Hamish McDouall says a new campaign page will be up and running in the next few days. Photo / File
Whanganui mayor Hamish McDouall’s social media pages are back under his control after a hack.
His private Facebook account was hacked two weeks ago, followed by the official mayoral Facebook page.
The mayoral page began posting a variety of videos – from ‘life hacks’ to horses breeding – from Sunday.
“Things got immensely crazy,” McDouall said.
“All sorts of odd stuff was being posted on there, including several equine encounters, a lot of advertising and some pranks. I think they were even trying to sell knives.
“Because my personal page had been disabled it was extremely difficult to get control of it (mayoral page).”
McDouall said contacting Facebook himself didn’t seem to go anywhere, so a council staff member approached Local Government New Zealand for help.
He eventually managed to talk to “a real person who works for Facebook”.
“They were absolutely brilliant, but it’s taken 72 hours off my life at least.”
Access to his private and mayoral pages was restored yesterday .
“The theory is that some hackers want to display that they can hack a person with a public profile,” McDouall said.
Netsafe spokesperson Sean Lyons said getting access to a high-profile account, which people looked to and got updates from, was “a higher value target’ for a hacker.
“We see this sometimes in scams and other kinds of online frauds.
“If a family member, friend, or someone in the public eye that you respect suddenly contacts you and say ‘I’ve made a fortune on this great investment scheme’, you might be more likely to say ‘tell me more’.”
Having his personal page back up and running was also a relief, McDouall said.
“I had a friend ring up when the account was disabled saying ‘What have I done? You’ve just blocked me’.”
A new campaign page, independent from the mayoral page, will be launched in the next couple of days.
The 2022 local authority elections will be held on Saturday, October 8, with McDouall aiming for a third term as mayor.
“This is quite a lesson in how vulnerable things are,” he said.
“Literally, it was a Sunday night two weeks ago and I was asked to log in to Facebook again on my phone.
“I did, and from that moment on I didn’t have control. You really need two-step authentification. That’s the best way to prevent this.”
Lyons said the most common forms of hacking came down to people having weak passwords or being “socially engineered”.
“They get messages telling them to reset their password or put in a password here to confirm it’s them.
“People can also have passwords that are too easily associated with them, therefore they are easy to guess.
“We all need to think about how good and how strong our passwords are, and whether or not we are using all the safety features that many of these platforms throw in.”
Names of pets and partners or date of births should not be used, and passwords needed to change for different platforms, Lyon said.
“Gone are the days of ‘tiddles123’ being an effective password.
“We need to be thinking about long, complex ones, and if possible, random strings of letters, numbers and special characters.”
McDouall said he received messages from concerned citizens following the hacks.
“They probably thought I had lost my mind.
“While cyberspace is wonderful for keeping connections and getting media out there, it’s also a mine of thievery, filth and fibs.
“I can confirm that my next campaign isn’t sponsored by ginzu knives or equine breeding.”