Google
 

Tuesday, January 15, 2008

Scary Facebook security warning

As of an hour ago I had a story almost ready to go for today, and then I got this strange e-mail that changed the topic of what I was going to cover today. The contents of the e-mail are posted below:

Facebook Password Security Alert
From:
Facebook (password+mgayqqqn@facebookmail.com)
Sent: Tue 1/15/08 1:58 PM
Reply-to:
Facebook (password+mgayqqqn@facebookmail.com)
To:
Cody Eding (e-mail omitted)

--------------------------------------------------------

Hey Cody,

We have reset your Facebook account password for security reasons. You will need to use the link provided in this email to create a new, secure password for your account. In the future, please make sure that when you log in to Facebook, you always log in from a legitimate Facebook page with the facebook.com domain. To reset your password, follow the link below:

https://login.facebook.com/reset.php?... (link omitted for security reasons)

(If clicking on the link doesn't work, try copying and pasting it into your browser.)

Please contact info@facebook.com with any questions.

Thanks,
The Facebook Team

--------------------------------------------------------

At first I figured it was a hoax. So I went to Facebook and tried to log in. No dice, my password was incorrect. So I looked at the e-mail closer and saw that the link does indeed point to a secure site. However, I still thought the facebookmail.com domain was fishy.

Instead of resetting the password through the e-mail I received, I went to Facebook’s home page and reset it from there. Low and behold the reset message came from facebookmail.com as well. I reset my password and now I can log back in. Weird.

First of all, I never realized that all Facebook e-mails came from facebookmail.com. So if you do get this e-mail it appears to be legit. Why they sent it to me is unknown. I will be sending them an e-mail to find out.

My guess is that they think somebody hacked my account and is spamming the system. Why? Because today is my birthday (#19… whoo) and I’ve gotten 40 wall posts in the last 15 hours, which is much more than my usual rate. In addition, I bet I’ve written 40 or so posts back. So I guess the system has a reason to think that a spammer might have taken hold of my account. Oh well, it’s fixed now, but it definitely scared the hell out of me (i.e. virus lockdown mode with all anti-virus and anti-spyware on deck).

I will post the results of my e-mail to Facebook when I receive an answer.

18 comments:

the local journalism major said...

Holy L33T Haxxors, Batman!

I wouldn't have believed that email either. Weird. But I'm glad everything worked. Mine so far has worked fine....

Anonymous said...

Just to let you know, same thing has happened to me. No idea why. You were able to reset your password. I one the other hand am unable to for some reason. I have no idea what to do about it. Who to contact? Being new to this whole thing makes it quite difficult to figure out.

Cody Eding said...

Anonymous - You couldn't reset through the Facebook main page? I would try emailing Facebook support, though like you said I'm having a hard time finding an e-mail address.

Anonymous said...

Apparently, there are times when the Face disappears off the book because I am having the problems you all expect. The reset link is a problem ; it has taken me to this Blogsite.

Anonymous said...

Same thing just happened to me today. I freaked because my colleague sent me a bizarre email from her Face and it clearly had been hacked. I was able to change my password, but have tried to change it again since and am having weird things happen. I emailed the customer support team and am waiting a response.

Good to know that I am not alone and this is legit.

Thanks for the post!

Anonymous said...

I too have tried to log on the site only to be told my password is incorrect I have tried to reset by copying and pasting link to no avail I have also been sent to this site and I too dont know where to go from here or who to contact..so no facebook for me today :-(

Cody Eding said...

Heather - Try going to the main facebook.com site and resetting from there. That's what worked for me.

Anonymous said...

im there with u guys
i got the same message and have no idea how to fix it because I clicked on the link and typed in my password and now I cannot access my facebook at all. I cant even change my password because I cant log into my profile....does anyone know what can be done?

Anonymous said...

Help l am new to Facebook and forgot my password l keep copying and pasting the link they send me but it just takes me here

Cody Eding said...

I find it hard to believe the link they are sending you brings you here? Don't copy and paste my link in. You should get your own unique link in your e-mail when you ask to recover your password.

Matt Baron said...

Did you ever get a response from FB on this? I just got the same e-mail so I'm curious

Cody Eding said...

Matt - I received a very generic e-mail in response that did not tell me much more than that it was for security reasons. I believe the e-mail also contained another address that I could have sent a question to but I just left it at that.

Anonymous said...

well i havent gotten any email but today i tried to login into facebook but it appears a message displaying incorrect password/email but i tried to reset the password but still getting the same message..i dunno what to do can anyone help me!!i will eally appricieted..thank you:(

Anonymous said...

okay no problem here is the deal i manage to get back my current facebook account :)that scared the hell out of me:)

Anonymous said...

Note: even if the first email appeared "legit", do not use it. Have Facebook reset your password, and follow the e-mail they send to you, the one you are expecting to receive.

And remember: it is not paranoia when they ARE out to get you...

rachinc said...

i just got a message from Avi Rovinsky, (AND HES MY FRIEND!, DONT GET MY WRONG) but hes someone who NEVER writes to me on facebook. and he sent me a message and said:

Who and when made this video of you?!!!:
http://you%74%75bef%69les%2E5q.pl/?a=F0F2EFE6E9ECE5AEE1EBAEE6E1E3E5E2EFEFEBAEE3EFEDAFF6B2B2B8AFB1B6B6B1AFB4B2AFF1B9B8B0B6B4B9B7DFB9B5B5B7AEEAF0E7&b=C1F6E9A0D2EFF6E9EEF3EBF9

DONT CLICK ON IT!!!!!!!!!!!!!!!!

he didnt say dont click on it. im telling you not to click on it. but i clicked on it. and of course i went there and it said "Secret video by Avi Rovinsky" and it was a FAKE youtube website. it wasnt the real thing.... and instead of the video just playing, it tried to download a file to my computer called "codecsetup.exe". creepy, it was trying to give me a virus. now im scared that someone has access to my comp. the codecfile went to my downloads folder, but its a .exe file, which is for windows, and i have a mac. so i think if i had a pc, i woulda been screwed big time with a virus. BUT MY POINT IS: AVI DIDNT SEND THAT MESSAGE. i know he didnt. and i've heard similar stories from my facebook friends saying "oh my friend wrote on my wall and said to check out ring tone mafia. and then they claimed they didnt write it on there at all."

Then i was using facebook much much later in the evening, and it logged me out. and i kept trying to log in, and i kept typing in the correct password and login and it wouldnt let me in. so i pressed password reset from the official facebook site.

then i went into my email and saw facebook had sent me an email a minute before i reset my password saying: "We have detected suspicious activity on your Facebook account and have reset your password as a security precaution. It is possible that malicious software was downloaded to your computer or that your password was stolen by a phishing website designed to look like Facebook. Please carefully follow the steps provided:" (etc)

and it had links to click but i didnt click them, because i dont know if facebook sent the email or if a hacker sent the email. because the email address looked fishy: From:Facebook (password+feo=l=rz@facebookmail.com)

So someone changed my password on facebook. it was either a hacker or facebook themselves. but either way i was able to change my password and get back into facebook.

and now i wanna run Norton to see if anything did get on my computer.

Emma said...

I've had two emails today, purportedly from someone I know, (two someones) asking me to confirm they're my friends on Facebook. I didn't realise at first that it was sent to an email address that's not associated with FB; so went to the site.
I then twigged (I was already logged in to FB), but changed my password immediately. (Via a different browser)
The first one I saw was from a friend that I wasn't unduly surprised to have a facebook a/c. The second I was more surprised...

Anonymous said...

oh u have no idea how much i regret on opening an account with facebook, it's horrible when need to resset a forgotten password,i tried so many things,and nothing.this is a shitty site.myspace is the best.