I think my Facebook account has been hacked despite a very strong password and an Authentication app. My research suggests hackers can bypass this if they know your mobile number, but my mobile number is not on the account...how is this possible? I have changed my password and ordered a physical key as I understand that is more secure. Any other suggestions?
Don't have your FB account linked to third party apps/services? If so, it's possible that someone hacked into one of them and got your FB login credentials.
No, not that I am aware of. I checked the login record and it seems only I have logged in lately, Very strange. No sign of a rogue log in.
They have probably stolen your session. Log out of all sessions, remove all devices, then re-login. I would also reset all browsers or at least clean caches/cookies. Code: https://www.facebook.com/device_based_login/?from_accounts_center=1
If malware is present on the desktop/laptop system then it can just read cookies with session data. Malware may be in form of traditional Windows process, rogue system driver or browser extension. I would start by removing all unnecesarry browser extensions
n.b. I checked and there was a mobile number added to my account. I could swear there was none there when I checked and indeed I was getting prompts to add one (which I did). Could they steal my session without using my mobile to log in? I noticed my Contact details had been accessed about a week ago, but I do not recall logging in that recently.
Not too difficult unfortunately A former coworker used to steal sessions from other users and get into their Yahoo email accounts, just to show that he could.
How could he do this? And how to guard against it? n.b. I have meanwhile cleared all browsing data and am running a malware scan. But I do feel the session has somehow been stolen.
