So there’s a Facebook screenshot floating around in the Blogosphere depicting a woman with a very embarrassing status, as Mashable naively reports. Truth is, a Christian dating website was compromised by 4chan hackers and they used the information to take over the victims’ Facebook pages.
Screenshots
I’ll get right to it: below are some screenshots of other compromised Facebook accounts, posted by the hackers themselves. Some even have 4chan visibly open in another browser tab within the screenshots (which will open in a new browser window/tab).
Compromised Facebook Account, actually pretty humorous.
Another Compromised account, NSFW-proofed
Yet another one, this one being pretty twisted.
Okay, this one is actually pretty funny
"Your teeth match your skin!" - hilarious (although cruel)
Warning: typical racist 4chan comments reside within
More 4chan racism
Another funny, non-racist comment, once again about teeth.
The one that started it all
NSFW-language in this post
More about the attacks
The unnamed Christian dating service I mentioned earlier had an exploit in the website that allowed the entire list of usernames and passwords for the site to be exposed. The files were then placed into “christian.txt” (seen in some of the screenshots), then posted on 4chan where they were spread amongst other hackers.
Not for certain, but I believe the use of the same password for both email and the dating service allowed the hackers, armed with the user database contents of the dating website, to enter the email accounts of the victims where they could retrieve a generated password recovery email from Facebook.
If this is the case, then Facebook may not have been the only target of the attacks, although it is certainly the most prominent. You can see Yahoo! email accounts open in background tabs in some of the fuller screenshots, as well as 4chan and the “Christian.txt” file listing the users.
Before we get in trouble…
We don’t condone hacking. I posted the screenshots because I thought I should elaborate the cause of the Facebook photo everyone has been talking about, but other than that I don’t find many of the attackers’ comments very funny, except for a few harmless non-racist comments such as the teeth insults.
In case my educated guess as to the cause of the attack is correct, let me say that I or anybody else here didn’t participate in the attacks. Honestly.
And finally, don’t do this. I’m sure these attacks caused many people a lot of grief, especially the more twisted suicide threats and others that may have caused law enforcement to get involved. It just isn’t funny at all, especially at that point.
That said, I hope everybody knows what really happened with this now. Don’t re-use passwords, and webmasters: sanitize your inputs. That’s all, folks.
About The Coffee Desk
The Coffee Desk is the leader in providing factual and accurate technical news articles, with the right amount of humor thrown into the mix.
Started by a group of highly skilled IT workers of varying professions, you can be sure that The Coffee Desk will accurately tell you what you need to know, while telling it like it really is.
For more about The Coffee Desk, see our About Us and FAQ pages.
Related Articles
3 users responded in this post
Hey Stephen,
Thanks for the info. What is 4chan exactly? So, these FB accounts were compromised through an unsecured 3rd-party site? I’d hate to think my FB account could be hacked so easily.
Thanks again for taking the time to post this info. Much more insightful than what Mashable posted. In fact, I was easily able to find the FB page “that started it all” through the screen shot. Please X out the friends names to protect their privacy.
^^^ you don’t know what 4chan is? where have you been?
bizlady08: 4chan is an imageboard at http://www.4chan.org. It is comprised of hackers, very bored teenagers, criminals, and members of the group Anonymous.
The accounts were compromised through a third-party website’s security flaw, and the hackers then used the list of email addresses and passwords to compromise the email accounts. Since the dating website’s passwords and that of the corresponding usernames were the same, this was easy to do.
(lesson to be learned: use strong and unique passwords for different sites)
And as far as the screenshots go, I personally think it is OK just to scratch out the last names, phone numbers, and not-safe-for-works (NSFW) elements of the screenshots alone. The “one that started it all” was directly from Mashable, who used a very cheap MSPaint coverup.
If any of the individuals within the screenshots contact me wishing for these images to be removed or further obfuscated, I would be more than happy to comply.
Thanks for reading
Leave A Comment