Why Am I Logged Into Someone-else’s FriendFeed?

Robert Siciliano Identity Theft Expert

I have pretty tight controls over my network and access to my 510 usernames and passworded accounts. Yes he just said “510”…and counting. I have full administrative rights over every PC and nobody else has access to my home or office. So it came as a surprise to me when I went to log into my FriendFeed account to make an adjustment and I discovered I was logged into someone-else’s account. Serious, no joke, I’m not stupid. I have FULL access.

The account is owned by Canadian who sells diet pills and skin care. There are 3 feeds coming into the account all being sent from Ping.fm. I am able to access the full dashboard and change the picture, email associated and add or delete feeds. The dashboard provided me with the existing email address of its owner, and of course I emailed him to let him know of my access. But of course he hasn’t responded. I’m probably in a spam folder.

My first thoughts were that I have spyware and someone is able to remotely access my machine and use it as their own. I did a full system scan and there is nothing on my machine. There is no other strange activity going on so I’ve narrowed the issue down to this one account.

Meanwhile ABCNews.com reports that A Georgia mother and her two daughters logged onto Facebook from mobile phones last weekend and wound up in a startling place: strangers’ accounts with full access to troves of private information.

The glitch — the result of a routing problem at the family’s wireless carrier, AT&T — revealed a little known security flaw with far reaching implications for everyone on the Internet, not just Facebook users.

In each case, the Internet lost track of who was who, putting the women into the wrong accounts. It doesn’t appear the users could have done anything to stop it. The problem adds a dimension to researchers’ warnings that there are many ways online information — from mundane data to dark secrets — can go awry.

Several security experts said they had not heard of a case like this, in which the wrong person was shown a Web page whose user name and password had been entered by someone else. It’s not clear whether such episodes are rare or simply not reported. But experts said such flaws could occur on e-mail services, for instance, and that something similar could happen on a PC, not just a phone.

If this is what’s happening to me then it can happen to anyone. There is a logical explanation for this, and I don’t have it. If someone does, please chime in.

Like there aren’t enough security issues we now have to deal with hiccups on the internet that log us into someone else’s account because of switching errors. At least if it was a virus we could point a finger at someone. But now, based on what’s happening here, we can only point the finger at the “Internet” as a culprit. This is freaking me out.

All the more reason to protect your identity.

  1. Get a credit freeze. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  2. Go to my website and get my FREE ebook on how to protect yourself from the bad guy.
  3. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano identity theft speaker discusses lack of security in online banking on CBS Boston