Sorry, I have a story first… Two days ago my Facebook account was hacked into. They changed my name and pic, friended someone (I assume to scrape my data) and then posted something that triggered the algorithms to suspend the account.
I am a tech person and very security cautious. All my PWs are different from one site/app to the next, and I use long PWs with lower/upper/numbers/symbols. I knew there was no way they brute forced their way into this account.
Right before bedtime I got a notice from FB saying a password reset was requested and here’s the code to do it. I did not do this and immediately thought something was up. I deleted the email from my phone, logged into FB on my PC and changed my PW just to be safe and then went to bed. The next day I found that didn’t matter and they got in anyway.
Because I am so cautious with all of this stuff, I figured it wasn’t on FB’s end. I then thought it had to do with my email. I contacted my site’s hosting provider and told them what happened and asked for them to check if any other IP address other than my own accessed the email that night. Yep, someone did, and at all the times I was receiving FB messages about password resets and other stuff while I slept. (so if I had changed my email’s PW at that very beginning of this, all of this would have been prevented, sigh.)
The host also ran a security check and found that there were zero failed login attempts and no security flags were raised on the server end. They believe this came from my phone, meaning an app scraped my email login info off my phone. I use K9 on my phone.
I ran deep malware and antivirus scans and everything came up clean. I am on android and always try to be careful with downloading apps that may be suspicious. I also never download 3rd party apps, only through the Google Play store. I am aware I may have already uninstalled this app within the last couple weeks not realizing what was going on.
So with that said, how would they have been able to access my email credentials on my phone? I have it set in K9 that anytime I want to make any server/pw changes in my accounts it asks for a master password to do it. If it’s a sniffer program, they could have grabbed them when I logged into K9 any number of times during the day, but I assumed all of that was encrypted between the two points?
Any advice on how I can tackle this and prevent this from happening in the future is appreciated. I’m not blaming K9 by the way, I’m just looking for the root cause of how they had access to my email login info on my phone. Thanks for the help!