5 things you should take away from the Explore Minnesota Facebook page hack

What you should (and shouldn't) do to keep your accounts safe.

Explore Minnesota's Facebook account is back to normal after a takeover. A hacker took full control and posted a slew of bogus links on the page, spamming the tourism agency's 260,000-plus followers with garbage.

This type of account hijacking can happen to anyone, MNIT spokesperson Cambray Crozier stressed. And it can be a huge chore to work with Facebook (or other services) to take back control.

So with that in mind, here are five things you should take away from the Explore Minnesota Facebook hack.

1. Don't blindly click links

Spotting spammy links is sort of like the the 1964 Supreme Court discussion over what constitutes hardcore pornography: "I know it when I see it," Justice Potter Stewart said.

Like, come on – you know this isn't a legit story.

An attacker generally isn't going to the trouble of taking over a social media account for fun. They're trying to get users to click.

A lot of times it's for ad revenue. They'll set up a fake page with an ad deal, then try to drive as many clicks there as possible. That's what one Minnesota IT official thinks happened with Explore Minnesota.

It can be more nefarious though. The website you're directed to could try to get you to install a program that looks legitimate, but can actually take over your computer or track what you're doing, Norton explains. Or worse, code hidden in the website downloads malware to your machine without you ever being alerted.

"Links in email, tweets, posts, and online advertising are often the way cybercriminals compromise your computer," MNIT says. 

2. Don't share those questionable links

You know the spam-sharers are trying to take advantage of internet users – don't help them out by spreading their message.

Some of the links posted to Explore Minnesota's Facebook page had a few dozen shares, and one was shared more than 250 times. All that did was put the (now-deleted) post into more people's feeds, upping the chances people would click.

3. Pause what you're doing and think of a solid new password

Yes it's a pain in the butt, but it's worth it.

MNIT suggests making it "long and strong," meaning at least eight characters, and with a combination of numbers, letters and symbols. (You can throw in some capital letters too.)

That said, recent research found a longer password is better than a symbol-filled shorter one. The Wall Street Journal wrote about new guidelines in August that say a memorable string of words is safer than short gibberish.

"Correcthorsebatterystaple" could take 550 years to crack, the story says, while "Tr0ub4dor&3" might take only a few days.

4. Switch up the password for different accounts

Again, kind of a pain in the but, yes. But if you use a different password for different accounts – even just a small change – it can help protect your data.

Sometimes your log-in information for one app or website can end up being divulged as part of a data breach or leak (like, say, the Yahoo one that affected every single user). If you use that same email and password combination elsewhere, a hacker could try it on popular apps just to see if it works.

MNIT suggested looking into password managers. As Consumer Reports explains, the manager will generate random passwords for all your different accounts –you just need to remember one single, strong password to log into your "vault."

5. Two-factor authentication: Get it.

Enabling two-factor authentication means you need more than just a username and password to get into your account. It could be a PIN number texted to your cellphone for example, CNET explains.

That way, if somebody does get your basic log-in info, there's another barrier preventing them from accessing your account fully. (Many sites that use two-factor authentication let you "remember" certain machines, so log-ins from that device don't need the extra step every time.)

MNIT suggests enabling this "whenever it is available."

Next Up

covid, vaccine

Pop-up vaccine clinics provide access to Minnesotans in need

There will be 12 more pop-up clinics by the end of April.


State Patrol: Man ran onto I-94, was fatally hit by car

He had been involved in a separate crash prior to running onto the freeway.

mississippi river

Crews search for person in Mississippi River in Minneapolis

The fire department lost visual of the person Thursday evening.

Brooklyn Center, protest, Daunte Wright

Police back off on 5th night of protests in Brooklyn Center

No tear gas or any other crowd control munitions were used.

Brooklyn Center unrest

National Guard soldiers asked to leave labor union HQ, sparking controversy

The military presence in the Twin Cities has been wearing on residents, but the decision to ask them to leave has been criticized by Gov. Tim Walz and GOP leaders.

Rennia Davis

Lynx select Rennia Davis in 2021 WNBA Draft

The Tennessee wing was selected ninth overall

Screen Shot 2021-04-15 at 7.08.23 PM

Appeal to find girl, 14, missing from Benson

Cienna Pittman went missing Tuesday.

Miguel Sano

Walk-off win for Twins snaps 5-game losing streak

Miguel Sano homered, but Max Kepler had the winning hit.


Update: Explore Minnesota's Facebook hack nightmare is over

But why was the tourism agency targeted? And how did someone take control?

Facebook Messenger just made stalking your friends easier

Let your friends stare at you walking around in real-time for an hour.

How big a deal is this hack of Minnesota government and MSU Moorhead servers?

Email addresses, encrypted passwords, user IDS – what someone could do with the information.

2 major security flaws are affecting millions of phones, computers – here's what you should do

And you probably have a device that's at risk. Here's what you should do about it.

Netflix remembers every time you pause a show (and a lot of other info)

It sees you when you're binging. It knows when you hit pause.

You can Boomerang from inside Instagram now

Get some sweet Boomerangs in your Instagram story.

This WPA2 KRACK attack means your WiFi is not secure – even though everyone thought it was

This newly reported flaw affects basically everybody – so here's what you should do.