn't know people thought facebook was secure. That's interesting.
Every site out there can be hacked. And often it is a simple matter of guessing passwords.
Relying on some faceless company to protect you was your second mistake. Your first was to put out a bunch of personal info in the first place.