Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mysterious login to long unused Facebook account


  • Please log in to reply
3 replies to this topic

#1 echidna44

echidna44

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 06 March 2018 - 01:33 AM

Five years ago I created a test Facebook account with a fake id, played with it for a day or so, and then registered an account with my real id. I have been using my real Facebook account on Chrome with the password stored inside the browser, so that when I go to Facebook it automatically logs into my (real) account. In the last couple of months I've tried using Safari instead. Last week, I accidentally opened facebook on Chrome, and was logged in not to my own account, but to that ancient fake account I haven't touched for five years, and had totally forgotten about. Moreover, today my wife received a spam message from that Facebook account.

 

I cannot understand how this is possible. The ancient Facebook account was presumably hacked. I am not sure what password I used at the time, but it was likely a short one, given that it was a test account (I use good passwords with 1password for all important accounts). But how could Chrome all of a sudden login automatically into that ancient account? Most importantly, is this a sign of a more serious security issue?

 

I would be grateful for any advice



BC AdBot (Login to Remove)

 


#2 zbuster225

zbuster225

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 07 March 2018 - 01:14 AM

OK, so lots of questions and a bit of missing information.

 

 - When you say chrome logged in automatically...are you aware that there is a feature in chrome that will save your logins between devices and sessions so that you can easily log in to various sites? This is likely the culprit to that part of your question.

 

- based on what you're describing, yes, the test account was most likely hacked.  The vector was most likely the short password or the (i'm guessing?!) burner email used to sign up.  Shot in the dark - did you use yahoo to sign up? They got hacked a few years back - subsequently any FB account using them is exposed.  More details on what email you used can help us help you.



#3 echidna44

echidna44
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 07 March 2018 - 02:08 AM

Thank you.

 

Yes, I did use a yahoo account to sign up --- an account with a false name that I use for websites that I don't want to trust. I don't have anything of importance there. 

 

The old Facebook account was certainly hacked. In the last several days there were logins from Russia: from St Petersburg and a from a small place called Inza that appears to be far away. Also lots of new fb friends, and porn like instant messages sent to some of them.

 

And yes, I do mean the Chrome feature that synchronises logins between devices. I don't believe though that I was logged into facebook with that old account on any other device. Could it be that my Google account has somehow been hacked?

 

Thank again



#4 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 9,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:06:13 AM

Posted 07 March 2018 - 10:24 AM

If your Google account were compromised you should definitely know it.

 

For several years now Google will send security notices if your account is logged in to either by a new device, even from your home network, or from one of the devices you use routinely if connected to a network that is outside your home geographic area.  As an example, I can log in to my Google account from home, or from the WiFi at any of a number of local businesses (even if it's the first login on that network) without receiving any notifications.  However, if I try to log in when I'm on the road in a hotel several states away I almost always get a warning during login that Google needs to send me a special code by e-mail or text to complete the login, and even after successfully using it to log in an e-mail is sent to the account saying that it has been logged in to and giving the location where that latest "unusual" login occurred.  In that e-mail you are given a button or link to review your recent activity and the recent activity page has a "Secure your account" button if you believe the account has been accessed by someone other than you (or an authorized user).

 

It's become almost annoying how nanny-ish Google has become about using Google services when away from home, but it does keep you apprised of logins (or even attempted logins) that are occurring away from your usual devices or locations.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1809, Build 17763 

Travel is fatal to prejudice, bigotry, and narrow-mindedness, and many of our people need it sorely on these accounts.  Broad, wholesome, charitable views of men and things cannot be acquired by vegetating in one little corner of the earth all one's lifetime.

       ~ Mark Twain

 

 

 

              

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users