It seems a prominent politician’s Facebook account has been hacked, leading to an embarrassing series of screenshots going public. Sounds familiar, doesn’t it? Lovely Warren is in hot water, again. This time for allegedly sending out a scathing FU message to someone on Facebook – none of the reports are saying to whom the message was sent. The official response? Oh, man:

The mayor’s office says that there are several people who have access to Warren’s official and personal accounts, and she is working to see where the message in question came from.

Here is the portion of the conversation attributed to Lovely Warren’s account:

A portion of the conversation which has been attributed to Lovely Warren's account.

A portion of the conversation which has been attributed to Lovely Warren’s account.

She has since shut down both her personal and official accounts “until further notice.” So, let’s ask a few basic forensic questions.

7 Questions for Lovely Warren

  1. According to the screenshot, this appears to be a Private Message on Facebook. To whom was this message addressed?
  2. Let’s not assume anything. Do we even know that the offending message was sent from Lovely Warren’s account? Just because the Mayor’s Office says it is so? All that I see is a “chat head” with Warren’s picture on it?
  3. If indeed it was sent from a Lovely Warren account, from which account was this sent? Her personal account or the Fan Page?
  4. If it was her personal account, Facebook keeps a record of every IP address and login, including the “user agent,” or the software being used to access the account. Has this been checked? Or not?
  5. If it was her Fan Page, these types of accounts are not allowed to message someone directly unless they’ve been written a message by that fan first. Most Fan Page admins disable messaging primarily for this reason. Why was this option not disabled on Lovely Warren’s Fan Page?
  6. Fan Pages can also have multiple editors: any number of people can use the Page and post messages. Facebook has a good breakdown of which user roles can do what, and not all of them can send messages. Are all her editors administrators?
  7. Every editor’s activity can be logged, since they’re separate user accounts. Was none of this done with the Lovely Warren Fan Page? Was everybody just logging in as Warren to access her public page?

I could prattle on about the security aspects of this. Unsecured accounts and all that. Update: There are also legal questions, which I address here. How many more and how many mission critical accounts are sharing passwords? But really, this is just dumb, dumb, dumb social media flub for which the Mayor’s Office and Lovely Warren herself need some organized answers, soon.