I’m not getting it…?
Just as much as you’re comfortable talking about.
Are you saying that someone is trying to hack everything connected to you?
I think that is rare …?
Or work is looking into your private life…?
Like I said, I’m not understanding.
I have to maintain a government security clearance for my job. A couple of hours after someone had attempted to log into my Facebook account I received an email that my security clearance was under review.
I don’t know why I didn’t clue in at the time, but I’m willing to bet it’s not coincidental.
And I’m the last person to believe in conspiracy theories.
ETA: What I mean is the security folks took a stab at guessing my password as part of their security check.
Sent from my XT1635-02 using Tapatalk
Gotcha, though I needed the ETA.
Is this routine?
NOOO!!! My Myspace account!!!
Never happen in 10 years of FB.
Sent from my XT1635-02 using Tapatalk
You could use a few lucky breaks it seems.
The timing does seem fishy. I don’t think it’s unheard of for an employer to poke around in your personal life. I am friends with my departmental Director and the overall security person on FB. Friend request your boss. Let them have your password. Or not.
His employer isn’t really trying to poke around in his personal life. His employer is checking out the security of his online accounts. Employer probably tried his email at Instagram, SnapChat, WhatsApp, all sorts of popular places. FB is probably the only one he has.
A LOT of the high-level hacking (for instance, the DNC) hasn’t been through brute force or viruses on the target servers. It’s getting in to social media or non-work-related email accounts to get enough information on key people in order to eventually just log right in to the target servers as an actual registered user.
So a hacker can get in to Leaffan’s FB account an then send a Facebook message to someone at work, and be like “can you reset my password to abc123? I lost it and can’t get in, can’t even email an official request to IT!” and then since the person knows **Leaffan **and doesn’t have a reason to suspect that Facebook **Leaffan **is actually Russian guy, the password is changed and now the hacker is in to the server.
So, it makes sense for high-security companies to be making sure their employees have secure social media accounts, and while they can say “make sure you have a secure social media account” til they’re blue in the face, they can rest easier if they have a White Hat Hacker just blow through and try to hack the accounts themselves.
Well, as you know, and can verify, I have nothing on my FB account that’s in any way lewd or incriminating. I’m still not sending a friend request to my boss though.
I have a feeling tomorrow is going to be interesting.
Bon soir.
Sent from my XT1635-02 using Tapatalk
Federal security clearances are renewed every 15 years. Or is it 14? Something like that.
Far as I know, my renewal didn’t prod any social media with my personal email address, though.
FB doesn’t trigger a password reset unless both the correct username AND password were typed in. FB has an additional level of security where if you correctly login from a suspicious location, it will ask you additional questions based on your social graph. Failing this test is what prompts FB to force a password change.
Leaffan Troy Hunt who runs Have I been Pwned is a well respected security researcher and the site is considered legitimate in the security community. You’re not giving it any sensitive information like passwords, only email addresses or usernames. You really should check the site unless your FB password is totally unique and not related to any other passwords you use.
There’s basically zero chance that someone is logging into your FB account as part of your security clearance check. Unless the security clearance is totally unrelated to the FB thing, what’s far more likely is that there’s some hacker who is testing your FB credentials is also testing credentials to more secured services which is flagging an intrusion detection system tied to your security clearance.
Unless you are already using a password manager and generating totally random, unique passwords for every site you visit, you need to start rotating your credentials NOW.
Ah, thanks. I didn’t realize that, and I also didn’t read the OP closely enough. ::smack::
Leaffan, do you use the same password on FB that you use on any work systems? Also, do you log in to FB from any work-issued devices?
I possibly did have the same PW for both at one time, but not now. And yes, I log in at work on a laptop.
Given the other issues you’re having at work, it may be the case that someone at work has somehow snagged your password. I wouldn’t think it was super likely, but it’s possibe. If you haven’t done so already, make sure you change your FB password from a personal device and then refrain from logging in from work anymore.
Does FB tell you the IP address the login came from?
You might also want to refrain from accessing the SDMB and other personal sites from your work PC. There’s a decent chance your employer can see what you post here.
What Shalmanese says is also a possibility. If you work for a defense contractor or something, your credentials are pretty valuable. Someone external to your organization might have determined FB password and is now trying to log in to any system associated with your company.
I would not be surprised to find a keylogger on a work-issued laptop if my job required a security clearance.