Bit of a traumatic episode 2 nights ago.
Someone, I've no idea who, had access to my FB account. I don't use it much, don't have many 'friends', never post, rarely access it, but they read my messages. Some very private messages, about a recent very unpleasant episode in my life.
Then they created an Insta account in my name. They used that account to send a message to one of my FB friends via their Insta account. They went so far as to cut and paste another message I'd sent someone else via FB but tailored it with the recipients name and subject matter (sorry, I'm being really coy I know).
I only found out when the recipient sent me a FB massage to ask if it was me.
I don't know what to make of it, I should know better. Cyber security is a big part of my job, but I've had Fb for years, no MFA, a password I've used for loads of things or years, terrible drills really.
I just don't see why anyone would do it? It's a very targeted 'attack', we see this sort of thing in work, but the hackers are trying to extort money via fraud. Yeah there's always that Bored Teenager in Oklahoma with too much time and redbull on their hands, but it's just plain weird, all they managed to do was upset 2 innocent people who'd rather just get on with their lives. I have to assume it's personal, but I haven't done anything wrong, certainly nothing to upset anyone like that. It was pure evil really.
Anyone hear of anything similar?
all they managed to do was upset 2 innocent people who’d rather just get on with their lives
If its personal I'm guessing they don't think at least one of you fits that description.
As it is I'm going to go for some people are just assholes. Or as it was more famously put:
some men aren't looking for anything logical, like money. They can't be bought, bullied, reasoned, or negotiated with. Some men just want to watch the world burn
The internet is full of them.
I have to assume it’s personal,
If its personal you're talking about something thats pretty difficult to do - so someone would have to be motivated to target you personally, and also have the skills to do so. You may not have been super vigilant with your passwords in terms of using shared passwords across several services - but someone who knows you wouldn't know that - so where do they start to identify passwords and accounts you've used elsewhere?
If its not personal then its something thats pretty easy to do. Seems the more sensible assumption is its just random dickery. Compromised passwords and so on are shared around equally amongst people who have have real nefarious, profit motivated ambitions to hack accounts and people who have no real motives at all other than to play at it.
Sounds personal. Rather than hacking your account does someone else have access to a phone or computer (e.g. your work one) with facebook already logged in?
Try going into facebook and then your activity log. You should be able to see when you have logged in and from which IP address. There is another page that will give you a list of active sessions and again that might give you a clue as to if it's your machine or someone elses
I wouldn't assume it's personal.
Just look at the number of spam "I lost 35lb in a week with $25.99+p&p shredageddon pills", each of those is a hacked account.
They'll just use your account to spam your contacts untill they get booted out.
Then they created an Insta account in my name. They used that account to send a message to one of my FB friends via their Insta account. They went so far as to cut and paste another message I’d sent someone else via FB but tailored it with the recipients name and subject matter (sorry, I’m being really coy I know).
Might just be a basic way of fooling Facebook into making it appear the accounts are active and not hacked. Or a con, the next message will be "I'm stuck in Cambodia, can you Western Union me some money for medical bills". Doesn't immediately scream personal attack unless it's VERY specifically targeted?
Either that or you're setting up a very elaborate backstory to cover up for sending d*** pics?
I’ve had Fb for years, no MFA, a password I’ve used for loads of things or years
That's your answer right there, I'd expect.
Either that or you’re setting up a very elaborate backstory to cover up for sending d*** pics?
To everyone at work.
I’ve thought many a time on the mirth and merriment that would ensue if a work teams account was hacked.
Having to prove the genital wasn’t yours.
A doctors note perhaps 🙂
For stuff like this I generally assume that it's just broad-spectrum compromise "because they can". As Couger said above, no MFA means that it's easy for some scrote with access to a credentials list to chance it with FB and see if you have been slack on changing passwords.
For them it's all about money and how much other access they can get hold of. At some point, they'll find someone that is willing to pay to get their account back.
Things to do now:
1. Get your account back
1a. Change your password
2. Enable MFA with something like Google Authenticator on a trusted device
3. Set a recovery e-mail
4. Think about how many other places use that combination of mail address and password for a login. Change those too.
This is handy to see if your reused password has been compromised:
