r4id Posted July 27, 2023 Posted July 27, 2023 Hi, everyone at the beginning of the year I found myself in the situation where I found contact information, which belongs to me, on someone else's profile. this information however was set to being only visible to me and apart from that i knew the person but did not have any relation to that person. also interesting is, that as soon as i saw that, the information was already removed from that profile. Not saying i am an expert in this field but i am working in IT and have a somewhat good understanding and sense for security. therefor i would say i am taking good care about my privacy and security. i never lost access to my account during this occurance and the activity logs looked clean. obviously someone who gained access to my account would remove such tracers. the only information that the suspect might have had was my name and my mobile number. i am not asking for a guide to replicate that, however i would really like to now how much expertise would be needed to archive something like that and if there are tools out there which would provide such visibilty to someone's information. kind regards
DramaKing Posted July 27, 2023 Posted July 27, 2023 Facebook has become much better about protecting personal info. Someone could have gotten your personal info through any number of means.
Irukandji Posted July 28, 2023 Posted July 28, 2023 have a look at https://haveibeenpwned.com/ And sign up for Notify me service.
r4id Posted July 28, 2023 Author Posted July 28, 2023 @Irukandji the email address i am using for facebook has not been pwned and i am affraid, that it was not that easy. as i said the only information the suspect might have had access to prior to getting into my account were my name and my phone number. i might as well add, that my friends list is also small enough to keep an overview of that.
r4id Posted July 30, 2023 Author Posted July 30, 2023 so not knowing any details about this, because i just learned about it, it looks like a so called SS7 attack would have been possible. The only information that would be required for that, would actually be only the phone number. by the end of the day it would be a MIM attack. in regards to facebook, as an attacker someone would have been using the "forgot account" function on facebook using the victims phone number ending up getting the code to log into the account via SMS. i dont know if that would still be possible or was possible at the time but to me it sounds like a rather sophisticated attack and not like something a hobby hacker or enthusiast would attempt. any opinions on that?
Recommended Posts
Archived
This topic is now archived and is closed to further replies.