Skip to main content

5 things you should take away from the Explore Minnesota Facebook page hack

What you should (and shouldn't) do to keep your accounts safe.

Explore Minnesota's Facebook account is back to normal after a takeover. A hacker took full control and posted a slew of bogus links on the page, spamming the tourism agency's 260,000-plus followers with garbage.

This type of account hijacking can happen to anyone, MNIT spokesperson Cambray Crozier stressed. And it can be a huge chore to work with Facebook (or other services) to take back control.

So with that in mind, here are five things you should take away from the Explore Minnesota Facebook hack.

Spotting spammy links is sort of like the the 1964 Supreme Court discussion over what constitutes hardcore pornography: "I know it when I see it," Justice Potter Stewart said.

Like, come on – you know this isn't a legit story.

An attacker generally isn't going to the trouble of taking over a social media account for fun. They're trying to get users to click.

A lot of times it's for ad revenue. They'll set up a fake page with an ad deal, then try to drive as many clicks there as possible. That's what one Minnesota IT official thinks happened with Explore Minnesota.

It can be more nefarious though. The website you're directed to could try to get you to install a program that looks legitimate, but can actually take over your computer or track what you're doing, Norton explains. Or worse, code hidden in the website downloads malware to your machine without you ever being alerted.

"Links in email, tweets, posts, and online advertising are often the way cybercriminals compromise your computer," MNIT says. 

You know the spam-sharers are trying to take advantage of internet users – don't help them out by spreading their message.

Some of the links posted to Explore Minnesota's Facebook page had a few dozen shares, and one was shared more than 250 times. All that did was put the (now-deleted) post into more people's feeds, upping the chances people would click.

3. Pause what you're doing and think of a solid new password

Yes it's a pain in the butt, but it's worth it.

MNIT suggests making it "long and strong," meaning at least eight characters, and with a combination of numbers, letters and symbols. (You can throw in some capital letters too.)

That said, recent research found a longer password is better than a symbol-filled shorter one. The Wall Street Journal wrote about new guidelines in August that say a memorable string of words is safer than short gibberish.

"Correcthorsebatterystaple" could take 550 years to crack, the story says, while "Tr0ub4dor&3" might take only a few days.

4. Switch up the password for different accounts

Again, kind of a pain in the but, yes. But if you use a different password for different accounts – even just a small change – it can help protect your data.

Sometimes your log-in information for one app or website can end up being divulged as part of a data breach or leak (like, say, the Yahoo one that affected every single user). If you use that same email and password combination elsewhere, a hacker could try it on popular apps just to see if it works.

MNIT suggested looking into password managers. As Consumer Reports explains, the manager will generate random passwords for all your different accounts –you just need to remember one single, strong password to log into your "vault."

5. Two-factor authentication: Get it.

Enabling two-factor authentication means you need more than just a username and password to get into your account. It could be a PIN number texted to your cellphone for example, CNET explains.

That way, if somebody does get your basic log-in info, there's another barrier preventing them from accessing your account fully. (Many sites that use two-factor authentication let you "remember" certain machines, so log-ins from that device don't need the extra step every time.)

MNIT suggests enabling this "whenever it is available."

Next Up

Screen Shot 2021-12-02 at 7.59.52 AM

More than 2 years after announcing, Duck Donuts finally opens at MOA

The grand opening of the new location took place Wednesday.

unsplash - school girl students

St. Paul is closing 6 schools amid declining enrollment

The board revised the plan after the school communities voiced concerns.

Karl-Anthony Towns

X-rays negative after Karl-Anthony Towns takes scary fall

Towns crashed hard to the ground late in the game Wednesday night.

Minneapolis police

2 more homicides push Minneapolis closer to record set in 1995

The deadly shootings happened on the city's North Side Wednesday night.

Karl-Anthony Towns

KAT sets a franchise record, leaves early in loss to Wizards

Towns fell on his back in the final minutes of a loss in Washington.

Flickr - police lights squad siren - Edward Kimmel

Man shot by police in Forest Lake dies from injuries

It was one of two police shootings in the Twin Cities on the same day, both of which proved fatal.

Dylan Bundy

Report: Twins agree to deal with Dylan Bundy

The Twins signed the right-hander with a lockout imminent.

Flickr - face masks covid pole - Ivan Radic

'Everyone should really be masking up' in public, Malcolm says

The health commissioner said residents have gotten "a little bit lax" with some protective measures.

Byron Buxton

Byron Buxton believes he's the best player in baseball

"Nobody [does] the things that I do. I know that."

unsplash medical marijuana

Edibles coming to Minnesota's medical marijuana program

MDH also announced it will not add anxiety as qualifying condition.

plow, snowplow, snow

Plowable snow possible this weekend in Minnesota

Up to half a foot of snow could fall within the heaviest band.


Update: Explore Minnesota's Facebook hack nightmare is over

But why was the tourism agency targeted? And how did someone take control?

Facebook Messenger just made stalking your friends easier

Let your friends stare at you walking around in real-time for an hour.

How big a deal is this hack of Minnesota government and MSU Moorhead servers?

Email addresses, encrypted passwords, user IDS – what someone could do with the information.

2 major security flaws are affecting millions of phones, computers – here's what you should do

And you probably have a device that's at risk. Here's what you should do about it.

Netflix remembers every time you pause a show (and a lot of other info)

It sees you when you're binging. It knows when you hit pause.

You can Boomerang from inside Instagram now

Get some sweet Boomerangs in your Instagram story.

This WPA2 KRACK attack means your WiFi is not secure – even though everyone thought it was

This newly reported flaw affects basically everybody – so here's what you should do.