Hi All,

I have a customer who got his Facebook account hacked.

The hacker changed both the recovery phone number
and the password.

Facebook sends a six digit recovery text to the HACKER
not my customer.

Can't change the password as the old one is required.

The customer can automatically log into face book
through Firefox.

Problem: Firefox's password manager shows the wrong
password for Facebook.

I tried installing Brave Browser and importing
the Firefox profile. It got the same bad password.

The customer can not even delete his account as
facebook asks for the password to verify.

AAAAAAAAAAAAAAAAHHHHHHHHHHHHHHHHHHH!!!!!!!!!!!!!!

Where did Facebook rat pack the actual password in
Firefox?

-T

In article <u593dt$2me9h$2@dont-email.me>,
T <T@invalid.invalid> wrote:

> Hi All,

> I have a customer who got his Facebook account hacked.

> The hacker changed both the recovery phone number
> and the password.

> Facebook sends a six digit recovery text to the HACKER
> not my customer.

> Can't change the password as the old one is required.

> The customer can automatically log into face book
> through Firefox.

> Problem: Firefox's password manager shows the wrong
> password for Facebook.

Then remove it...

> I tried installing Brave Browser and importing
> the Firefox profile. It got the same bad password.

> The customer can not even delete his account as
> facebook asks for the password to verify.

> AAAAAAAAAAAAAAAAHHHHHHHHHHHHHHHHHHH!!!!!!!!!!!!!!

> Where did Facebook rat pack the actual password in
> Firefox?

> -T

Dunno what anyone else does, but I remove defunct or errant entries thus...

about:preferences

Privacy & Security

Saved Logins

Search for the errant entry, when found...

Top right hand side, click on the "Remove" (Bin icon).

D

Nb: I go to the same place and use "Edit" if I want to manually modify an
entry.

D.

On 5/31/23 23:04, Dave wrote:
> In article <u593dt$2me9h$2@dont-email.me>,
> T <T@invalid.invalid> wrote:
>
>> Hi All,
>
>> I have a customer who got his Facebook account hacked.
>
>> The hacker changed both the recovery phone number
>> and the password.
>
>> Facebook sends a six digit recovery text to the HACKER
>> not my customer.
>
>> Can't change the password as the old one is required.
>
>> The customer can automatically log into face book
>> through Firefox.
>
>> Problem: Firefox's password manager shows the wrong
>> password for Facebook.
>
> Then remove it...
>
>> I tried installing Brave Browser and importing
>> the Firefox profile. It got the same bad password.
>
>> The customer can not even delete his account as
>> facebook asks for the password to verify.
>
>> AAAAAAAAAAAAAAAAHHHHHHHHHHHHHHHHHHH!!!!!!!!!!!!!!
>
>> Where did Facebook rat pack the actual password in
>> Firefox?
>
>> -T
>
> Dunno what anyone else does, but I remove defunct or errant entries thus...
>
> about:preferences
>
> Privacy & Security
>
> Saved Logins
>
> Search for the errant entry, when found...
>
> Top right hand side, click on the "Remove" (Bin icon).
>
> D
>
> Nb: I go to the same place and use "Edit" if I want to manually modify an
> entry.
>
> D.
>

All good advice, but it does not help me shake out
the actual password the hacker created that
Firefox somehow remembers, somewhere. Dang!

On Wed, 31 May 2023 20:31:09 -0700, T <T@invalid.invalid> wrote:

>I have a customer who got his Facebook account hacked.
>
>The hacker changed both the recovery phone number
>and the password.
>
>Facebook sends a six digit recovery text to the HACKER
>not my customer.

how do you know that? It's more likely you want to hack someone else
facebook account.

>Can't change the password as the old one is required.

no, the password the hacker used. The old one is your customers
password.

>The customer can automatically log into face book
>through Firefox.

so what's the problem?

>Where did Facebook rat pack the actual password in
>Firefox?

you can see the passwords in firefox settings.

T wrote:

> All good advice, but it does not help me shake out
> the actual password the hacker created that
> Firefox somehow remembers, somewhere.  Dang!

I doubt that FF knows the password that was changed by the hacker, it's
probably got a cookie with a "login token".

On 6/1/23 01:13, Andy Burns wrote:
> T wrote:
>
>> All good advice, but it does not help me shake out
>> the actual password the hacker created that
>> Firefox somehow remembers, somewhere.  Dang!
>
> I doubt that FF knows the password that was changed by the hacker, it's
> probably got a cookie with a "login token".
>
Is there a way to examine cookies?

On 6/1/23 01:11, lisa wrote:
> On Wed, 31 May 2023 20:31:09 -0700, T <T@invalid.invalid> wrote:
>
>> I have a customer who got his Facebook account hacked.
>>
>> The hacker changed both the recovery phone number
>> and the password.
>>
>> Facebook sends a six digit recovery text to the HACKER
>> not my customer.
>
> how do you know that?

Tested his text app. It was working. He
never received anything from fb. I resent it
so many times the hacker was probably annoyed
to high heaven -- if he gave his actual phone
number

<insult removed>

>
>> Can't change the password as the old one is required.
>
> no, the password the hacker used. The old one is your customers
> password.

No, the old one is the hackers. I tried every password the customer
ever had, including the one shown in FF's passwords and logons,

>> The customer can automatically log into face book
>> through Firefox.
>
> so what's the problem?

Can't change the password or recovery phone number with
out the password.

>
>> Where did Facebook rat pack the actual password in
>> Firefox?
>
> you can see the passwords in firefox settings.

It does not work.

T wrote:

> Is there a way to examine cookies?

There are cookie manager add-ons, but unlikely to do you much good, the
token will just look like random gibberish, it won't contain username
and password, it'll just relate to a database row somewhere at facebook
towers.

A decent hacker might be able to make use of the token to bypass login
on another computer, but if FF can access facebook on that computer
without login, I'd be trying to alter the password/mobile number from
that machine ... after all the hacker managed it, or did they "trick"
the owner into disclosing the 6 digit code to allow them to change details?

On 6/1/23 02:35, Andy Burns wrote:
> T wrote:
>
>> Is there a way to examine cookies?
>
> There are cookie manager add-ons, but unlikely to do you much good, the
> token will just look like random gibberish, it won't contain username
> and password, it'll just relate to a database row somewhere at facebook
> towers.
>
> A decent hacker might be able to make use of the token to bypass login
> on another computer, but if FF can access facebook on that computer
> without login, I'd be trying to alter the password/mobile number from
> that machine ... after all the hacker managed it, or did they "trick"
> the owner into disclosing the 6 digit code to allow them to change details?
>
>

The customer said it jsut happened out of the blue.

His previous password(s) were really simple and
easy to break. I gave him the how to make
a strong password lesson.

T wrote:

> The customer said it jsut happened out of the blue.

I'm not a facebook user, so don't know the password change procedure, it
just seems odd that when you try to change the password, it sends a 6
digit confirmation to the phone number, how did the hacker change the
password without receiving a 6 digit code?

On 6/1/23 04:16, Andy Burns wrote:
> T wrote:
>
>
>> The customer said it jsut happened out of the blue.
>
> I'm not a facebook user, so don't know the password change procedure, it
> just seems odd that when you try to change the password, it sends a 6
> digit confirmation to the phone number, how did the hacker change the
> password without receiving a 6 digit code?

Forgot password work they way others work. They
send you a code to your email address or a text
to your cell phone.

Problem: the eMail address and the recovery phone
number were changed to the hacker's.

T wrote:

> Problem: the eMail address and the recovery phone
> number were changed to the hacker's.

surprised they let one be changed one without proving "they" control the
other, pretty lazy ...

On 01/06/2023 07:53, T wrote:
> On 5/31/23 23:04, Dave wrote:
>> In article <u593dt$2me9h$2@dont-email.me>,
>> ��� T <T@invalid.invalid> wrote:
>>
>>> Hi All,
>>
>>> I have a customer who got his Facebook account hacked.
>>
>>> The hacker changed both the recovery phone number
>>> and the password.
>>
>>> Facebook sends a six digit recovery text to the HACKER
>>> not my customer.
>>
>>> Can't change the password as the old one is required.
>>
>>> The customer can automatically log into face book
>>> through Firefox.
>>
>>> Problem: Firefox's password manager shows the wrong
>>> password for Facebook.
>>
>> Then remove it...
>>
>>> I tried installing Brave Browser and importing
>>> the Firefox profile.� It got the same bad password.
>>
>>> The customer can not even delete his account as
>>> facebook asks for the password to verify.
>>
>>> AAAAAAAAAAAAAAAAHHHHHHHHHHHHHHHHHHH!!!!!!!!!!!!!!
>>
>>> Where did Facebook rat pack the actual password in
>>> Firefox?
>>
>>> -T
>>
>> Dunno what anyone else does, but I remove defunct or errant entries
>> thus...
>>
>> about:preferences
>>
>> Privacy & Security
>>
>> Saved Logins
>>
>> Search for the errant entry, when found...
>>
>> Top right hand side, click on the "Remove" (Bin icon).
>>
>> D
>>
>> Nb: I go to the same place and use "Edit" if I want to manually
>> modify an
>> entry.
>>
>> D.
>>
>
>
> All good advice, but it does not help me shake out
> the actual password the hacker created that
> Firefox somehow remembers, somewhere.� Dang!

Why not try your trick by disabling the fast startup? On Windows 10
newsgroup somebody calling himself as " T " (he might be trolling you)
can solve almost everything by blocking fast startup on the machine.
That guy knows more about Windows than Microsoft developers and he is a Linux user.

On 6/1/23 06:45, Andy Burns wrote:
> T wrote:
>
>> Problem: the eMail address and the recovery phone
>> number were changed to the hacker's.
>
> surprised they let one be changed one without proving "they" control the
> other, pretty lazy ...
>

He had control of the customer's computer
for a while, so he just read his email
from firefox.

Neither one of us cold figure out how to
contact Facebook's tech support. AAAHHH!!!!

On 6/1/23 10:19, Wang Yu wrote:
> On 01/06/2023 07:53, T wrote:
>> On 5/31/23 23:04, Dave wrote:
>>> In article <u593dt$2me9h$2@dont-email.me>,
>>>     T <T@invalid.invalid> wrote:
>>>
>>>> Hi All,
>>>
>>>> I have a customer who got his Facebook account hacked.
>>>
>>>> The hacker changed both the recovery phone number
>>>> and the password.
>>>
>>>> Facebook sends a six digit recovery text to the HACKER
>>>> not my customer.
>>>
>>>> Can't change the password as the old one is required.
>>>
>>>> The customer can automatically log into face book
>>>> through Firefox.
>>>
>>>> Problem: Firefox's password manager shows the wrong
>>>> password for Facebook.
>>>
>>> Then remove it...
>>>
>>>> I tried installing Brave Browser and importing
>>>> the Firefox profile.  It got the same bad password.
>>>
>>>> The customer can not even delete his account as
>>>> facebook asks for the password to verify.
>>>
>>>> AAAAAAAAAAAAAAAAHHHHHHHHHHHHHHHHHHH!!!!!!!!!!!!!!
>>>
>>>> Where did Facebook rat pack the actual password in
>>>> Firefox?
>>>
>>>> -T
>>>
>>> Dunno what anyone else does, but I remove defunct or errant entries
>>> thus...
>>>
>>> about:preferences
>>>
>>> Privacy & Security
>>>
>>> Saved Logins
>>>
>>> Search for the errant entry, when found...
>>>
>>> Top right hand side, click on the "Remove" (Bin icon).
>>>
>>> D
>>>
>>> Nb: I go to the same place and use "Edit" if I want to manually
>>> modify an
>>> entry.
>>>
>>> D.
>>>
>>
>>
>> All good advice, but it does not help me shake out
>> the actual password the hacker created that
>> Firefox somehow remembers, somewhere.  Dang!
>
> Why not try your trick by disabling the fast startup? On Windows 10
> newsgroup somebody calling himself as " T " (he might be trolling you)
> can solve almost everything by blocking fast startup on the machine.
> That guy knows more about Windows than Microsoft developers and he is a Linux user.
Hi All,
I come with stockers.
Wang is an ass hole who took offense at my
recommendations over on the W10 and W11 group
to disable fast start up and gets his rocks
off stocking me with this nonsense where ever
he finds me. I am kill filing him here too.
My apologies for the noise.
-T

T wrote:

> I have a customer who got his Facebook account hacked.
>
> The hacker changed both the recovery phone number
> and the password.
>
> Facebook sends a six digit recovery text to the HACKER
> not my customer.

Of course, because the hacker changed both as you say.

> Can't change the password as the old one is required.

No - the new one is required. You can only change the password if you know
the /actual/ one - which was set by the hacker.

> The customer can automatically log into face book
> through Firefox.

No, he can't anymore, i bet.

> Problem: Firefox's password manager shows the wrong
> password for Facebook.

Yes of course. It was altered by the hacker in this facebook account.

> I tried installing Brave Browser and importing
> the Firefox profile. It got the same bad password.

Dude, what's the sense of copying /wrong/ passwords from one browser to
another?!

> The customer can not even delete his account as
> facebook asks for the password to verify.

LOL. Yes of course.

> Where did Facebook rat pack the actual password in Firefox?

You really should learn about how accounts and passwords on the internet work!
- The actual password is stored on the servers of Facebook or what else.
- Local browsers on your PC only can suggest to save these passwords in a
/local/ database. For easier login.
- If the password was altered on the server, the local browser has to send
the new one to the server because the saved password in the local database
is wrong.

On 6/1/23 16:12, Frank Miller wrote:
> T wrote:
>
>> I have a customer who got his Facebook account hacked.
>>
>> The hacker changed both the recovery phone number
>> and the password.
>>
>> Facebook sends a six digit recovery text to the HACKER
>> not my customer.
>
> Of course, because the hacker changed both as you say.
>
>> Can't change the password as the old one is required.
>
> No - the new one is required. You can only change the password if you know
> the /actual/ one - which was set by the hacker.
>
>> The customer can automatically log into face book
>> through Firefox.
>
> No, he can't anymore, i bet.
>
>> Problem: Firefox's password manager shows the wrong
>> password for Facebook.
>
> Yes of course. It was altered by the hacker in this facebook account.
>
>> I tried installing Brave Browser and importing
>> the Firefox profile. It got the same bad password.
>
> Dude, what's the sense of copying /wrong/ passwords from one browser to
> another?!
>
>> The customer can not even delete his account as
>> facebook asks for the password to verify.
>
> LOL. Yes of course.
>
>> Where did Facebook rat pack the actual password in Firefox?
>
> You really should learn about how accounts and passwords on the internet work!
> - The actual password is stored on the servers of Facebook or what else.
> - Local browsers on your PC only can suggest to save these passwords in a
> /local/ database. For easier login.
> - If the password was altered on the server, the local browser has to send
> the new one to the server because the saved password in the local database
> is wrong.

Frank,
Do you get your rocks off twisting peoples words
and then insulting them over it?
What utter nonsense you responded with. It
is not even worth going through and correcting
you.
You do realize you just made yourself an example
of the Dunning–Kruger effect?
-T

Op vr 02-06-2023 om 01:32 schreef T:

> What utter nonsense you responded with.  It
> is not even worth going through and correcting
> you.

Frank is right. Once a hacker changed the login data, your customer's data are obsolete.
Only Facebook's support can help if your customer can prove that it's his account.

--
Alex.

T wrote:
> On 6/1/23 16:12, Frank Miller wrote:
[..snip..]
>> You really should learn about how accounts and passwords on the internet work!
>> - The actual password is stored on the servers of Facebook or what else.
>> - Local browsers on your PC only can suggest to save these passwords in a
>> /local/ database. For easier login.
>> - If the password was altered on the server, the local browser has to send
>> the new one to the server because the saved password in the local database
>> is wrong.
[..snip..]
> What utter nonsense you responded with. It
> is not even worth going through and correcting
> you.
>
> You do realize you just made yourself an example
> of the Dunning–Kruger effect?

*LOL* Yes, goodbye. ;-D

On 6/1/23 17:05, Alex Plantema wrote:
> Op vr 02-06-2023 om 01:32 schreef T:
>
>> What utter nonsense you responded with.  It
>> is not even worth going through and correcting
>> you.
>
> Frank is right. Once a hacker changed the login data, your customer's
> data are obsolete.
> Only Facebook's support can help if your customer can prove that it's
> his account.
>

That is pretty obvious. But if I could find
where Firefox rat packed the password, I could
get around it.
The customer logs into fb from several devices
and go knocked out of every one, except this
computer and only Firefox.
FB tech support yes. Neither one of us could
figure out how to contact them. You know a way?

On 6/1/23 17:05, Frank Miller wrote:
> T wrote:
>> On 6/1/23 16:12, Frank Miller wrote:
> [..snip..]
>>> You really should learn about how accounts and passwords on the internet work!
>>> - The actual password is stored on the servers of Facebook or what else.
>>> - Local browsers on your PC only can suggest to save these passwords in a
>>> /local/ database. For easier login.
>>> - If the password was altered on the server, the local browser has to send
>>> the new one to the server because the saved password in the local database
>>> is wrong.
> [..snip..]
>> What utter nonsense you responded with. It
>> is not even worth going through and correcting
>> you.
>>
>> You do realize you just made yourself an example
>> of the Dunning–Kruger effect?
>
> *LOL* Yes, goodbye. ;-D

Thank you for helping me update my kill file.

T wrote:
> On 6/1/23 17:05, Alex Plantema wrote:
>> Op vr 02-06-2023 om 01:32 schreef T:
>>
>>> What utter nonsense you responded with. It
>>> is not even worth going through and correcting
>>> you.
>>
>> Frank is right. Once a hacker changed the login data, your customer's
>> data are obsolete.
>> Only Facebook's support can help if your customer can prove that it's
>> his account.
>
> That is pretty obvious. But if I could find
> where Firefox rat packed the password, I could
> get around it.

about:logins in Firefox.

> The customer logs into fb from several devices
> and go knocked out of every one, except this
> computer and only Firefox.

What means "knocked out"? Can you present any error messages?

So when "the customer" *can* log in from one computer, why can't he change
his password on facebook then?
My guess:
- A mysterious hacker altered the facebook password and sent it to only one
browser of the user.
- Or the customer altered the password in one browser and it was saved there,
but not the other devices.

On Fri, 2 Jun 2023 01:12:04 +0200, Frank Miller <miller@posteo.ee>
wrote:

>T wrote:
>
>> I have a customer who got his Facebook account hacked.
>>
>> The hacker changed both the recovery phone number
>> and the password.
>>
>> Facebook sends a six digit recovery text to the HACKER
>> not my customer.
>
>Of course, because the hacker changed both as you say.

it would be almost the first hacker who used his own phone number
<grin>.
--

A mobile phone is a tool and not a drug.

On 1/6/2023 11:31 am, T wrote:
>
> Hi All,
>
> I have a customer who got his Facebook account hacked.
>
> The hacker changed both the recovery phone number
> and the password.
> ....

Facebook did chang its login screen to make it easier for anyone to
re-login without typing the password via the same browser. You need to
choose "Don't Save" in the Remember Browser screen, and enable 2-factor
authenticaition. You also have logout after use.

But it's too late to talk about these steps, and I really don't like
this new arrangement.

Mr. Man-wai Chang <toylet.toylet@gmail.com> wrote:
> On 1/6/2023 11:31 am, T wrote:
> >
> > Hi All,
> >
> > I have a customer who got his Facebook account hacked.
> >
> > The hacker changed both the recovery phone number
> > and the password.
> > ....

> Facebook did chang its login screen to make it easier for anyone to
> re-login without typing the password via the same browser. You need to
> choose "Don't Save" in the Remember Browser screen, and enable 2-factor
> authenticaition. You also have logout after use.

> But it's too late to talk about these steps, and I really don't like
> this new arrangement.

Same for Instagram. I assume all Meta services do this now. :(
--
"Therefore, prepare your minds for action; be self-controlled; set your hope fully on the grace to be given you when Jesus Christ is revealed." --1 Peter 1:13. Still slammy into the new month like last month. Dang mailbox thieves. Finally COVID-19 bivalent vaccine #2 (6 total shots) in a few wks. TGIF & quiet times soon?
Note: A fixed width font (Courier, Monospace, etc.) is required to see this signature correctly.
/\___/\ Ant(Dude) @ http://aqfl.net & http://antfarm.home.dhs.org.
/ /\ /\ \ Please nuke ANT if replying by e-mail.
| |o o| |
\ _ /
( )