HACKER Q&A
📣 beatthatflight

How can I further secure my Facebook after two hacks?


I've had a takeover of my personal Facebook twice this week. I get email notifications that the person has changed the email to an outlook address (Same one both times), despite their IP being in Vietnam, then Australia, then Bulgaria, so presume a VPN or something.

I had a unique password. It's not on any haveibeenpwned lists. I had 2FA through Authy.

I had to submit photo ID to facebook to prove it was me and got it back, and am in the process of doing this again.

I'd changed to a new 2fa tool AND switched my password to a new unique one. I checked all apps, posts, messages, and forced sign out of every facebook device that facebook had registered for me back to 2014.

I don't care too much about my personal one, but I do need it as I have access to a few business pages which is more worrisome.

Clearly my previous steps weren't enough. Maybe they have an exploit, maybe I've missed something. In the hope I get back in this time, what else can I turn on to try and increase security?

  👤 Nomentatus Accepted Answer ✓
You don't say how long your pw is; and I don't know how many tries, how quickly, FB allows. That's the only hole I see at a glance. I'm feeling 12 characters is now too low.
👤 luminouslow
that sounds wild! I cant think of a way they wouldve broken your 2fa...

Any way to make sure there is no compromise of your system in general? Is fb the only account that got taken over?

Your current steps seem very sensible to me. I recommend to safe your credentials in a safe store e.g. bitwarden.

If they have a fb exploit there is nothing you can do, but i think that would be a bigger story.