This post is based on a real and recent story, and to share that that experience, I was requested to write on this. Everything started with a Facebook comment by one of my virtual friends, whom I will name [Friend1] :
For those who came across such status messages, we all know that it is a joke.
Typing your password into the comments box will NEVER turn it into *stars*. It is simply a hoax that lives in the virtual wild wild web 😛
Just for the fun, I added a comment :
A few minutes after, despite knowing that this is a joke, one person,Â [Friend2], really entered his real password and pressed on the submit button.
I was instantaneously notified by those *small annoying* boxes which appear at the bottom left of your facebook screen.Â I rushed to open the page and I could clearly read the password, which of course, was not encrypted with *stars*.
A few seconds later, a new mail showed up into my email inbox. That was an email notification for the same action carried out above. Some people might not know, but Facebook actually emails the comment to everyone who previously commented on the same status message [Configurable from your account settings]. So, everyone on the thread received the password in their inbox too. (in fact, I modified all the screenshots in this post to show only the necessary data)
So, even if the persons [Friend1] or [Friend2] deleted the comment some milliseconds after the submission, you still receive the mail.
This mail is very useful in some cases, especially when people delete comments during the course of a discussion. A few months ago, some admin of a group frequently deleted comments in a thread either because he/she realised that what the latter said was simply nonsense or to erase any tracks of the baseless allegations and personal attacks he/she made. Many people are already aware of these hot discussions in which I am often involved, I might expose them later on to prove a few things. Keep coming here 🙂
Coming back to the topic…
Since [Friend2] has typed his real password onto a publicly available space, I do not believe that ‘hacking’ is the word to be used if you log into that person’s account using the information that has been submitted by the user.
The simple fact that the person, [Friend2], hasÂ acknowledgedlyÂ published this password onto a public area can be very dangerous. Anyone could have deactivated his account, changed the email address of his facebook account, read personal messages in the inbox.
The worst thing is that the person,Â [Friend3], who accessed the account of [Friend2] could have played the game very wisely. How? Simply by behaving as if nothing has happened. Being sure of themselves,Â [Friend1] and [Friend2] both believe that no one have possibly read the password as they deleted itÂ instantaneously. At that moment, no one guessed that the password was sent by mail.
I decided to publish this story to inform everyone about the following points :
- NEVER type your password anywhere
- AVOID typing your password on public computers or on anybody’s else computers. Programs known as key loggers can be installed without your knowledge. These software spy on every keystroke you make, i.e, every key pressed on the keyboard is recorded and can be accessed by the person who installed it.
- NEVER publish anything that you don’t want other people to view.
- NEVER delete comments. You must assume everything once you said it. If no, just shut up your mouth!
- And of course,Â passwords do not magically turn into stars 🙂
Take care of your passwords and bon weekend!