Why Did It Take So Long For The Recovery Email To Arrive After FB Hack?
August 23, 2022 6:45 PM Subscribe
My elderly parents had their FB hacked yesterday and that gave the hackers access to their email account as well (like a lot of non-tech savvy people, they unfortunately used the same password for both accounts.)
The hackers set a filter to redirect any replies to the Trash then sent a "I need a favour" email to everyone in my parent's contact list. (I assume the filter was so the hackers could come back later and start phishing conversations with anyone who replied to eventually ask for money or gift cards or whatever.)
For some reason, the hackers changed the FB password but did not change the email password so I was able to login to my parents' email account when I got the "I need a favour" email and reset it right away with a new, stronger password.
The hackers also didn't change the recovery email on the FB account but when I tried to send a reset email to my parents' email, it never showed up - not in inbox, not in spam, not anywhere else as far as I could tell.
I didn't see any other filters or forwarding rules either but this recovery code never came through even though I tried multiple times last night.
Then I tried again tonight, over 24 hours later, and the code to reclaim the FB account finally showed up. I used it to reset the password and appear to now have access to my parents' FB again.
I have a few questions:
1) is there anything I described above that sets off red flags for the hackers still having access of some kind to either the FB or email accounts?
2) would there be a reason it would take 24-hours for a request to send a FB reset code to the recovery email to go through?
3) Am I the worst son in the world for letting them use the same password in multiple places?
Thanks in advance!
The hackers set a filter to redirect any replies to the Trash then sent a "I need a favour" email to everyone in my parent's contact list. (I assume the filter was so the hackers could come back later and start phishing conversations with anyone who replied to eventually ask for money or gift cards or whatever.)
For some reason, the hackers changed the FB password but did not change the email password so I was able to login to my parents' email account when I got the "I need a favour" email and reset it right away with a new, stronger password.
The hackers also didn't change the recovery email on the FB account but when I tried to send a reset email to my parents' email, it never showed up - not in inbox, not in spam, not anywhere else as far as I could tell.
I didn't see any other filters or forwarding rules either but this recovery code never came through even though I tried multiple times last night.
Then I tried again tonight, over 24 hours later, and the code to reclaim the FB account finally showed up. I used it to reset the password and appear to now have access to my parents' FB again.
I have a few questions:
1) is there anything I described above that sets off red flags for the hackers still having access of some kind to either the FB or email accounts?
2) would there be a reason it would take 24-hours for a request to send a FB reset code to the recovery email to go through?
3) Am I the worst son in the world for letting them use the same password in multiple places?
Thanks in advance!
Sounds like the first reset email was never even sent to me. One of those things where you’d shrug and say, “meh, tech”, if it weren’t for the circumstances.
Not having a unique and strong password for the email account, universal back door to every account everywhere, is a rookie error that you won’t allow anyone to make ever again… There’s no educator like experience! They’ll be very receptive to your security advice now I expect.
Good job for realising what was going on and acting quickly.
posted by breakfast burrito at 1:34 AM on August 24, 2022 [1 favorite]
Not having a unique and strong password for the email account, universal back door to every account everywhere, is a rookie error that you won’t allow anyone to make ever again… There’s no educator like experience! They’ll be very receptive to your security advice now I expect.
Good job for realising what was going on and acting quickly.
posted by breakfast burrito at 1:34 AM on August 24, 2022 [1 favorite]
This thread is closed to new comments.
Additional security steps to take going forward:
1. Have your parents set up a password manager, if you think that's something they can handle. The next time they log in to any web site, they should add that site to the password manager, and change the password to a strong random password generated by the password manager. With a password manager, there's never a reason to use the same password on multiple sites.
2. Set up 2-factor authentication for email, if their email provider supports this, and your parents can handle it.
3. I don't know if Facebook supports 2-factor authentication. It probably does. Set up 2-factor on Facebook as well.
posted by cruelfood at 7:10 PM on August 23, 2022 [2 favorites]