Someone keeps logging into my Facebook from an Unknown Location

The first time this happened to me was during the summer, and facebook alerted me and logged me out of my account. The person who logged in did it from France. This has now happened to me twice in the last 2 weeks, and both times the location has been unknown only giving me an ip address which can't be tied to a location.

I'm using chrome and wondering what I can do to stop this. Is there a key logger on my system?

Change your Facebook password to something long & complex (like more than 12 characters using upper and lower case, numbers & special symbols). Make sure you're not using that password anywhere else.

If any other accounts of yours use the same password as the compromised Facebook password, then change them all to be unique.

If it happens again after you have a new, unique, strong password, then it's time to look at other problems.

Quote:

---

Originally Posted by Ms. Daisy

Change your Facebook password to something long & complex (like more than 12 characters using upper and lower case, numbers & special symbols). Make sure you're not using that password anywhere else.

If any other accounts of yours use the same password as the compromised Facebook password, then change them all to be unique.

If it happens again after you have a new, unique, strong password, then it's time to look at other problems.

---

Just out of curiosity, what other problems could they be?

Quote:

---

Originally Posted by shizz

Just out of curiosity, what other problems could they be?

---

This goes for me as well.

When I said "other problems" what I was trying to say was that I would not leap to the initial conclusion that you have a keylogger installed on your computer based on what you've said. IMO the most likely fix for the problem is to change the password to a new, strong, unique password. If you change it and still have the same problems, only then would I personally start to think about something locally being compromised.

Rather than lay down 1000 possible ways it could have happened, it would be more productive (IMO) to see if changing the password fixes the problem. If not then we can explore other possibilities.

edit: Another way to tackle it is to consider all the accounts that you access from the same computer. Have they been compromised? If they all have then I would consider the possibility of a keylogger. If it's only been one account, then it seems unlikely it's a keylogger. Personally if I went to the trouble of installing a keylogger on someone's computer, I would be far more likely to log into the victim's bank account instead of Facebook.

I don't think someone from France would hold a grudge on you bro. It's probably a VPN or something of the like. When i used to hack i used programs like Hotspot Shield and PeerBlock and even though im in Australia my computer was in Argentina if you know what i mean.. I'm not a hacker anymore though. I instead help people protet themselves from hackers. PM me if you need any advice.

Quote:

---

facebook alerted me and logged me out of my account.

---

What I don't understand is why Facebook alerted you and let the other person in. How do they know it was someone else?

A member of my family gets these alerts and becomes agitated, wanting to change password (again) I don't believe anyone is interested in her account. I know she has more than one facebook acct and I believe she's tried to sign in with wrong user name/password, mixed them up. Facebook holds no info that a hacker would be interested in.

Facebook also sends out virus alerts and so on, many more than other social sites. Be careful, keep security up to date and don't open attachments and you should be safe.

If it is a hacker, I'd bet it is someone who has access to your computer--a joker.

Facebook profiles their users in order to detect odd activity. They keep track of the geographic location a user logs in from most of the time, and if someone attempts to log in from a different location it will send out a warning message.

As for why someone would want to, mostly for spamming and if they're lucky you've put your phone number in there and they can sign you up from premium SMS services. A little bit of easy money is better than a lot of impossible money.

Can't say for sure what happened, but the way it usually goes is that people either have weak passwords that are easily guessed and/or they use the same email account for another site and that site got breached. Then if the password is the same for whatever got breached and Facebook, the attacker is in. Or we're back to the password being something different, but weak. In certain circumstances, the email account associated with Facebook is what gets compromised, allowing the attacker to forward all email to another address under the attacker's control.

Quote:

---

Originally Posted by critin

What I don't understand is why Facebook alerted you and let the other person in. How do they know it was someone else?

---

They know by the geographical location of the IP or lack there of, in my latest cases. Also it logged me and the hacker out completely. Shutting down my account until I change the password basically through a link in my email.

My hotmail account was phished last year and the passwords used to be similar so it may spawn from that.

I reckon I'm just going to give new unrelated passwords to everything I can. It would be a big job though...

Thanks for all the replies.

Quote:

---

Originally Posted by shizz

My hotmail account was phished last year and the passwords used to be similar so it may spawn from that.

---

That's my guess.

Quote:

---

Originally Posted by shizz

I reckon I'm just going to give new unrelated passwords to everything I can. It would be a big job though...

---

Doesn't have to be. I think this site is pretty cool: http://www.passwordcard.org/en

There are a lot of ways to come up with long complex passwords that you'll remember. Here's a website that discusses it: http://www.technewsdaily.com/2347-ho...passwords.html

Quote:

---

Most experts agree on the basics of creating strong passwords. Here are some tips from the Identity Theft Resource Center:

• A password should contain at least eight characters (some experts say 10 or 14 characters is the minimum).
• The password should have at least three of the four following types of characters — upper-case letters (ABC), lower-case letters (abc), numerals (123), and punctuation marks or other special characters (!#$%&*_=+? ).
• If you’re using only one capital letter or special character, don’t make it the first or last character in the password.
• Avoid common names, slang words or any words in the dictionary. Computers can run through entire dictionaries in minutes.
• Don’t include any part of your name or any part of your email addresses.
• Choose an especially strong password for websites that hold especially sensitive personal information — for example, banks or online retailers that store your credit-card information.
• Don’t ever refer to anything that can be learned from your social networking profiles or an Internet search. In other words, don’t make it your favorite band or movie, your pet’s name, your nickname, your phone number or, especially, your birth date.

Here’s a good way to create a strong password. Pick a phrase you’ll remember. Take the first letter of each word and run them together into a “word.” Capitalize some letters and substitute numerals where it would make sense to.
For example, the phrase “I hate to work late” could become “iH82wkl8.”
Or tweak that formula and don’t abbreviate all the words. "This little piggy went to market" might become "tlpWENT2m."

---

Don't upload your password on any "test" sites. You're basically giving your secret password and the strategy you used to create it to a stranger. Bad idea.