Two-factor authentication adds an extra layer of security to your online accounts. But sometimes, hackers can even get through that.
Several months back, I told you about the importance of two-factor authentication for social media accounts. Activating it gives you a second security checkpoint. Beyond the basic password you already need, you can choose to receive a six-digit code sent to your smartphone. You can also use a separate app like Google Authenticator to generate such a code.
That means that for someone to get in to your account, they’d have to have your password and your phone.
At least, that’s what they’d theoretically need.
I woke up the other morning to a couple of Facebook messages asking if I had been hacked.
One friend sent me a screen grab showing a message my account sent them. It included a link with suspicious language like, “I found this and you need to see it right away.” That’d be what most security-savvy folks would call a red flag.
They found it suspicious and let me know. I checked my Facebook Messenger but there were no messages that had gone out between 1:30 a.m. and 3 a.m. that matched those descriptions.
It was time to perform a security check.
Suspecting foul play, I turned to Facebook’s built-in security options. First, I found two friends I’d never heard of had been added to my friend list. I quickly deleted them.
Then, I also saw an email address I didn’t recognized listed as one of the official email addresses connected to my account. I quickly removed it as well.
I also changed my password and logged out all instances of Facebook on my various devices. I’m at least happy to report that none of the devices listed looked suspicious. However, that could have meant that the initial attack had come and gone and that if I hadn’t stepped in, some “bad actor” would have logged back in later and sent out more messages.
Since then, I have had no issues as far as I can tell.
Hackers keep perfecting their craft.
To be fair, I shouldn’t have had any issues to begin with.
I enabled two-factor authentication a long time back. In fact, I was required to do so because I am the administrator of several Facebook pages. Facebook is working to make sure all page administrators enable that security option.
I watch for suspicious links and, quite simply, I don’t click them. I’m not exactly new to this game.
I have virus software on my computer that’s constantly scanning. Once in a while, it’ll block a site because of possible malware.
In short, as far as I can tell, I did all the right things to prevent being hacked. Yet, they still found a way.
Two things you should do.
First, run a security check on your social media accounts. Facebook actually has a “Security Check” option that walks you through your password and settings. It also shows you where you’re currently logged in and which email accounts and phone numbers are connected to your account.
Other social media platforms may not have anything quite so formal. But you should still be easily able to review your basic settings.
Second, change your password more often. Every few months, come up with a new password. Make sure you don’t use one that you’ve used elsewhere. Yes, it’s a pain in the butt to change passwords. But it’s also a pain in the butt to find out you were hacked and must scramble to make changes out of the blue.
Third, look out for your friends. If you see them sending out something suspicious, alert them to it. Chances are, they have no idea their account sent out questionable links. They may not show any record of such messages having gone out.
The message you send them might be their very first — and perhaps their only — notification that something went awry.
Finally, take those notifications seriously and act immediately. Change your passwords. Take steps.
The hackers certainly are.