and who knows what else. I hope you enjoy it and feel free to leave your comments. I enjoy reading them.
John Morris is the founder and owner of morriscode, a leading Prince Edward Island web design & development firm that works with organizations to take advantage of multiple forms of technology and enhance their efficiency through online initiatives.
Occasionally John likes to share thoughts and opinions on his blog. When not working on web design, web development, social media strategies or building new websites, this entrepreneur can be found adventuring through PEI's backwoods capturing the beauty of our province.
K-Rock 105.5 has come out and said their website & their facebook fanpage has been hacked.
I first noticed the different k-rock 105.5 page yesterday that had a simple message (K-Rock, I have taken over) and a link to their online radio stream. When your website gets hacked, usually it is just defaced. For instance, when the Cavendish Beach PEI website was hacked, they putup a simple page like::
In K-rock 105.5's case, the "hackers" put up a simple message with a link to the online streaming of the radio station:
If the site was really hacked, it is highly unlikely the hacker would allow the link to the radio stream to stay up. As well, when you view the code of the website the "hacked" website of k-rock also had the Google Analytics code in it.
A hacker isn't going to go to all the trouble of leaving the link to the streaming audio up as well as the Google analytics information. As you can see from the google analytics code, the hacker left the google analytics account # in place. The last digit, is merely the website # within that specific google analytics account (so people with multiple sites can use 1 account).
Now onto the Facebook: Fanpage K-Rock 105.5. K-Rock announced they had to change the Fanpage because it was hacked as well. You can't just hack K-Rock's Facebook fanpage, you would have to hack Facebook. And people who are going to hack Facebook, aren't going to target a small PEI radio station. They are going to go after the bigger fanpages. Lets remember, K-Rock 105.5's Fanpage isn't exactly a big deal when it comes to 500 million Facebook users. Targetting bigger fanpages would get the hackers more exposure which is what they want.
But lets play along with the scenario and imagine for a second that what K-Rock is saying is correct and that just K-Rock's fanpage was hacked. All K-Rock would have to do to reclaim their fanpage is remove all the current administrators of K-Rock and re-add them. Why? Because if the "hacker" created a Facebook account with the same name as one of the administrators from K-Rock, it may not be entirely obvious that it isn't the real administrator (For instance, do a search on Facebook on Britney Spears and tell me which one is actually her account).
If K-Rock setup a special account for their fanpage, and lost the password, then all they have to do is reset the password. Obviously, K-Rock didn't lose access to their fanpage account because they are still posting on it.
Now another scenario with their Facebook fanpage that hasn't been examined is a change of the administration at K-Rock 105.5.
With Facebook fanpages, the creator of a fanpage can not be removed from being an administrator. For instance, I created the morriscode Fanpage and I can not remove myself as an administrator as I created it. Therefore, I will always be in control of my fanpage and if I made someone else the administrator they can't remove me. So, if I was the employee at K-Rock who setup the Fanpage and I was leaving K-Rock, I would always have access to control the fanpage. Facebook has told people that if you want to remove the creator of a fanpage, that the companies should create another fanpage. Not very user friendly but its the hard realty of Facebook.
Lastly, Trisha Bourque asked on Facebook if any personal information may have been lost to this hacker. If K-Rock was hacked then K-Rock wouldn't know exactly what information the hacker would have taken. K-Rock responded saying no personal information was lost. When your hacked, you always assume worst case scenario and it can be difficult to tell what information was actually taken.
Is that it? No, there is actually other situations that come into play, such as K-Rock reusing "unsecure" or hacked code. For instance, they couldn't get the HTML code they were using yesterday working but today it's working on the new site fine. If it was hacked, they wouldn't re-use code that can be hacked.
So was K-Rock's Facebook hacked? No, something is up with K-Rock and they aren't exactly saying what.
Don't forget to subscribe to John's blog via email. This will notify you of all blog posts on web design, web development, social media and the odd post about PEI. Just enter your email address in the box to the left.