The Wyoming Office of Tourism’s Facebook page has been 'hacked,' according to an email the agency sent late Thursday afternoon warning people not to use any links from the page between Thursday night and Friday.
“As of right now, the unauthorized content has been removed,” the email advises. “But there is a possibility the hackers will post tonight or tomorrow.”
The agency is working with Facebook get its account back and has been advised that should happen within 48 hours or less.
“In the meantime, we advise our partners to not interact or reshape any content from our Facebook account until otherwise notified,” the email says.
Wyoming Office of Tourism didn’t elaborate on what types of posts were made on the page by the hacker, but said it’s taking the breach of digital security seriously.
“We understand that hackers continuously target high-profile accounts, including those of reputable organizations such as Travel Wyoming,” Office of Tourism spokesperson Piper Singer told Cowboy State Daily in a statement. “Unfortunately, this type of incident has become increasingly common in today's digital landscape, and we have witnessed several other destinations encountering similar experiences.
“At the Wyoming Office of Tourism, we prioritize the integrity of our content and the safety of our followers. We are in direct communication with our Facebook representative and will have access to our account in no time.”
Never Reuse A Facebook Password
Wyoming Office of Tourism has 417,000 followers on its Facebook page and typically posts once or twice a day.
“Unfortunately, this can happen to any business account,” the agency’s email says, along with offering several tips for preventing such things from happening to others, including turning on notifications for Facebook and using two-factor authentication.
Elmer Robinson, CEO of Rocky Mountain Security, has talked with Cowboy State Daily in the past about how easily Facebook can be hacked.
“Social media sites have about the worst security around their stuff,” he said. “So, they just get hacked regularly, and they don’t seem inclined to do anything about it.”
That can also compromise other accounts, Robinson said, if people use the same password for other accounts that they use for Facebook.
“So that becomes a real security risk,” he said.
That led to some hacks that drained PayPal accounts, Robinson said.
“People can protect themselves from that risk by not reusing passwords and by really practicing exceptional password hygiene on those places that are continually hacked,” he said. “You have to assume that any password that you’ve ever used for Facebook is for sale.”
Use That Annoying Multifactor Authentication
While for many it’s annoying, multifactor authentication is the best way people can protect their accounts from getting hacked, Robinson said.
Multifactor authentication refers to a time-sensitive security code that’s texted to a phone number or email account that has to also be entered during the log-in process in addition to a username and password.
The security code is only sent to the user’s cellphone or the user’s email account, which makes it a more secure way to log in.
While session cookies for those can sometimes be stolen, that’s much less common.
“Facebook is probably not the one that’s the most important for making sure you’ve got (that) set up,” Robinson said. “But anything that’s, you know, got a credit card, like your Amazon or your target account or your Walmart account, make sure that has a super strong password and not the same one you’re using on Facebook.”
Robinson also advises against answering those cute little quizzes that so often come across social media posts that ask for things like favorite colors and the like.
While they may seem like fun, they could also be attempts to fish for answers to security questions.
Renée Jean can be reached at renee@cowboystatedaily.com.
