A Cautionary Tale

A couple of days ago, a new Facebook friend of mine accidentally shared a rather strange link. Fooled by the clickbait headline, I clicked through to be presented with a dialog requesting Facebook access.

I refused the access and read the story. It was clearly fake.

A couple of hours later, a mutual Facebook friend of much longer standing (Robert Scoble - I can name him here, because he has already acknowledged the hack online) also shared the same link, with the same text. This was immediately suspicious, because the text was totally out of character.

I followed the link, to be met with the same request for access. Denied.

I contacted the poster to point out that he had been socially engineered/hacked. He dealt with it.

Things got back to normal.


Two days…

Suddenly, my browser (Chrome BTW) didn’t want to access some sites. On trying an alternative URL, it redirected to a search engine that I’ve never heard of. Off go the alarms (in my head). Looks like my browser has been pwned in some way.

Some quick tests show that it’s only affecting Chrome. Phew. Luckily, it is Chrome. Even though it has been compromised,

Chrome is my default browser, because it supports multiple profiles. A switch to my secondary profile confirms that it still works, so it’s just my personal profile that is suffering.

After that, it’s a simple matter of deleting the affected profile and creating a new one, which is automatically updated via my Google account login and I’m back to normal. So far, everything seems to be working again.

With any other desktop browser on the market, I don’t know what I would have done in this situation. I stick with Chrome because of its profiles, and in this situation, that has saved me from a serious amount of hassle.

PS: the image bears no relation to the post. Somebody told me that adding a picture would get more views. :-)