Blog Layout

How and why was your Facebook hacked?

Sally Latimer-Boyce • September 18, 2021



As a professional IT Consultant (and occasional user of Facebook), I wrote this article after my own Mother's Facebook account was hijacked...


... The perpetrator was only after my Mother's Facebook identify - and thankfully she was not scammed as a result.  However, she did ask me why they did it, how they did it, and what she could do to prevent it in future.   The easiest way for me to explain was anecdotally:-




--


John has a Facebook account. He logs with his only email address ‘john@john.co.uk’ with the password ‘RedApples’ (John likes red apples, so it is his favourite password.)


One day,  John registers on a website selling Garden Furniture.  He sets up an account with "gardenfurniture.com" and activates the account using his email address and favourite password (so that he doesn’t forget it later).


Five months later, the garden furnitures website is hacked and  thousands of registered users emails addresses and passwords are stolen (including Johns).  Now the list of login names and password is on the market, available to the highest bidders.


Eric is just one of many who buys that list. 


Eric is now free to attempt these credentials for ill gotten gains.


He comes across john@john.co.uk on the list - password "RedApples".  Eric tries logging into Barclays, Amazon, NatWest, Facebook etc (Eric has no idea if he will be successful, but he has both the time and incentive to persevere).   Eric is successful - Facebook proves fruitful and he is now logged in as John.


Now Eric has access to John's account - including Johns list of contacts.  Eric exports a copy of Johns contacts (together with copy of Johns profile photos) and creates a brand new facebook profile (in Johns name).  He uploads Johns profile photos, adds a few extra posts copied from the original hijacked account, then logs off - leaving the original Facebook account untouched (no need to draw attention to his unsolicited use of that account).


From the new fake Facebook account, Eric is now free to send all of Johns contacts a Facebook request - knowing full well that many will unwittingly accept.  A few accepted friend requests later, Eric now has an audience of PEOPLE WHO TRUST HIM BECAUSE THEY THINK HE IS JOHN. .  Worse still, Eric can communicate with Johns contacts without John knowning, because the communication is not happening from within Johns original account. 


Eric now has an audience to illicit loans from, or to hook into narrative that leads them right into a scam. 


THE MORAL OF THE STORY? Do not re-use an already active password.  Use different passwords for every site.  Additionally, use a third-party password tool to generate and manage your online passwords.  Users with different passwords for every site are less likely to get hacked in the way described above.


 

--


I have now reset my Mother's Facebook password, and enabled two-factor-authentication (instructions below).  I also changed her profile picture (so that it  no longer matched the fake account).


I did actually receive a friend request from fake account holder  (which I subsequently accepted).  I then observed who he/she had befriended and subsequently private messaged those I knew to warn them that they had accepted a friend request from a fake account.  I then sat back and watched the quantity of "friends" start to drop on the fake account - with much pleasure!)   I also posted on the wall of the fake account with a message of my own:


 "warning! this is a fake account - do not accept requests or communication from the trash who created it"!   


Within 5 minutes of my posting, the fake account was deleted. One small victory.


Of course, there are other ways in which your online accounts can be compromised.  This was just one of them - and topical to what happened to my loved one.   


Surf safely everyone.


Sally Latimer-Boyce






HOW TO CHECK IF YOUR EMAIL ADDRESS HAS BEEN COMPROMISED


You can check to see if your email address has been breached by using this third party website.   Simply enter your email address then

click PWNED?   


This  tool will list website sites that have been breached (assuming it was reported by the website owner) - giving you the heads up on whether or not you should change your password.  Dont panic if this site says you have been "pwned" - just look at the section "breaches you were pwned in" and make an informed decision as to whether you need to change your password for any of the listed sites.


PASSWORD MANAGEMENT TOOLS


I would recommend a password application like 1Password and MSecure (links below). You do pay a small subscription for them, but it is worth it to keep your passwords safe.



HOW TO SET UP TWO-FACTOR-AUTHENTICATION ON FACEBOOK


On your PC or laptop, do the following:


- login to Facebook and go to Account > Settings and Privacy > Settings

- Click SECURITY & LOG

- Click EDIT next to "use 2-factor authentication"


Yyou can then chose your preferred method.  I personally use "Text Message (SMS)" because I find that easiest, but have a play with all the options to find the one that suits you.


HOW TO REPORT A FACEBOOK HACK


You can report a Facebook hack using this link:    REPORT HACKED ACCOUNT TO FACEBOOK.

Windows 11 uptake is at an all-time high – what are you waiting for?

By Sally Latimer-Boyce February 3, 2025
If you’re still attached to Windows 10, now’s the right time to upgrade. Here’s why…

Time saver - Auto-launch your favourite Windows 11 apps

By Sally Latimer-Boyce January 27, 2025
Imagine starting your PC and your favourite apps open automatically. It's a small change that could save you a lot of time. Here’s how to make it happen...

If Microsoft can pull this off, it'll change your workflow forever

By Sally Latimer-Boyce January 20, 2025
Wouldn’t it be great if your Windows 11 computer could handle tasks like a real-life assistant? Soon it might be able to and we’ll tell you all about it here.

Windows Hello gets a new look and improved security

By Sally Latimer-Boyce January 13, 2025
Is your business using Windows Hello yet? It offers easier and more secure login methods – and it’s about to get an upgrade. Here’s what’s changing.

Here’s how to fix that Windows 11 File Explorer glitch

By Sally Latimer-Boyce January 6, 2025
Is your business running version 24H2 of Windows 11? You might be experiencing a small but annoying glitch when clicking “See more” in File Explorer. Here’s how to fix it.

Beware that support call – it could be a ransomware scam

By Sally Latimer-Boyce December 30, 2024
Would your employees give an unknown caller access to your business devices? But what if they got a Teams chat from someone posing as Microsoft support? Here we tell you all about a new ransomware scam

Security alert: Attacks on business email accounts are surging

By Sally Latimer-Boyce December 23, 2024
Your business relies on emails every day – that’s exactly why scammers target them. Here’s what you need to know.

Can’t find what you need in Teams? This makeover will increase your business’s productivity

By Sally Latimer-Boyce December 16, 2024
The latest feature update in Teams is bringing a central notifications hub to keep things more organised. And a whole host of other useful features. We’ll tell you all about it here.

Security alert: Does your business have old logins for ex-staff?

By Sally Latimer-Boyce December 9, 2024
What’s easy to overlook but could leave your business open to cyber attacks? Unused logins. Yep, something as simple as failing to delete an old account could have serious costs for your business…

How future-ready is your business’s IT

By Sally Latimer-Boyce December 2, 2024
Your business’s tech might be working well today, but is it ready for tomorrow? A new study has found more than 60% of business leaders aren’t confident about theirs. What about yours? 
More Posts

Definition:  Meaning of Blog

A blog is a shortened named for "weblog”.  It is an online journal or informational website for writers to share their views on an individual subject.

Share by: