Facebook account hacked. Is this common?

grumpycrab

Hi, just got a pukka email from Facebook saying...

"Your Facebook account was recently logged into from a computer, mobile device or other location you've never used before. For your protection, we've temporarily locked your account until you can review this activity and make sure no one is using your account without your permission." etc etc

Went to Facebook (not using email link) and sure enough my account was temporarily locked out.

Is this common on Facebook? My password wasn't a simple one (but I changed it anyway). Was it hacked or was this just a precaution on Facebooks part?

Browntoa

its common

had attempts on mine from florida and china

grumpycrab

Browntoa wrote: »

its common

I can understand people trying to login but what about successfully logging in?

tombruton87

its pretty hard to randomly hack an account, they obv managed to log in so did breach your security. loads of ways it could of happened.
1. the hacker has breached ur email and took it from there
2. you have logged in on a public wifi spot and you have been taken by a man in the middle

there are a few other things that could of happened, just change all ur passwords and setup a vpn for browsing public wifi spots

Sooler

It was probably the OP logging into their own account, the FB system just decided it didn't recognise the "computer, mobile device or other location" used by what ever method they use to decide this.

Notmyrealname

Sooler wrote: »

It was probably the OP logging into their own account, the FB system just decided it didn't recognise the "computer, mobile device or other location" used by what ever method they use to decide this.

This. I logged in using my mobile phone on free Wifi when in Spain. Got the message when I got back and logged in on the home 'puter.

eamon

There is always some bored kid in a bedroom far far away. He/she is armed with a broadband connection, a browser, free or possibly home made password generating/crackingsoftware, a good education and too much time. The next thing you know is that your FB account has been hacked by somebody in Belarus.

Ximian

Try the following when you access Facebook:

On your profile, click Account Settings (down arrow on the right)
On the left hand side, select "security"
Click on "Active Sessions"

You will now have a list of activity of when you last accessed the account, check the activity and see if anything looks suspicious.

On the same page you also have additional security options such as:

Login Notifications
We can notify you when your account is accessed from a computer or mobile device that you haven't used before. Choose a notification method below: Email

Login Approvals
Require me to enter a security code each time an unrecognized computer or device tries to access my account


The email can also be a phishing scam: http://www.hoax-slayer.com/facebook-secure-account-phishing-scam.shtml

grumpycrab

Interesting. The email I received wasn't a scam. I don't use public wi-fi locations. The reported location was in Asia (cannot remember exactly where but I certainly wasn't there).

Guess I should be impressed that FB temp locked my account. Also quite impressed with the array of security features at FB, although didn't know about them until I read the above post.

Still surprised somebody hacked my account with a non-simple password. Will now make my passwords more complex which is a pain.

Ximian

grumpycrab wrote: »

Still surprised somebody hacked my account with a non-simple password. Will now make my passwords more complex which is a pain.

It depends on the strength of the password that was used. If a password is based on a dictionary word then it would be very easy to gain access to an application using automated tools. There are password lists publicly available in different languages that are massive and contain iterations of common passwords with upper and lower case and numerics. It's better to use a passphrase which can be anything that is easily remembered, for example: "I live on West Street!" can become: "ILiv30nW35t5tr33t!" or anything that you like that is specific to you and that you won't find in a public word list. Passwords/passphrases should also be different for each website/application, most people will usually use the same password for their email, Facebook account, online banking etc.. which is very insecure. The modified passphrase above might be hard to remember especially if you have different passwords/passphrases for each application but with the use of a password safe you only need to remember one password/passphrase.

The following password safe applications are recommended:
KeePass: http://keepass.info/
Password Safe: http://passwordsafe.sourceforge.net/

If you need a password generator, there are a few that can be found online, for example: http://strongpasswordgenerator.com/

HTH

grumpycrab

^ thanks. Job #1 for the weekend.