Hacked twice by the same person

Relentless81

Relentless81

Relentless81

Soldato
Joined
18 May 2010
Posts
12,868
Hi,

I could do with some advice on the following issue from those in the know please.

I cant go into too much detail as I know who is doing this and they potentialy could be on here and I need to keep my cool.

Basically about a month ago a Facebook and email account were hacked, we dont how it was done and at the time we didnt know who it was, we recovered the accounts easily enough and put it down as one of those things

Last night the same happened again, this time the person made us aware who they are by making certain changes to the facebook account however this time they went as far as they could to ensure that the accounts could not be retrieved

There is no possible way this person could know the passwords used for both accounts, both accounts had different passwords

A laptop could potentially have been comprimised by this person I've ran a few things on it and picked up nothing, also I've used this laptop and nothing as yet has happened to my accounts

Please list all the potential ways this person could have gotten hold of the passwords as we are certain it will happen again if its happened twice so we need to ensure this person cannot continue to do this

Thanks for any help, please ask any questions relevent that could help you help me but not personal questions please, thanks.
 
Are you writing down passwords? Or are they easily guessable? (Relentless81, password.. etc)

If it's a password that only exists in your head and is complex like: [email protected]
Then you must have a key logger or trojan, i'd run malwarebytes on any computer you have accessed facebook from.
 
Certain email addresses show the different places they have been connected from. I know Gmail does this, not sure about others.

Once someone has access to your email they don't need to know your facebook password, they can just send a reset request.
 
Were the passwords simple? (<8 characters, no capitals, no symbols, no numbers).

Connecting e-mail account compromised?

Passwords written down somewhere?

Compromised PC?

Has one of the accounts been left logged in on a machine?
 
make sure you change you email password and security question as well as the on in facebook..

then try and do a password reset for your email and facebook to be 100% sure you change the right stuff and there are not more options you forgot to set...

also make sure you email is not forwarding to another address..
 
Does your email account have a secret question to reset/change the password? If you set it up in a hurry, you might have put a question that someone who knows you might know the answer to EG what primary school did I attend.
 
As above the obvious thing to check on is your email account. If they have access to that or a way of resetting it's password. It downhill from there to resetting your facebook password.
 
if/when you get access back, turn on two-factor authentication on FB/Gmail.

Whenever I try to log into FB from a device I have never logged on from before I get a text message with a code. Maybe you should turn that on?
 
Either compromised your machine with rootkit and from there can just grab your passwords with various methods.

If he had access to your email account he might have added a secondary email account, so when you reset you password he just requests a new password reset.
 
Have you been using your laptop on their Wifi? I know theres a program for android phones which can sniff the details of facebook when somone is using a laptop
 
The passwords were a mix of upper and lower case but not particulary complex. I've ran Malware bites and it didnt detect anything

I'll check the email account and see if it can see where its been connected from but this person would have used a proxy I'm sure

We dont write down passwords, there is no way this person could have known them

I didnt know you can reset the FB password using an email account, thats interesting to know

There is smartphone access to FB
 
General advice:

Use 1password* and it's browser plugin. With a secure master password you can create secure passwords that you don't need to remember.

Use two-step authentication.

Use the ability to verify the account if accessed from another computer.

Use a secret question that is not easy to guess (you can keep the answer secure in 1password)


That should stop just about all but the really serious crackers.


* Other program's probably do the same but I use 1password and it works well for me.
 
Make sure that you check the recovery email address for your gmail account, they could've tried to sneak their own one in there and could be easily recovering your password through that.
 
Relentless81 said:
This is how its been done, its just dawned on me, this person would know the answer to the secret question many thanks appreciate it.
Click to expand...

People tend to forget about the secret question/answer combo once they've created the account. No point in having a complex password if you got an easily guessable secret question.
 
For facebook turn on mobile verification, when you sign in from a new device it sends a code to your mobile which you need to then enter.

Gmail has the same sort of feature with two-step verification.
 
Yep, thats the most common way. A simple question which then allows you to reset the email account password. That email account is then tied to Facebook so you can see the Forgotten Password email.

If you're using Gmail, the easy way to stop this is by using 2-step Authentication. You'll need a Smartphone with you at anytime you wish to access the account (although you can allow for 30 days).

If you're using something like Hotmail, i'm not sure if they offer anything similar.
 
You must log in or register to reply here.
Back
Top Bottom