Have we been hacked? (Facebook, security certificate not trusted content, etc)

Chat Forum

Have we been hacked? (Facebook, security certificate not trusted content, etc)

15 posts & 7 voices | Started 10 months ago by deadlydarcy | Latest reply from deadlydarcy

Tags:

content

deadlydarcy - Member

Hi, hoping the IT Crowd can help me out here.

A while back facebook contacted mrs deadly about her account being hacked...she went through the security checks to re-authorise her account.

Problem is now that whenever she logs into facebook, the screen shows this:

This doesn't happen when I log into my facebook account.

We're just a bit worried that we've been hacked and that someone somewhere can see anything on the pooter while she's logged in to facebook.

Something a bit funny happened yesterday when she was setting up her new iPhone - she's switched from O2 to Vodafone and was inputting the PAC to port her old number across - and seconds after she completed and sent the form, her new phone rang (new phone has a temporary number from Vodafone) with someone asking to speak to "Charlie Bickle", then claiming to have had a wrong number.

Could be a coincidence I guess...

We're running a mac, with 10.5.8, all security updates up to date.

Apologies, but I really don't have a clue about this stuff

Posted 10 months ago #
molgrips - Member

I would say that re facebook, yes you have been hacked, somehow or other.

Re the phone - co-incidence.

Posted 10 months ago #
iDave - Member

did she send Charlie Bickle a virtual slap?

Posted 10 months ago #
philconsequence - Member

can she log in from other devices? phone, diff computer type thang?

DD i need your doggy photos on my thread please thanking you x

Posted 10 months ago #
deadlydarcy - Member

Mol, so what exactly is happening when that page comes up?

Posted 10 months ago #
mogrim - Member

Could be she's been hacked, although there are other possibilities...

Checking Facebook from my computer (also using Chrome): If you click on the padlock next to the "https" a window should open with information about the certificate used to identify the web page - it's been issued by "DigiCert High Assurance CA-3", click on "Certificate Information" and the "SHA 256 fingerprint" should be the following:

BB A9 12 B4 FE 2F 26 88 7D 79 0B C4 2F 7A 98 7B
C8 D8 1C 21 B1 90 C4 46 5B C3 1A 2C 5B 6F D2 31

Certificate security relies on a chain of certificates: you install the base of the chain, then implicitly trust the rest of the certificates in the chain. If a link is missing the certificates below that missing link will not be trusted. It's entirely possible that either your wife or an Apple security update has deleted part of the chain, which would give this error.

Posted 10 months ago #
Drac - Moderator

A while back facebook contacted mrs deadly about her account being hacked...she went through the security checks to re-authorise her account.

Ermmm how did they contact her? How did she correct her details?

Posted 10 months ago #
deadlydarcy - Member

Drac, she went through the security checks which eventually involved sending a photo of her driving license (to confirm photo id) but with all address and other details blanked out.

We checked the emails pretty thoroughly for dodgy addresses etc. They all checked out.

No dodgy links or messages were sent from her Facebook account.

Posted 10 months ago #
sslowpace - Member

someone asking to speak to "Charlie Bickle",

Wasn't Travis, was it?

Posted 10 months ago #
molgrips - Member

DD - a website needs a security certificate to make your connection secure via encryption. You can generate your own, but it shows in the details of it and web browsers know this. Proper sites have to have their certificates generated by a trusted certificate authority like Verisign, and they will doubly make sure that you are a legit company before giving you one, and they will also charge a fair bit too.

Posted 10 months ago #
molgrips - Member

which eventually involved sending a photo of her driving license (to confirm photo id)

Whoah!

Stop right there.

That is absolutely none of Facebook's business.

Posted 10 months ago #
philconsequence - Member

lol molly its not... but i've heard many stories of people ending up having to send photo ID to facebook after they're accounts been closed down/hacked. people could of course chose not to have a facebook account...

or simply open up a new one as a lot of musicians seem to do once fans go overboard adding their personal pages.

Posted 10 months ago #
deadlydarcy - Member

Molly, a quick google suggests that it's standard practice. It's only to show photo id with d.o.b. which facebook already has anyway.

Posted 10 months ago #
molgrips - Member

Facebook doesn't have my DOB - at least not that I know of.

Posted 10 months ago #
deadlydarcy - Member

I'm sure you'll have had to put it in there when you registered. If even to show you're over 13 (which I find hard to believe sometimes ) x

Posted 10 months ago #

RSS feed for this topic

Reply

You must log in to post.

Singletrack Mountain Bike Magazine

Chat Forum

Have we been hacked? (Facebook, security certificate not trusted content, etc)

Reply

Don't miss…

Singletrack

Website & Forums

Exits