Strange experience - no-one is immune - be extra* careful on the internet.

[Outlaw23]

Hi everyone,

 

yesterday I couldn't login to my Facebook account and (I found out that) my email address was being used for another account. I never authorized this change. This has never happened before, and I've always added extra security to every** account I've ever made on every website I've ever used. Regardless, I wanted to share this (and enforce a vigorous reminder) that this can happen to anyone, and no-one is immune. I've changed my passwords just in-case (and I've always* used difficult passwords, I still don't know how someone else added my email to their account, because Facebook would have to send me a confirmation to complete it, and of-course, I'd never accept it). Please be extra, extra* careful on anything you use online. It doesn't matter how safe you are, you will never be 100% immune. The internet may be the only puzzle in this world that will never be 100% cracked & figured out, despite billions of people using it everyday. Thanks guys/gals. Stay safe out there.

[Snuffs99]

As it was your email you could have logged in to the "new" facebook account via lost my password which would be sent to your email......then login and delete the "new" account?

 

Not really the place to go into too much detail but i've played a lot over the years with many things (Sentry MBA, vertex, SNIPR etc etc) and it is really not as hard as you may think to "hack" accounts ranging from forums like this one to grabbing netflix accounts etc etc.

With decent email and password combo files and with a few decent proxy servers to chew through you can more or less set and forget tbh, only returning to see any "hits". 

 

Security wise for the average user its your main email that matters, this should be kept safe. Everything else like facebook, forums accounts etc can be hacked all day long because if your main email is safe you can always secure any hacked accounts with via your email and "lost passwords" etc.

Your email password should be totally unique to all your other account passwords and you should also have at least 1 backup email on file for your main email so you can still access your main email if its hacked or you do forget or lose the password etc etc.

2FA although can be a help its not 100% and is possible to bypass with the right tools so your quite right that your never 100% immune.

 

I'm glad you got it sorted but i'd be more curious to know how they manged to set up another facebook using your email if its already on a facebook account, either way i don't use facebook for these very reasons...Saying that i've never had any account hacked so fingers crossed i'm doing sommat right.. 

 

😄

 

This is a handy site for checking to see if your email is floating around out there, i've never been hacked personally but one of my emails was "obtained" via an adobe hack years back. I do still use that email address though as it was the adobe account that was hacked and not me.

 

https://haveibeenpwned.com/

 

Edited July 30, 2022 by Snuffs99

[rMks]

🤔 interesting

 

Edited July 30, 2022 by GHARIB
email removed from SS

[GHARIB]

Unfortunately , depending the web applications, passwords are not the only way to validate authentification, and could be bypassed... Even 2FA ... Even facebook -> & Even with the use of strong passwords as said @Snuffs99 : 

18 minutes ago, Snuffs99 said:

Your email password should be totally unique to all your other account passwords and you should also have at least 1 backup email on file for your main email so you can still access your main email if its hacked or you do forget or lose the password etc etc.

This is the good thing to do!

 

You would be surprised how many times 2FA bypass or accounts takeover have been reported to Google or Facebook during the last 10 years - everytimes with different techniques and more and more imagination/creativity

 

Glad that you have recovered your account and take care!

 

 

 

Edited July 30, 2022 by GHARIB

[Snuffs99]

@rMks

If that is a private email addy mate you may want to omit it from the screenshot.

It should give you a list further down where it tells you when the accounts were hacked and what they got off with from where (emails passwords etc) and shows why your main email account should always be unique. First thing a hacker is going to do is go straight to the email provider account and see if they can login with the same email and password they hacked from elsewhere, if your silly and have used the same passwords for all your accounts or even 1 the same as your email then its game over. 

 

Key to remember is if it can be locked it can be unlocked, if it can be protected it can be unprotected, if it can be encrypted it can be decrypted and so on.

 

 

 

 

Edited July 30, 2022 by Snuffs99

[GHARIB]

2 hours ago, Snuffs99 said:

Key to remember is if it can be locked it can be unlocked, if it can be protected it can be unprotected, if it can be encrypted it can be decrypted and so on.

When you can not open a reinforced door, if a window is open, you don't need any key.

 

Edited July 31, 2022 by GHARIB

[Outlaw23]

Everything is working good for me. It's a massive bug/glitch how things like this can happen, because whenever I've tried to add a different email to my Facebook login, I've always* had to confirm it first through email. I don't know, maybe every engine, system, database, etc. out there will always have some kind of issue(s)? despite the claims that they're safe/secure for everyone to use (e.g. Facebook).