BleepingComputer.com: Strange Facebook Logins?

I received an email today that said it was from Facebook, warning me that "Your Facebook account was recently logged into from a computer, mobile device or other location you've never used before. For your protection, we've temporarily locked your account until you can review this activity and make sure no one is using your account without your permission." Yeah I know, never click on an email link like that.

I'd actually forgotten about it till I went to actually look at my FB (from a link in my Favorites) and it told me the same thing and forced me to re-log in. After authenticating me I changed my password and it showed me that I'd logged in from Irvine, CA. Nope, not me!

So, I'm a reasonably adept computer user, actually been in the business for about 20 years. I still thought I might post some logs and get a second opinion.

The only other thing I can add that *might* be pertinent, is that my µTorrent updated and added that "Conduit Engine" toolbar without me noticing it right away. I actually use Chrome and never saw it till I was checking out some other stuff. It's removed (as far as I know) as is µTorrent. Was nice while that lasted.

TCPView logs attached, thanks for any pointers.

You should probably enable the new 'https' secured browsing feature for Facebook - if you play social games they will be blocked if you use the new feature.
Make sure you dont have any strange Apps on your FB page, most problems in FB are from apps an the malware within an there are some good ones floating around waiting to steal accounts.
There is a good page up Facecrooks plus the FB Security page that offer a lot of helpful articles.

I don't play games, and have no apps enabled. Really pretty surprised about the whole thing. It's my experience that an individual's account is rarely "hacked" but more falls prey to other events.

you are correct usually users just fall for a scam / click a app - sometimes it comes thru email, recently there has been a few scams thru email - even FB Security site was compromised an spam was sent out.
there have been so many tricks used to spread stuff in FB its hard to keep up, they have even used photos.
check out the Facecrooks page you may like it.
yesterday morning a friend of mine had her site hacked an FB closed it down - so it does happen its just not that common for a straight out hack to take place.

I have been using https:// although I did not know about the setting in the Account Security area. Facecrooks is a good one ... I'll save that to share with my less savvy friends who often fall for that stuff.

(of course if I in fact fell for something and that's the root of my problem I'll be very, very embarassed)

I ran a Malwarebytes scan and found nothing except for it keying off a copy of RemoveWAT I had stored. Still really curious what's going on.

TCPView log looks clean as well. Was the password easy or strong?

Was easy, is now strong. Just seems strange because there's no real reason to expend any effort to target me. It must have been part of a larger issue.

Thanks for the review, that's one thing off my mind at least.

they got a good number of users this weekend with one scam - 'see who is looking at your profile' - or something similar,, really it doesnt take but a click of the mouse in FB to get your account messed up
lots of people dont pay attention to the fact that when you click some apps they ask for access to your account - thats when the problems start the app is a scam with a bit of malware included - your account is either taken over or starts spewing out spam till you get rid of the app , which sometimes is a little harder than it should be

This post has been edited by Davkal: 06 February 2011 - 01:08 PM

Am aware of all the social engineering apps on there. Have never clicked on one that I know of. Oh well ... hopefully the problem is averted.

I also had my account hacked by a similar location, as did a friend...as with you I never used any of the "apps" or games but he did, so it sees a bit random. Could have been a brute force attack or maybe hacking FB database? Could have been something as simple as that.