Many Facebook users believe setting the privacy level of their posts and photos to “Friends” will prevent their private/sensitive info from ever being seen by a stranger.
Unfortunately, that isn’t necessarily the case.
While “Friends” is the safest privacy level available (short of “Only Me”), it can’t put a pick-proof lock on the things you post on your Facebook profile.
One recent incident drives this point home quite well…
I recently received a frantic request for help from a lady that fell victim to a hacker who ended up exposing some very personal photos of her to many of her own Facebook friends and relatives.
This is what happened…
This lady reconnected on Facebook with an old boyfriend that she had dated long ago during their teenage years. They ended up deciding to share some very personal photos with one another, but they didn’t want to send them via email or Messenger for the sake of security.
The plan they decided on was for each of them to create a new Facebook account and set the privacy level of everything on it to “Friends”. They then friended each other from the new accounts without adding any other friends whatsoever.
Next, they posted a bunch of revealing photos on their Timelines thinking since they had set the privacy level to “Friends” that their ONE friend (each other) would be the only person to ever see them.
Sounds like a pretty secure way to share personal photos with just one person, right? Well, turns out it was far from secure.
The lady ended up falling for a phishing attempt that resulted in her handing the login info to her “private” account over to a hacker.
The hacker then used the hijacked account to send friend requests to all the friends on the lady’s regular account.
Most of those friends accepted the friend requests from the “private” account, which of course gave them immediate access to her “personal” photos.
As you can imagine, this turned out to be quite an embarrassment for the lady.
She asked for my help with regaining control of the hacked account, but unfortunately her attempts to get signed back into the account were unsuccessful (as is often the case with compromised accounts).
Before all was said and done, the lady’s sensitive photos had already been seen by her friends and family members.
And to add insult to injury, she was unable to recover control of the “private” account because the hacker changed the password to the account AND hijacked the email account she would have to use to reset the password (she had used the same password for both her Facebook and email logins).
She did report the account to Facebook as compromised and asked them to delete it, but it’s still apparently up after three days.
The lesson to take from this is what I said in this post.
Bottom line: There is no privacy setting available that can protect the things you post on Facebook from prying eyes in every situation.
That’s why it’s important to be extremely careful about the things you post to your Timeline, regardless of the privacy level you assign to them.
By the way, in case you’re wondering, I was given permission to share the details of this incident with the hopes of helping others avoid the same fate.
Be careful out there!