A friend of mine recently asked me via Facebook what he should do if someone he didn’t know and wasn’t friends with on Facebook was able to access private information in he and his wife’s Facebook and email (and presumably other) accounts. Since this is a fairly common concern and question I figured I’d post my response below. Enjoy!
Most likely they have your password (which they might have gotten from a virus, trojan, back-door-worm, or something else.
While anti-virus is great (at this point I feel obliged to mention my employer, McAfee) one area constantly overlooked are apps on Facebook which are malicious. I just got through telling my wife not to install apps on FB unless she absolutely had to (which means, something you will use and use constantly). I used to be bad about installing all the poll and quiz applications on Facebook I came across until I went back through my installed apps one day and noticed that many of them weren’t even named the same thing they were named when I installed them.
So if you are worried that someone has hacked your online accounts the best thing to do is to immediately change all of your passwords. Make sure you use a strong password too (that goes for your wife as well as you).
Also, I highly recommend going through your Facebook applications and uninstalling anything you don’t use as they could be used to harvest your information. Not that you should remove them all (I love Mafia Wars) but if you were to read what a developer has access to you’d certainly think long and hard about each application you install 😉
Finally, (for the super-paranoid) if you are using a wireless router you should certainly be using some form of wireless encryption (hopefully not WEP because it is vulnerable to attacks). Otherwise all of your information is being transmitted in the clear and can be easily captured with minimal effort.
It’s possible that this person might be getting your personal information another way (via ESP perhaps? :-P) but I think the most likely culprit is your computer/network security.
There’s more that you can do to harden your systems against attack, but these are the most often used avenues of attack. If your adversary is a hacker let me know and I’ll continue listing things you can do to make your systems secure.
Next, we’ll look into some security products and practices that can help you secure your systems.