Discussion My Facebook group was hacked :) 1300 real members

SkyLord · August 19

Hi everyone,

This is not an advertisement for my server.

My Facebook group with 1,300 real players was hacked. I was the only owner of the group, and I don’t understand how someone could change admin rights and remove me from it.

All my accounts have two-factor authentication (2FA), so there’s no way anyone could have accessed my account to give admin rights to another profile.

I contacted Facebook for help and even paid $20 for faster support from Meta. They basically ignored me and said they couldn’t help or make any decisions regarding this situation.

I found some information about the person who took over the group – it seems to be an admin of L2CALIGULA (FLOYD) – and it looks like my group isn’t the only one affected.

https://www.facebook.com/MdsFael/posts/pfbid02LYPDAaxmjECuKY6g1xhMsnmixUH3x1asAVt2RtVKjV8yvegQ9erVHeWAdrJyjonal

As it stands, the group still exists on Facebook and all the information is visible, but I have no control over it anymore.

l2mid group: https://www.facebook.com/groups/l2official

Can anyone explain how this is even possible and how I can prevent it in the future?

Regards!

Splicho · August 19

Of course someone can access your account. All it needs is just a session.

Sounds to me like you were info stealed.

https://chatgpt.com/share/68a50e59-0708-8012-b63c-98fe3fa87f88

Edited August 19 by Splicho

SkyLord · August 20

11 minutes ago, Splicho said:

Of course someone can access your account. All it needs is just a session.

Sounds to me like you were info stealed.

https://chatgpt.com/share/68a50e59-0708-8012-b63c-98fe3fa87f88

Lets assume someone has access to my account..
I havent seen any email notifications about it.. any sms /msgs, and there is no information in the activity logs on FB logins from other IPS or devices. It all seems very strange.

Ive reached out to FB regarding the restore form and the hacked group. Lets see what they say.

Splicho · August 20

2 minutes ago, SkyLord said:

Lets assume someone has access to my account..
I havent seen any email notifications about it.. any sms /msgs, and there is no information in the activity logs on FB logins from other IPS or devices. It all seems very strange.

Ive reached out to FB regarding the restore form and the hacked group. Lets see what they say.

Yeah sounds like session hijacking imho. Strange none the less. Did you open any suspecious websites where u needed to facebook login in the last 24-48h or opened weird .exe's ? or anything similar?

Meta support is a joke.

Edited August 20 by Splicho

FixerRay · August 20

Hello, I don't think someone hacked your FB account but gained remote access to your PC. Did you join any l2 server lately to check something etc? Running any Remote desktop service? Check windows logs.

SkyLord · August 20

11 minutes ago, Splicho said:

Yeah sounds like session hijacking imho. Strange none the less. Did you open any suspecious websites where u needed to facebook login in the last 24-48h or opened weird .exe's ? or anything similar?

Meta support is a joke.

There’s no way that could have happened with me.

8 minutes ago, FixerRay said:

Hello, I don't think someone hacked your FB account but gained remote access to your PC. Did you join any l2 server lately to check something etc? Running any Remote desktop service? Check windows logs.

I’m well protected,.. Facebook isn’t

I just spoke with Facebook support. Honestly.. i was surprised at how quickly they reacted to my report. Woman from India contacted me and told me to install a program so she could get into my computer. I was like, “Are you kidding me?”

She was even laughing on the phone and said, “No problem”

Facebook reviewed the case and told me they’ll give me my group back in a few days. So, good luck to that guy from Brazil or wherever he’s from.

Thanks!

Splicho · August 20

2 hours ago, SkyLord said:

There’s no way that could have happened with me.

I’m well protected,.. Facebook isn’t

I just spoke with Facebook support. Honestly.. i was surprised at how quickly they reacted to my report. Woman from India contacted me and told me to install a program so she could get into my computer. I was like, “Are you kidding me?”

She was even laughing on the phone and said, “No problem”

Facebook reviewed the case and told me they’ll give me my group back in a few days. So, good luck to that guy from Brazil or wherever he’s from.

Thanks!

Run a program lol...

Well, well done! Happy to hear you get your group back

Trance · August 21

Using your browser session, they don’t need any login credentials.. Facebook will recognize that session as you.

SkyLord · August 22

13 hours ago, Trance said:

Using your browser session, they don’t need any login credentials.. Facebook will recognize that session as you.

If your pc and browser are clean (no malware, no extensions, nobody else has access)

then its not possible for anyone else to use your FB session.

melron · August 22

2 hours ago, SkyLord said:

If your pc and browser are clean (no malware, no extensions, nobody else has access)

then its not possible for anyone else to use your FB session.

It is still possible. If someone manages to steal your active Facebook session cookie (somehow), Facebook will recognize them as you and they can bypass both your password and 2FA. This is called session hijacking

Trance · August 22

Yeap.

BruT · August 22

8 hours ago, melron said:

It is still possible. If someone manages to steal your active Facebook session cookie (somehow), Facebook will recognize them as you and they can bypass both your password and 2FA. This is called session hijacking

changing password or settings on account/groups still needs re-authorization so no.

imo it was either facebook exploit which is unlike or network-level attack, why i tell u this? because i once had similar issue with my tiktok account, a guy logged into my account without using a sms code which was the only way to enter my account, and the funny part was that i didnt even receive a sms xD now u may say that this is what session hijack is but i saw a completely different device in my devices list which indicates that it wasnt a hijack.

Edited August 22 by BruT

Splicho · August 22

1 hour ago, BruT said:

changing password or settings on account/groups still needs re-authorization so no.

imo it was either facebook exploit which is unlike or network-level attack, why i tell u this? because i once had similar issue with my tiktok account, a guy logged into my account without using a sms code which was the only way to enter my account, and the funny part was that i didnt even receive a sms xD

Session Hijacking bypasses that.

Edited August 22 by Splicho

BruT · August 22

11 minutes ago, Splicho said:

Session Hijacking bypasses that.

bypassing what exactly? passwords? or the logging, if u talk about my situation i should see the same device as mine in my devices not different, because sessions are bind to devices.

Splicho · August 23

6 hours ago, BruT said:

bypassing what exactly? passwords? or the logging, if u talk about my situation i should see the same device as mine in my devices not different, because sessions are bind to devices.

Exactly, if somebody hijacks ur sessions, then u wont see a new device in your "Devices List".

And with that hijacked session you are able to change whatever you want unless you have 2FA enabled. And I believe changing a group owner doesn't trigger 2FA.

Discussion My Facebook group was hacked :) 1300 real members

Recommended Posts

SkyLord

Splicho

SkyLord

Splicho

FixerRay

SkyLord

Splicho

Trance

SkyLord

melron

Trance

BruT

Splicho

BruT

Splicho

Join the conversation

Posts

Topics

Browse

Activity

Store