Facebook Password Security Alert
From: Facebook [password+mxxayybx@facebookmail.com]
Hey Jenny,
We have reset your Facebook account password for security reasons. You will need to use the link provided in this email to create a new, secure password for your account. In the future, please make sure that when you log in to Facebook, you always log in from a legitimate Facebook page with the facebook.com domain. To reset your password, follow the link below:
[link removed]
(If clicking on the link doesn't work, try copying and pasting it into your browser.)Please contact info@facebook.com with any questions.
Thanks,
The Facebook Team
This message popped up in the bottom corner of my screen this morning, as an alert from Google desktop. I saw "We have reset your Facebook account password" and groaned. "Why must they do this?" I thought. So I signed onto my email account and read the message.
"Hmm…" I thought, "sounds a little fishy". I looked at the "from" address. "facebookmail.com, a-ha!". Just as I was about to click the "report spam" button, I saw the link they had given me started with "https://login.facebook.com/". I hovered over the link, and it indeed led to where it said it would lead.
And hey, everything is spelled correctly.
And hey! My name is there! Now, I used to always get spam with my name on it, but that was because my name was my email address. Now it isn't, and there's no way of deducing my name just from my email address.
Hmm…
I click the "report spam" button anyway and go on to Facebook. Hmm, that's strange, I'm logged out. But no biggie, that happens occasionally. Now, I have different passwords for different places, and I'm usually just automatically logged in, so after trying various passwords… it still wasn't working. I clicked the "forgotten password" link and got another email from that same address with the same link (except that the cc and tt numbers in the URL were different). I clicked on the link on the email *I* requested. I changed my password and… now I'm logged in properly.
"facebookmail.com" and not "facebook.com" definitely set off an alarm. That was a really poor choice on Facebook's part, but it is definitely an address belonging to Facebook, as all my previous wall notification emails were also sent from a facebookmail address.
So this is apparently a legitimate email? All signs point to yes, except for the fact that the concept is kinda fishy. Oh well.
This is also a fairly new issue, since only a TechCrunch comment and a LiveJournal entry have mentioned this, all from this earlier month.
Overall, I have deduced that this is a legitimate email from Facebook, but people should complain and tell them they suck because of it.
I just got this same message and, thinking it was spam, junked it and just for funsies, tried to log in to FB. No dice. I'm glad I'm not the only paranoid person out there.
I just got the same email. My thought process was exactly the same as yours. :o)
It turns out that this is a legit email. I wonder what caused them to reset our passwords?
I have just received a message from: wallmaster+of=20929@facebookmail.com it purported to be a wall message from a friend and read:
Tracy wrote on your Wall:
"hey Jane, howdy?? lisen i got a new friend here..shex kinda new here..maybe you can give her a lil tym so she can enjoy here?? not forcin u but u can chk out =)
her profile is
[link removed]
I clicked on the profile link and immediately got a:
"Suspicious Web Page Blocked" from my Symantec software. So there is something very dodgy about this indeed!
Hey Jane.
It looks like that link is not a legitimate Facebook page (I've removed it so no one mistakenly clicks on it and logs in). The most important part is the beginning of the address:
facebook.com.profile.id.bvbu38.krpz.dortos.net/
"facebook.com" needs to be at the end, just before the slash. The website is actually located at dortos.net, and everything before that is only a subdomain. Most sites do this to trick you into thinking it actually is Facebook/whatever site.