Increase in Reports of Facebook Account Hacks

Summary

Over the past few weeks, the NJCCIC received several incident reports regarding hacked Facebook accounts. Threat actors are able to obtain unauthorized access to user accounts through a number of means, including credential stuffing or social engineering attacks. Credential stuffing is a type of attack in which a threat actor attempts to log into an account using a collection of previously exposed account credentials. A social engineering attack used to gain access to Facebook accounts includes phishing emails impersonating Facebook that direct the recipient to click on a link to a spoofed web page requesting the user’s account credentials. If entered, they are sent to the threat actor. Additionally, when Facebook accounts are compromised, threat actors often use these accounts to message the user’s contacts, sending them to fraudulent web pages to perpetuate their malicious activities. While the targeting of Facebook account credentials is not a new tactic, the recent increase in reports indicates a resurgence.

Recommendations

The NJCCIC recommends Facebook users ensure they do not use the same password across multiple accounts, enable multi/two-factor authentication, and exercise caution with emails claiming to be from Facebook. Additionally, review The NJCCIC’s Guide to Accessing Facebook’s Security & Privacy Settings and make any necessary adjustments.