Was Facebook hacked?

If you’re having problems with your Facebook notifications lately, i.e. getting updates and groups from people you don’t know, then you’re not alone — lots of people started complaining about it since last Sunday, June 19. Fortunately, I’ve found a solution to it. Details after the jump.


The Notification Problem

I was doing my usual morning routine last Sunday (June 19) when I found something strange about my Facebook account: I’m getting notifications from people I don’t know. More specifically, I’m getting ‘likes’ and comments from status updates and links that I didn’t post, and updates from groups I did not join.

A post to Twitter that afternoon yielded that there were other people who were in the same situation as I. A conversation with @yogajane had reiterated that this has been happening since that Sunday morning. Same thing: notifications from the Twilight Zone. Something’s fishy and I tried to investigate further.

For one, most of the notifications came from Filipinos like myself – no Americans, Norwegians, or Azerbaijani – which means that what I’ve got in common with these people is a general geographic location. Simply said, the people strangely populating my notifications all live here.

Another Twitter conversation, this time with @teacherjulie, made things clearer. The notifications that popped up from nowhere? It seems that they are coming from another person.

Yes folks, it’s as if you’re accessing another account’s notifications. The work of hackers? I’m not sure.

The Solution

This got me to thinking about my Facebook settings, and hit upon the solution just as I was browsing mine: it’s a problem with how my Account Security was set up. *headpalm*

I quickly posted a solution to my Posterous and now I’m copying it here for all to see (with [edits]):

1. Go to Account Settings >> Account Activity.

2. From the Account Activity section, you’ll find that the different computers and locations that are currently accessing your FB account. [You can see this from the tab ‘Also Active’. It should be showing locations and devices that you are not familiar with.]

3. End each of the sessions [on ‘Also Active’] by clicking on the ‘End’ [button].

4. After that be sure to check ‘Secure Browsing’ (so you’ll be on HTTPS, much more secure) and ‘Login Notifications’ (so you’ll be notified if someone else is logging on your account.) [Simply said, checking these options will make accessing your Facebook account more secure.]

5. After following these steps, you should get this:

Be sure to change your passwords after. Note also that with these settings, you have to vouch for each and every device that will access your account. That comes up in a screen when you try to access your account through your mobile devices.

The ISP Theory

[Added June 29, 2011] Technoodling reviews editor Vic Icasas had put forward the theory that this problem may be ISP-centric, most specifically something that involves SKY Cable, the leading cable provider in Metro Manila. I’ve already asked SKY Cable about it and their investigations yielded that it was not confined to their services alone  — people from other ISPs are also experiencing the same problem, they say.

@SKYserves' reply to the Facebook notifications problem.

Jun B., a commenter shared the same view in that he experienced the notifications problem while using PLDT DSL Broadband and PLDT WeRoam.

Two data points, but I believe we still need to gather more data. Given this, I’d like to ask you, dear reader, to share the Internet Service Provider you are subscribing to by clicking on the two polls below.

This will help immensely in ferreting out the real source of the problem. (Also, remember that you have to vote on both polls.) Please share your experience in the comments section.

Poll 1: ISP

Poll 2: Location

Final Thoughts

[Updated June 29, 2011] I know there are still mysteries to be solved but the culprit here really is, well, my laziness: I should have checked those security settings before. With all the current goings-on about hacking and such, I should have double-checked my accounts so that I could least protect them from intrusion. I really don’t know for sure it this was related with that, but at least I could rest easy that I’ve done something about it.

Lesson learned.


Oh, and by the way, this blog has moved. Scoot on over to  www.ideanatomy.com to see what I’ve been doing these past few weeks.



6/28/2011: @SKYserves (SKY Cable official Twitter account) replied that the problem is not limited to their service as theorized before — other ISPs have the same problem. If you’re a non-SKY Cable subscriber and you’ve had the strange notifications, please do hit the comments and share what happened on your end.

Stuff You Might Want to Read After This

[opening image credit: Social Happens]