Facebook: How and Why do you get hacked?

Facebook is one of the richest companies in the world, with the amount of data they process beyond most peoples comprehension. Correspondingly, they attract the best security engineers in the world, with their giant pot of cash able to remunerate them handsomely, with some of the highest salaries in the industry.

So with the above in mind, why is it that friends every week are seemingly getting their Facebook hacked, yet they have no real clue as to why?

Simply put, it’s not Facebook being hacked, but the 3rd party websites that have used Facebook to login in with or connect with, over the years.

You might not realise it, but every time you answer one of those polls or interact with an App on Facebook, it logs you in with Facebook Connect. Think that cute little questionnaire that worked out your Gangster Name or your Royal Name. That’s where the loop hole is and the security weakness.

So, if you’ve ever tried one of the following or seen pop up in your news feed your friends trying out stuff like below, this is Facebook Connect in action. Really, any 3rd party app is a potential leak, where you could be toast.

  • What’s your Stripper Name?
  • Work out what your Royal Family Name would be
  • What’s your Gangster Name?
  • What’s your DJ Name?
  • Which house at Hogwarts would the sorting hat put you in?
  • Are you destined to fight for the Rebel Alliance or the Empire?
  • Are you a Democrat or a Republican in your outlook?
  • Should you vote Liberal or Labor?
  • Play FarmVille?
  • Play Zombie Wars?
  • Play Words with Friends?

The above is just a snap shot of the myriad of apps out there that chip away and get pieces of your identity – all via Facebook Connect. And in some cases, that little game developer or cute questionnaire developer doesn’t quite invest in the same level of security or talent to protect your data, because they don’t have the cash. Or they just don’t care. Or they setup the app to mine your data in the first place.

This last in the worst case, cyber security is utterly compromised because the app itself is oriented to data mining and geared towards identity theft as it’s the end goal of why the app was setup in the first place.

Facebook as a business doesn’t do itself any favours in this regard, as they keep on redesigning the interface to actually find the privacy settings that need to be updated/changed. This is in part driven by ongoing complaints about how difficult it is to manage your data and privacy, however ironically the very settings that you need to change is the heart of how Facebook makes its money : the way Facebook is setup to mine your digital footprint, profile and bias in apps and sites you interact with.

To fix this and secure your profile, remove connectivity to the 3rd party apps and websites below. The below screenshots will walk you through how to clear these settings step by step.

And if you have been hacked, don’t forget to change your password.

Device: Apple iPad Air 3. Operating System 15.0.1

Date: Saturday, October 9, 2021

Pick the 3 dots to get into settings
Select “View Privacy Shortcuts”
Facebook don’t make this easy, as you”re about to turn off a big section of their telemetry that they use to profile you.

You have to start digging – select “See more privacy settings”
You’ll be presented with a big screen of menus. Scroll down…
…until you find Permissions. Apps and Websites and Games are that two areas you want to clear out.
This is in the Apps and Websites area. Mine is empty, but if you’ve never adjusted these settings before, I guarantee you’ll be shocked how much data you’re leaking to 3rd party (less secure) businesses.
Turn all the connections off, unless you explicitly trust the particular site you are connected to. Examples of trusted sites might include Strava, Qantas, Nike, Apple etc.
You want your Apps and Websites to be empty like this.
… and your Games section to be empty like this. Games developers are amongst the most targeted in the world for data mining and stealing Personal information ie. Identity Theft.
Whilst convenient, strongly consider emptying and deleting any auto fill forms. The only auto fill I would personally consider is Apple Key Chain or a high quality password safe like 1Pasword, Dashlane, Keeper or LastPass.
This is what it should look like empty.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.