Kitz Forum
Chat => Chit Chat => Topic started by: sevenlayermuddle on October 13, 2018, 11:11:59 PM
-
Earlier tonight I got a notification that somebody was trying to login to my facebook account. It was convincing, I’m sure it was not phishing.
Curious thing is, my facebook account is locked down and publicly invisible. So a prediction, is yet another big security breach about to hit the headlines? :o
Most recent security breach affecting me was British Airways, I had to cancel a debit card I’d used to book a flight. But althought the villains got all card details including CVV, along with email addresses and personal details from BA, they didn’t get any passwords. So that does not explain an assault on FB. Unless there’s more news to follow. :D
-
The latest Facebook hack is still the headline article on the BBC Technology website.
https://www.bbc.co.uk/news/technology
-
With respect, I regard that article as an a successful attempt by FB to dupe the BBC into providing free advertising, coupled with the fact that those who are drawn towards social media tend, on the whole, not to be terribly IT savvy. As the song lyrics go, “any publicity is good publicity”.
In my case, I joined FB as a means to an end, to participate in a reunion of old colleagues. I never posted any info on FB, nor did I receive any. Interesting then, that an attempt should be made to hack such an account?
-
I presume the BA email address you used was different from the FB one, if not that could be one explanation of the attempted login/hacking.
-
My email address is well known, and has been leaked in various breaches.
But for somebody to attempt a FB login, I’d say it seems fair to assume they were also in posession of a password that they thought was worth a shot? The only breach I know of, affecting myself that included passwords, was linkedin, but that was many years ago.
-
if you have 2FA enabled then there really isn't anything to worry about even if they did have your email address and correct password.
-
Absolutely, no worries about a sucessful hack, my account is pretty secure. It’s also completely empty, hidden etc, I set it up as a one-of means to an end ages ago, to participate in a reunion of old colleagues.
I’m just more curious that an attempt was made in the first place, to get past the first hurdle, ie password. It could just be some random person who knows me getting mischievous, which would be nothing to worry about, albeit a bit creepy.
But if it were an automated login, part of a mass hacking operation based on recently stolen credentials from some other site unconnected to FB, well that would be more interesting. :)
-
how do you know they got past the first hurdle? (you suggest they got the password correct).
your initial post said that you got a notification that someone was "trying" to access your account - that doesn't equate to knowing your password.
-
I got a notification from FB offering assistance with login, as they had “noticed I was having trouble”. It went on to say that they’d sent that email because there had been an “unsuccessful login attempt.” Since I had not tried to log in, successfully or otherwise for several years, I deduced that somebody else had tried to log in using an incorrect password.
So no, they didn’t get past the first hurdle. They didn’t get the password correct. They attempted, but they failed. I am puzzled how anything I said could have given the impression that they succeded. :-\
-
you suggested they were in possesion of a password that was "worth a shot".
you didn't make clear that the password they had was correct or not (you would know if it was as you'd have had a prompt via 2FA).
if they didn't have the correct password then there is no issue, and probably not even worth a second glance from anyone.
it could simply have been someone with a similar email address to yours which they mistyped when trying to log in to a legitimate account.
i often do similar with username on certains sites (where someone already has the username i would generally use) and i try to log in using that username when in fact i've signed up using a different variation of it. they would get an email saying someone was trying to log in.