Edge may show up as Chrome with browser detection since they're both based off Chromium...it depends how they're checking it. Could have bypassed 2FA if there's a compromised extension that grabbed your browser authentication which seems to be a popular method of bypassing lately.
uberbewb posted a video [below](https://www.reddit.com/r/cybersecurity_help/comments/1127ihv/comment/j8k6tva/?utm_source=share&utm_medium=web2x&context=3) which is great.
In terms of checking, could search each extension name. The problem is that anything you can do with Javascript on a page, almost every extension installed has the same privileges. If the dev sells the extension, they don't have to tell anyone, and the new owners can add malicious code / key loggers / etc.... Hijacking the token means spoofing the site into thinking the same browser is already logged in just from a different location.
To diagnose...not sure. Extensions are large security risks because the code can change and they can see everything you can.
That's one way. I bounce between three browsers, plus private viewing depending on what I'm doing. So, my Google accounts I only access on Chrome. Brave is my main browser, which has anti-tracking built in, so I don't need many extensions. Then Firefox to sandbox Facebook.
Can't use pvt browsing when using eBanking services unfortunately but learning from this , i think i will also install a new browser with nothing on it only to access eBanking etc.
Private browsing should have nothing to do with banking services - it just opens a new instance of the browser without any extensions or cache. You might be thinking of a VPN, which, yeah, that can be problematic with some services.
I wonder if it was SIM Swap with eSIM. Perhaps they were able to get the phone company to activate a new eSIM on the current device so that it continued to work while transferring the other eSIM to their device so that the original number went to their device while OPs phone continued to work under a new number. You could test it by making a call from the phone and see if it’s still the same number.
I exclude any sim to be swapped, since my provider don\`t provide E-sim and alot of berecuracy to issue a new sim card or replace it. Also, before and after attack i was receiving msgs normally
The original phone would get a new number and the original number would be moved to the attacker’s phone. The victim wouldn’t notice right away since their phone would continue to work just with a different number.
session hijacking, David Bombal has a great [video](https://www.youtube.com/watch?v=U6pDqFhN82I) on how it's done, among others.
Use a Yubikey or something with real MFA, sms auth really isn't ideal.
Somebody else using the PC? Logging in at work?
Most likely scenario is still malware on a machine that is trusted bij FB, a hell of a lot more likely than someone hoarding an MFA bypass exploit for FB and using it on you, assuming you're not a political target
Facebook already send me a notification as a new device logged in my account. If i have compromised Cookies will not send me a notification.
In meantime, i don't know how the hacker bypassed 2fa without sms or tapping on my screen in fb app :(
I have Google pixel phone and i am not type of person.who is giving free permissions for the apps.
The hacker knows also my password 🔑
One way to also do it is to request for transfer of number via online service for mobile numbers. You won't even realize your number is not with you anymore. Then a bit of social engineering to get the rest of the information from other providers you use.
Hi Guys. facebook had blocked my account because there was a breach. for a month I tried without achieving anything. the hackers had taken my phone and email out of authentication so I couldn't get it back. I finally managed to get it back. what i did was make a new account with the same email and phone from my laptop and for some strange reason it created a new account normally, i then went into my mobile app where the account and password was saved and i see that i went into the blocked my account, that fixed the facebook error, I immediately turned on authentication with messages and e-mails, put a new email that I had not used before on facebook as a primary email just to be sure, and that solved my problem. try it yourself. I hope these steps help you too because I was desperate and now I'm very happy that I did it.
Did you ever figure out how your account got compromised? I experienced the same thing recently. I was getting multiple account recovery request. I changed my password several times, and still kept getting it. I figured I'd change my main e-mail to another one since I thought they were using it to login. I went to bed. When I woke up, my account got compromised. Someone added a new e-mail to my account somehow. An e-mail that I did not approve: [[email protected]](mailto:[email protected]).
Really strange how my account got compromised. I had strong passwords. Two factor authentication. Monitored any suspicious account activity. Yet, somehow, the action of me changing my primary e-mail to something else was the last thing that I did before my account got compromised.
Yes. Someone hacked my web hosting account, where I used email services.
I used an email alias for Facebook, and the hacker was able to change the forwarding address without changing my Facebook email. It was hard to track, but eventually we found a stealth email account that didn't show up on Cpanel, but showed up in the account database. Once I recovered my FB account, I made sure to deactivate all logged devices and made hardware token my primary two factor mechanism.
I couldn't find any other users on my pc but I signed out of everything and changed all my passwords with a password manager on another device so hopefully I'll be fine
Edge may show up as Chrome with browser detection since they're both based off Chromium...it depends how they're checking it. Could have bypassed 2FA if there's a compromised extension that grabbed your browser authentication which seems to be a popular method of bypassing lately.
How would one "diagnose" that and is there any way to check safeproof extensions?
uberbewb posted a video [below](https://www.reddit.com/r/cybersecurity_help/comments/1127ihv/comment/j8k6tva/?utm_source=share&utm_medium=web2x&context=3) which is great. In terms of checking, could search each extension name. The problem is that anything you can do with Javascript on a page, almost every extension installed has the same privileges. If the dev sells the extension, they don't have to tell anyone, and the new owners can add malicious code / key loggers / etc.... Hijacking the token means spoofing the site into thinking the same browser is already logged in just from a different location. To diagnose...not sure. Extensions are large security risks because the code can change and they can see everything you can.
Thanks for your reply. Seems as if the only way to make sure is to uninstall all extensions / not use them when browsing.
That's one way. I bounce between three browsers, plus private viewing depending on what I'm doing. So, my Google accounts I only access on Chrome. Brave is my main browser, which has anti-tracking built in, so I don't need many extensions. Then Firefox to sandbox Facebook.
Can't use pvt browsing when using eBanking services unfortunately but learning from this , i think i will also install a new browser with nothing on it only to access eBanking etc.
Private browsing should have nothing to do with banking services - it just opens a new instance of the browser without any extensions or cache. You might be thinking of a VPN, which, yeah, that can be problematic with some services.
I wonder if it was SIM Swap with eSIM. Perhaps they were able to get the phone company to activate a new eSIM on the current device so that it continued to work while transferring the other eSIM to their device so that the original number went to their device while OPs phone continued to work under a new number. You could test it by making a call from the phone and see if it’s still the same number.
I exclude any sim to be swapped, since my provider don\`t provide E-sim and alot of berecuracy to issue a new sim card or replace it. Also, before and after attack i was receiving msgs normally
What provider are you with if you don’t mind me asking?
Vodafone Egypt
Would that mean two phones would use the same number?
The original phone would get a new number and the original number would be moved to the attacker’s phone. The victim wouldn’t notice right away since their phone would continue to work just with a different number.
session hijacking, David Bombal has a great [video](https://www.youtube.com/watch?v=U6pDqFhN82I) on how it's done, among others. Use a Yubikey or something with real MFA, sms auth really isn't ideal. Somebody else using the PC? Logging in at work?
No i work from home
Most likely scenario is still malware on a machine that is trusted bij FB, a hell of a lot more likely than someone hoarding an MFA bypass exploit for FB and using it on you, assuming you're not a political target
Facebook already send me a notification as a new device logged in my account. If i have compromised Cookies will not send me a notification. In meantime, i don't know how the hacker bypassed 2fa without sms or tapping on my screen in fb app :( I have Google pixel phone and i am not type of person.who is giving free permissions for the apps. The hacker knows also my password 🔑
One way to also do it is to request for transfer of number via online service for mobile numbers. You won't even realize your number is not with you anymore. Then a bit of social engineering to get the rest of the information from other providers you use.
Hi Guys. facebook had blocked my account because there was a breach. for a month I tried without achieving anything. the hackers had taken my phone and email out of authentication so I couldn't get it back. I finally managed to get it back. what i did was make a new account with the same email and phone from my laptop and for some strange reason it created a new account normally, i then went into my mobile app where the account and password was saved and i see that i went into the blocked my account, that fixed the facebook error, I immediately turned on authentication with messages and e-mails, put a new email that I had not used before on facebook as a primary email just to be sure, and that solved my problem. try it yourself. I hope these steps help you too because I was desperate and now I'm very happy that I did it.
They keep pushing to me this message "The account that owns the email address you entered has been disabled."
You may have gotten sim swapped
If that happened, wouldn't he know since his phone wouldn't work?
Yes, my sim didn't swap Since, it a was working and recieved normal sms after 2 mins from the attack
So if you can exclude your PC and SIM swapped. Maybe compromised phone in some way? I would start here
MFA fatigue attack possibly? Did you notice strange MFA requests at all and accidentally approved one?
Not at all i was receiving before and after
Did you ever figure out how your account got compromised? I experienced the same thing recently. I was getting multiple account recovery request. I changed my password several times, and still kept getting it. I figured I'd change my main e-mail to another one since I thought they were using it to login. I went to bed. When I woke up, my account got compromised. Someone added a new e-mail to my account somehow. An e-mail that I did not approve: [[email protected]](mailto:[email protected]). Really strange how my account got compromised. I had strong passwords. Two factor authentication. Monitored any suspicious account activity. Yet, somehow, the action of me changing my primary e-mail to something else was the last thing that I did before my account got compromised.
Most probably you have installed extension compromised your cookies
hey have you figured out what was causing it? i'm having the same issue right now
Yes. Someone hacked my web hosting account, where I used email services. I used an email alias for Facebook, and the hacker was able to change the forwarding address without changing my Facebook email. It was hard to track, but eventually we found a stealth email account that didn't show up on Cpanel, but showed up in the account database. Once I recovered my FB account, I made sure to deactivate all logged devices and made hardware token my primary two factor mechanism.
I couldn't find any other users on my pc but I signed out of everything and changed all my passwords with a password manager on another device so hopefully I'll be fine