Facebook Account with 2FA Hacked. How and What to Do Now?

Question

A few days ago I woke up to a text message with a FB SMS 2FA code and a bunch of security emails saying that emails/phone numbers were being removed from my FB account. I was able to get back in by uploading my driver's license and subsequently deleted my account, but I'm trying to figure out how this could have happened and what steps I should take to determine if anything else might be compromised.Devices: Ubuntu desktop (only device logged in to FB. Chrome with no extensions), iphone, and macbook.Timeline:* 3:15am - First SMS from FB with a code* 5:20am - Second SMS from FB with a code* 6:45am - Emails beginning to be removed from accountI've had the FB account for a while and hadn't changed the password in about a decade so I'm not that surprised someone was able to get the password, but I have no idea how they were able to get around the 2FA challenge. As noted, this happened all while I was asleep so I didn't enter a code anywhere. Is there a way to bypass 2fa on FB if you fail a few times or is it likely that they compromised my iphone or macbook to get the codes?Another strange thing is that the FB emails geocoded where all the email removal actions came from and they were all from my city in the US, but the hackers added themselves to a dormant ad account I had and all the emails were Vietnamese names. So maybe they were able to do some sort of session hijacking, but I only use chrome for FB and firefox for everything else and don't have extensions installed on chrome.Since this happened I've changed passwords on all my emails and other important accounts. I checked for forwarding emails they may have been added to any of my accounts and couldn't find any. Are there any steps/recommendations I should take to bolster my security now/figure out how I got compromised? Thanks!

tamimio · Accepted Answer

Maybe you&rsquo;re one of the first victims of Ivanti hack? The exploit can obtain names/phone numbershttps://news.ycombinator.com/item?id=36913774>Are there any steps/recommendations I should take to bolster my security nowOf course, never use SMS as a 2FA, it&rsquo;s broken by design, GSM protocol isn&rsquo;t secure. And if the service insists to use a phone number, time to stop that service if you value your privacy and data.As how it happened if it wasn&rsquo;t related to the above hack, maybe your phone is compromised, but I highly doubt someone is zero-daying your iPhone just to access your Facebook account.

nicbou · Answer

Rogue software on your phone? Check which apps have permission to read your SMS. This happened to me when I sideloaded Vanced. I did not give it SMS permission, but my number was still added to a database of compromised numbers, and used by all sorts of shady characters for a month or so. Nothing bad happened but I got a lot of recovery and activation emails.

mattbgates · Answer

Sympathies to you and I hope you can get it reversed. Work fast and do whatever you can to get your account back. Once the account is gone, there's no way to even retrieve it.
Its very simple security solutions that they could implement to fix these issues or pay a few dozen people to be the "live support" that is currently nonexistent.
1. Your email is required.
2. A phone number is required.
3. Authentication code required.
Solutions:
1. If someone is attempting to login from an IP address that has never been seen before, all 3 above are required.
2. If someone is attempting to change your email, then #2 and #3 above are required.
3. If someone is attempting to change your phone number, then #1 and #3 are required.
My mom lost her account and tracking what she clicked, history, etc. proved futile. You would think that a "billion dollar corporation", Meta (Facebook), would have better security features and measures as they seem to pride themselves on which is all just bullsh*t.
I'd made all efforts but was unsuccessful.
My stepfather passed away from COVID-19 in early 2022 and my mom had less than a hundred friends on her account, some who have passed away, but she visits their wall to keep their memory alive every so often, with him being one of them, so she would memorialize his Facebook page by posting on it and making herself feel better. It was heartbreaking when I had to tell my 70 year old mother she wasn't going to be able to do this anymore.
This person then started posting things for sale on her account and taking photos of what looked like their own home. Quite unclear why they would even do this. And I messaged them, only to be blocked. And it was only after I rallied enough of her friends to keep reporting the account that Facebook finally removed it.
My father also had his Facebook account recently hacked, but we got it in time and changed the password. It must be something with older people clicking random things that are stealing their passwords.
As for my own lessons... learned from them... the best thing to do is to enable Google Authenticator or another similar app, which seems to be superior to the SMS method for some reason. Just be weary about what you click, but you aren't alone... this is probably happening to a few thousand people a day.
And the only thing Zuckerberg is interested in, is his Metaverse. Can't wait for that to be hacked.. maybe then he'll finally do something.

jiripospisil · Answer

SIM swapping maybe? You should contact your mobile service provider to see if there's been any unusual activity.https://en.wikipedia.org/wiki/SIM_swap_scam