Did a friend try to hack into my Facebook?
April 22, 2013 5:17 PM   Subscribe

Recently, Facebook wouldn't let me log in, claiming I had made too many login attempts. But I wasn't even online during the alleged attempts. A geek friend says it's a sign that someone who knew the email address associated with my account was trying to get into it. Is there another explanation?

The email address (formerly!) associated with my account was known only to my friends. You had to be my Facebook "friend" to see it. It's the address I used for personal emails to people I know in real life as well as for occasional travel arrangements.

It's possible that it escaped into the wild, but a Google search for it turned up one lonely mention in a public forum where a friend unhelpfully said to the entire world, "If you need to know more about X, email Ceiba at HerPrivateAddress.Com."

That leaves a few possibilities, as far as I can tell:

1. One of my real-life friends was trying to get into my account. My geek friend says this is the most likely.

2. A spammer's robot got my email from that one public mention, from hacking a friends' contact book, or from whatever it is that robots do and was trying to get into Facebook to post spammy links. (As far as I know, I don't get spam at the address, but I've got a killer spam filter.)

3. A spammer's robot guessed the somewhat weird email address.

4. A stranger who works at a hotel where I recently made a reservation tried to get in, but why?

5. Facebook hiccupped and there really weren't any login attempts. "Active sessions" under the "Security" tab showed only my logins, but since the hacker didn't get in, it wouldn't have registered as a session, as I understand it.

I use different randomly generated passwords from 1Password for each site. Since the apparent break-in attempt, I've changed the Facebook password again, set up a gibberish email address for Facebook only, and removed the connection to my personal email address.

My question: Is the most likely explanation that a real-life friend was trying to get in? There's no major drama in my life but I can think of a couple of people who have that email address and who might want to get more info than they can see on my Facebook page, but I don't like to think that they're creepy enough to do this.

posted by ceiba to Computers & Internet (15 answers total)
Stuff like this can happen pretty regularly, no malice intended, if you use a common email provider and someone slightly mistypes their email when trying to login. Say, someone who has celba@domain.com instead of ceiba@domain.com mistyped their email into facebook when trying to log in, and just clicked back a bunch and reentered a password instead of re-typing the email too.

As a FirstnameLastname@freeemaildomain.com email address holder I get this, and variations on this not irregularly, and this is probably what I would assume if I don't have a personalized email domain (IE myname@myawesomepersonalwebsite.com as opposed to myname@gmail.com).

Otherwise, yeah, a few things are possible but I would really not jump to a friendor other known induvudual trying to log in as you without some other evidence. Much more likely in my experience is #2, and in that list of possibilities is that your email got hacked, so you should change that password as well just to be on the safe side, or that they spammed a bunch of emails to see which ones got bounce backs, or whatever. There are lots of ways for that to happen.
posted by McSwaggers at 5:39 PM on April 22, 2013 [2 favorites]

I once accidentally locked some random person's bank account, because I kept trying to log in with an account number one digit different than mine. I'm sure I freaked them out, but it really was an error.
posted by Specklet at 5:40 PM on April 22, 2013 [1 favorite]

Do you have an old ex that knows the e-mail address that you use for the account? I know I've tried to log into an ex's Facebook years after the fact just to see what they were up to.
posted by Autumn at 5:40 PM on April 22, 2013

Just to clarify: The email address was FirstnameLastname@VeryWeirdDomain.Notcom. It's not a common domain and doesn't end in .com or dot-anything normal. People had a lot of trouble understanding it; I usually just emailed them from the address so they would have it.
posted by ceiba at 5:43 PM on April 22, 2013

The things you listed in #2 are all extremely common. Many people are not careful with whom they share their address book. And if your e-mail address has ever seen the light of day on the web, that would be the major culprit. Any e-mail address that you actually use will eventually get on some list.
posted by skewed at 5:52 PM on April 22, 2013 [1 favorite]

You recently log in from someone else's computer?
It could be possible that your account name was being prefilled in there still and they then tried "their" password over and over until your account got locked.
posted by bottlebrushtree at 5:57 PM on April 22, 2013 [5 favorites]

You can also login in with your facebook username, which is less hidden.
posted by mhp at 6:03 PM on April 22, 2013 [1 favorite]

I was about to suggest what bottlebrushtree mentioned.
posted by xedrik at 6:19 PM on April 22, 2013

I got that message earlier today, and had never seen it on Facebook before that, so I wouldn't be surprised if there's been an upswing in either #2 or #5 lately.
posted by songs about trains at 6:25 PM on April 22, 2013 [1 favorite]

I got that message for the first time yesterday, so I agree with songs about trains that it might be something that has nothing to do with you specifically.

(I was still logged in elsewhere on another browser, and was able to proceed with using Facebook there without any issue.)
posted by sueinnyc at 6:58 PM on April 22, 2013

I use different randomly generated passwords from 1Password for each site

Then you have nothing to worry about.
posted by flabdablet at 7:13 PM on April 22, 2013

any of the apps, games, whatever of your facebook friends will probably have your email address. i think it is probably unlikely a friend of yours was randomly hacking your account.
posted by wildflower at 7:18 PM on April 22, 2013

Same thing happened to me yesterday. But upon trying to immediately sign in again there was no problem. I am never logged into any other computer or device.
posted by Sassyfras at 8:39 PM on April 22, 2013

Thanks, everyone, for your reassurance. I'm going to assume it was a Facebook hiccup or that my email address got out into the world somehow and it has nothing to do with my friends.
posted by ceiba at 9:17 PM on April 22, 2013

In addition to the Facebook username, you also used to be able to log in with your phone number. Or any additional e-mail addresses that you have associated with the account. Lots of ways for someone to non-maliciously fat finger something and end up with your account.
posted by anaelith at 7:46 AM on April 27, 2013

« Older Can I send email using my gmail on my iphone with...   |   Good resources for learning about money? Newer »
This thread is closed to new comments.