Skip to main content

5 things you should take away from the Explore Minnesota Facebook page hack

What you should (and shouldn't) do to keep your accounts safe.

Explore Minnesota's Facebook account is back to normal after a takeover. A hacker took full control and posted a slew of bogus links on the page, spamming the tourism agency's 260,000-plus followers with garbage.

This type of account hijacking can happen to anyone, MNIT spokesperson Cambray Crozier stressed. And it can be a huge chore to work with Facebook (or other services) to take back control.

So with that in mind, here are five things you should take away from the Explore Minnesota Facebook hack.

Spotting spammy links is sort of like the the 1964 Supreme Court discussion over what constitutes hardcore pornography: "I know it when I see it," Justice Potter Stewart said.

Like, come on – you know this isn't a legit story.

An attacker generally isn't going to the trouble of taking over a social media account for fun. They're trying to get users to click.

A lot of times it's for ad revenue. They'll set up a fake page with an ad deal, then try to drive as many clicks there as possible. That's what one Minnesota IT official thinks happened with Explore Minnesota.

It can be more nefarious though. The website you're directed to could try to get you to install a program that looks legitimate, but can actually take over your computer or track what you're doing, Norton explains. Or worse, code hidden in the website downloads malware to your machine without you ever being alerted.

"Links in email, tweets, posts, and online advertising are often the way cybercriminals compromise your computer," MNIT says. 

You know the spam-sharers are trying to take advantage of internet users – don't help them out by spreading their message.

Some of the links posted to Explore Minnesota's Facebook page had a few dozen shares, and one was shared more than 250 times. All that did was put the (now-deleted) post into more people's feeds, upping the chances people would click.

3. Pause what you're doing and think of a solid new password

Yes it's a pain in the butt, but it's worth it.

MNIT suggests making it "long and strong," meaning at least eight characters, and with a combination of numbers, letters and symbols. (You can throw in some capital letters too.)

That said, recent research found a longer password is better than a symbol-filled shorter one. The Wall Street Journal wrote about new guidelines in August that say a memorable string of words is safer than short gibberish.

"Correcthorsebatterystaple" could take 550 years to crack, the story says, while "Tr0ub4dor&3" might take only a few days.

4. Switch up the password for different accounts

Again, kind of a pain in the but, yes. But if you use a different password for different accounts – even just a small change – it can help protect your data.

Sometimes your log-in information for one app or website can end up being divulged as part of a data breach or leak (like, say, the Yahoo one that affected every single user). If you use that same email and password combination elsewhere, a hacker could try it on popular apps just to see if it works.

MNIT suggested looking into password managers. As Consumer Reports explains, the manager will generate random passwords for all your different accounts –you just need to remember one single, strong password to log into your "vault."

5. Two-factor authentication: Get it.

Enabling two-factor authentication means you need more than just a username and password to get into your account. It could be a PIN number texted to your cellphone for example, CNET explains.

That way, if somebody does get your basic log-in info, there's another barrier preventing them from accessing your account fully. (Many sites that use two-factor authentication let you "remember" certain machines, so log-ins from that device don't need the extra step every time.)

MNIT suggests enabling this "whenever it is available."

Next Up

Screen Shot 2022-08-07 at 11.43.15 AM

Deputies fatally shoot man in Wright County

Police claim the man, who had allegedly been experiencing a mental health crisis, was armed with a knife.

Ambulance hospital emergency

17-year-old killed in northern Minnesota crash Saturday

The other drive involved in the crash, a 75-year-old man, sustained life-threatening injuries.


Alcohol a factor as driver rolls ATV into corn field, injuring 3

The crash occurred in Lake Lillian Saturday night.

Minneapolis police

Man dies after being found shot at Minneapolis' 38th and Chicago

Responders were called to the scene early Sunday morning.

Screen Shot 2022-08-07 at 6.34.12 AM

7 children arrested after 'disturbance' at Cabela's, escape in stolen vehicle

Employees called police saying the children were stealing goods from the store.

Screen Shot 2022-08-06 at 6.16.49 PM

Fire sparks evacuation from apartment building, man arrested for arson

Police and fire crews responded to the fire just before 9 a.m. Saturday.

Flickr - utility pole power line

Morning storms cause power outages, ensuing problems in Eagan

There have been reports of disabled traffic lights and issues at local businesses.

kim crockett facebook sos

GOP nominee questions if those with disabilities, non-English speakers should be able to vote

Crockett made the comments in a 2020 radio interview following a ruling from the Minnesota Supreme Court.


Jury: MN pharmacist did not violate woman's rights by refusing her morning-after pill

Gender Justice, the advocacy group that brought about the lawsuit, says it will appeal the decision.

Screen Shot 2021-10-04 at 3.03.13 PM

Revival to close its original Minneapolis restaurant

Don't worry – it's bringing the chicken to its nearby BBQ joint.


Update: Explore Minnesota's Facebook hack nightmare is over

But why was the tourism agency targeted? And how did someone take control?

Facebook Messenger just made stalking your friends easier

Let your friends stare at you walking around in real-time for an hour.

2 major security flaws are affecting millions of phones, computers – here's what you should do

And you probably have a device that's at risk. Here's what you should do about it.

How big a deal is this hack of Minnesota government and MSU Moorhead servers?

Email addresses, encrypted passwords, user IDS – what someone could do with the information.

Netflix remembers every time you pause a show (and a lot of other info)

It sees you when you're binging. It knows when you hit pause.

Watch out for this Netflix 'payment declined' phishing email scam

The message looks legitimate, and tries to trick users into giving up credit card info,

This WPA2 KRACK attack means your WiFi is not secure – even though everyone thought it was

This newly reported flaw affects basically everybody – so here's what you should do.