Did you log into Facebook from somewhere new?

Posted on 2013/03/28 by Felix

I just got a very strange email from Facebook.  Yes, that’s right – I do use Facebook occasionally.  It told me that I had logged into Facebook from a location that I am not known to come from. Also, they deemed it suspicious enough to warrant blocking my account until I had verified this with them.  Which you know, is nice – genuinely pleased that the feudal IT security model is in this instance working.

Source of Facebook login problem

So I dutifully login to verify my details.

Suddenly Facebook starts telling me about security and tries to give me details about what has just happened.  They are supposed to be clear enough for me to work out whether this access was genuine or not. 

But it fails to work out where geographically I am supposed to have logged in from. Facebook just leaves the area blank on the page that is supposed to be filled in. 

There is a small area where I can hover my mouse over for more technical information and, ah there we go –

its a private non-routable IP address….

Thats why they can’t work out where I was logged in.  No, wait a minute – private non-routable?  That sounds like it must have come from inside the Facebook network?!  It stated 10.82.x.x (wish I had taken a screenshot now, the first rule of evidence handling… whoops).

And there’s another thing, my password is really secure…  I don’t use the same password twice for anything. It’s not even something I try and remember. They are all random strings generated and stored in an encrypted format by a password handler.  My password has now changed but this is what it was:

BJ6KQXiF6xgC3E48Xw

That’s a little over 107 bits of entropy and roughly 183,000,000,000,000,000,000,000,000,000,000 different combinations so I feel comfortable on ruling out a brute force / dictionary / profile attack.  This doesn’t leave much,

1) Facebook has had a glitch and falsely alerted people to a security breach (twice),

2) They have a security breach or

3) The staff or the police etc are logging into my account.

I am going to throw this out there, what is going on? 

Has Facebook itself been hacked? 

It sure seems like it’s got a problem to me.

YGHT can help you increase the cybersecurity

Contact us and learn how

This entry was posted in Product. Bookmark the permalink.