Who’s in your Facebook and Instagram accounts?

[harlan4096]

What to do if you receive a notification about a suspicious login to your Facebook or Instagram account.

A notification pops up on your smartphone screen: “We detected an unusual login attempt from Rio de Janeiro, Brazil.” Whether the login attempt occurs where you live, halfway around the world, on the kind of phone you use, or from a device you’ve never heard of, what’s really going on here is an attempt to make you panic. Don’t panic.

Either someone’s been busted trying to log in to your account or not, and freaking out will not help. To help you remain calm and survive the incident with minimal losses, we are arming you with knowledge of what it might be and what to do.

What it might be

To begin with, let’s figure out how an outsider could have gained access to your account in the first place. It can happen in one of several ways.

Data leak and credential stuffing

Data leaks and breaches pop up in the news quite often, and even if Facebook and Instagram weren’t hit directly, if another website is breached and the compromised data included your account info, then cybercriminals possess your credentials. Using a list of e-mail usernames and passwords, they can carry out a credential-stuffing attack — that is, they enter the stolen credentials on other sites. That works because people use the same password for multiple accounts, an unforced but extremely common error.

Alternatively, your Facebook or Instagram credentials might have leaked from an associated app. For example, in June of last year, SocialCaptain, a service for growing Instagram following through automation, leaked thousands of Instagram account passwords. The service didn’t encrypt client data, as it turned out. It is reasonable to assume that many SocialCaptain users have since encountered hacking attempts.

Phishing

You could be looking at the results of a phishing scam, that your username and password landed in the hands of scammers. It happens. Maybe you clicked on a link and entered your credentials on a convincing fake Facebook or Instagram login screen. For example, just recently, our experts uncovered a phishing campaign that lured victims to fake login pages by threatening to block their Facebook account for copyright infringement.
...

Continue Reading