My Facebook Account Was Hacked Part 2 – I got it back!

Part 1 here

Continuing on from the Part 1 story, not long after I saw this story from Linus Tech Tips – they’d been hacked and although that’s on YouTube and I just lost my personal Facebook account, they sound like the same issue. This is worth a watch to understand what’s going on, if you think because you’ve got 2FA set up, you’re completely safe:

I still don’t know exactly what happened, but my cookie being hijacked made sense based on what I saw on the access logs – the same browser cookie used for auth that I’d used many months before, but no new login attempt, no MFA hacks etc.

Facebook have the same issue as YouTube – there is no MFA challenge when you change something major about your account, like your display name. It would make sense to do so when major profile changes are made, but they don’t.

Beyond that, logging onto Facebook today I saw an alert about my other profile – which was my taken over one but the browser was still aware (the account wasn’t deleted, purely completely blocked/disabled by Facebook). I’d also note here that I didn’t receive any email or other alert,

I thought I’d log back onto the account out of intertest, and was presented with a different screen:

This sounded like I might be able to get the old account back – so going through the process was purely a SMS code to type in based on my saved phone number, asking me if the phone number/email addresses were correct, then kicking of a bot who’s also a doctor seeing what actions might have been done under my account:

Strangely, this bot who I don’t believe actually is a qualified doctor, came back to tell me nothing was changed on my account:

Ah, I must have always been Lily and not realised it… even though the downloaded logs showed that was the last change on my Facebook account. If this system can’t detect that, it’s already failed.

Those Extra security settings were purely to get notifications and emails if my account is ever logged on at a new device – not a terrible thing, but probably not going to save me at 1am.

I really don’t want my old profile now anyway, but it has let me easily delete the Facebook Page I had for ‘Adam Fowler IT’ so that’s now gone.

I was considering maybe reviving the old account, but I couldn’t even change the name back because I’d changed it in the last 60 days.

Also, there might be something historical I want to get from the account, and although I have everything downloaded, it’s a bit of a pain to go through so rather than deleting the account, I changed the account profile photo to ‘do not use’ and deactivated it.

Overall, I’m still very unimpressed over the entire process, and the above continues to prove how even one of the most valuable companies in the world still gets this stuff so wrong.

My Facebook Account Was Hacked!

And I couldn’t recover it.

A few weeks ago, I woke up to look at my phone, opened the Facebook app and saw someone else’s account flash up, which then changed to a message saying that my account had been de-activated due to breaking community standards. I first thought ‘this isn’t even my account’ but upon logging out and in, I soon came to the realization that it was actually my account.

This also affected Facebook Messenger, which I could no longer access. Others could see my account in chats, with it’s new name ‘Lily’ and profile picture (which on doing a reverse Google Image search, I found was a very popular fashion influencer – and not the potentially breaking community standards type).

Facebook had an option on signing in for me to request the decision to be reviewed. As it seemed like it was a pretty cut and dry case where someone had somehow accessed my account, I followed that process. The process sounds like a scam in itself but is an actual thing they do – first I had to take a photo of myself and upload it, then take a photo of some sort of ID and upload that too. After that, the automated Facebook system told me to wait for the results of that review.

Only an hour or so later I logged back in to check, and saw this message:

I’m going to conclude that their review process isn’t very thorough, or they’ve automated it and it’s come back in the negative for some reason. Although I don’t expect much of Facebook, I did expect to get my account back, but that was a dead end. I didn’t really care about my Facebook account too much – I was really just using it for Messenger, as well as Facebook Marketplace and some local news/events stuff. Creating a new account didn’t take long and got me back to where I needed to be.

I was still curious on what happened – I was using a unique email address and password for Facebook, and 2FA was configured; any time I’d log onto a new device I’d get an existing device to prompt via the Facebook app to authenticate. I used the ‘Download Your Information’ button above, which took several hours to be ready and give me some download links.

The 3 ZIP files Facebook provided contained quite a large amount of information – it’s interesting to see how much data they actually keep about your activities – too many to list, but some examples:

Advertisers using your activity or information” (list of thousands)

Your off-Facebook activity” (thousands again, example – Menulog feeds back searches, purchases etc)

“IP Address Activity”

That’s when I became ‘Lily’.

Interestingly, “Authorised Logins” shows no logins from this IP, but there is a record under “Session updated

Unsurprisingly the IP appears to be a VPN endpoint. I’m no cyber expert, but appears someone potentially obtained a cookie off me to gain access judging by the first 4 characters, as the logs show I first used it in April 2022.

The other biggest ‘loss’ I had from losing this account was any other service I used that I’d done the lazy thing of using my Facebook account to set up access, rather than creating an individual account. One I knew I’d done this with, I could luckily follow a reset password process using the email address I used for Facebook.

I also lost control of my Facebook page where articles from here were posted – there’s probably a way to take this over, but having a quick read it requires uploading your ID, and that didn’t go to well so far.

I still haven’t been able to exactly work out how access was obtained, or what was actually done with the account to breach community guidelines (maybe just impersonating someone famous was enough) despite having all these logs. I’ve gone through chats, page likes etc and could not see anything suspicious.

The biggest lessons learned I can pass on from this is – realise that you may lose your Facebook account at any time, and despite doing the right thing and being able to prove you are you, not be able to recover it. Also, don’t be lazy and use that account to access other services if the other service can let you create an account in another way (ideally email + password + another authentication factor). If you are concerned about what Facebook might be gathering for you, follow their instructions on how to download your data – it gets presented in a nice HTML front page to dig through.

Also – if you post on social media about your account being hacked, a bunch of bots will respond and recommend services to get your account back. Ignore these.

Update: Check out Part 2 where I get the account back.

Azure AD Cross-Tenant Synchronization is now in Public Preview

For a long time, the methods of having two Azure AD tenants aware of each other’s users needed to be managed in either a manual, or scripted way; accessing the data of another tenant or using their configured Apps would require each user to enrol to the other tenant and be given default guest permissions; or an admin at the destination tenant would need to set things up, send invites out, or do something else creative to make the user experience better.

I was on board Azure AD B2B in the early days; as a Microsoft MVP I had the privilege of speaking to a product manager for it that one time I went to Redmond, talking about my use case and seeing if I was ‘doing it right’. A combination of Azure AD B2B and Azure App Proxy I’d set up for guest accounts to get into an internally hosted web based application, and it worked quite well. I had my own script going through a many step process to send out an invite to the user, add the user to multiple groups and whatever other trickery I needed at the time.

Cross-tenant synchronization however, takes a lot of that pain away. You can set up a trust between two Azure AD tenants (which can be a one way sync) to allow users in Tenant A to be automatically created and managed in Tenant B as a guest user. This is great for organisations who have to frequently work with another org – and even though it’s early days for cross-tenant sync, there’s some rather good controls already. You aren’t limited to a single relationship either; I can’t see any documented limits.

Attribute Mapping allows you to configure extra rules around the attributes that get passed on, allowing you to manipulate, add or remove certain attributes (you might want to remove an employee number from employeeid, or add an extra attribute to define what tenant they were synced from; or do something that will in turn match a dynamic security group rule to automatically add your synced users to be allowed to access an application.

I’d often step through how to set this up in one of these articles, but the documentation is already detailed with step-by-step screenshots and clear instructions. It worked exactly as described when I set this up between two test tenants I have, and took about 15 minutes beginning to end, which included reading the documentation a few times to make sure I was following it correctly. It’s also possible to do via Graph API, but I did not try this method.

There’s even detailed sync logs, troubleshooting tips, and detailed reporting.

One question I’ve seen multiple people already ask is how does this relate to the Global Address List (GAL) and People Search – which the documentation claims this isn’t on by default, but easy to enable. In my testing however, the accounts showed up in the GAL with the little ‘blue person in front of world’ symbol with no extra configuration. They didn’t turn up instantly and I waited overnight, then they were there. People Search was the same. If you want to investigate this for yourself, check out the showInAddressList attribute. Other documentation also says guest objects aren’t in the GAL by default too:

and here’s the instructions on how to “Add guests to the global address list“.

As always, be aware that this is Public Preview so has less guarantees than a fully launched feature. If you have any feedback or want to see what others might be saying/asking, check out the official feedback for Azure Active Directory.

Edit 10/02/2023

Worth mentioning licensing.

As per What is a cross-tenant synchronization in Azure Active Directory? (preview) – Microsoft Entra | Microsoft Learn:

In the source tenant: Using this feature requires Azure AD Premium P1 licenses. Each user who is synchronized with cross-tenant synchronization must have a P1 license in their home/source tenant. To find the right license for your requirements, see Compare generally available features of Azure AD.

In the target tenant: Cross-tenant sync relies on the Azure AD External Identities billing model. To understand the external identities licensing model, see MAU billing model for Azure AD External Identities

The MAU billing section:

In your Azure AD tenant, guest user collaboration usage is billed based on the count of unique guest users with authentication activity within a calendar month. This model replaces the 1:5 ratio billing model, which allowed up to five guest users for each Azure AD Premium license in your tenant. When your tenant is linked to a subscription and you use External Identities features to collaborate with guest users, you’ll be automatically billed using the MAU-based billing model.

Your first 50,000 MAUs per month are free for both Premium P1 and Premium P2 features. To determine the total number of MAUs, we combine MAUs from all your tenants (both Azure AD and Azure AD B2C) that are linked to the same subscription.

The pricing tier that applies to your guest users is based on the highest pricing tier assigned to your Azure AD tenant. For more information, see Azure Active Directory External Identities Pricing.

Then from Pricing – Active Directory External Identities | Microsoft Azure:

Each synced user needs an Azure AD Premium P1 or P2 license in their home tenant.

Each tenant receiving synced users has the Azure AD External Identities billing model which used to be a 1:5 model, but is now 50k users free, the rest a small charge per active user.

Does a synced account count as an active user? Unsure, I would guess it’s a ‘probably not’ since there’s no active login for just existing as a guest in another tenant, but verify that for yourself with your licensing reseller.

Motorola MA1 Wireless Car Adapter For Android Auto™ Review

Do you have a car?
Does it have Android Auto?
Does it only support wired connections and not wireless?
Do you use an Android phone?
Do you like dongles?

If you answered ‘yes’ to all of those questions, then this is the product for you.

I’ve been using the MA1 for about two months. I’ll start with the “Before MA1 Time”:

My new car had Android Auto support, but only via USB plugged in via the middle console of the car. I had high hopes for using Android Auto, particularly for mapping as I’d be confident it’s better than any car’s build in GPS and map solution; but jumping in the car and having to plug the phone in every time is a pain. It might sound like a small pain, but it’s enough to not bother – getting the phone out my pocket, docking it in a phone holder and plugging the USB-C cable in is enough, but then there’s the 20-30 seconds it takes to detect and start actually working. I slowly did this less and less, until I’d only go through it when I had a new destination to go to and knew that before getting to the car.

This has a few negatives, partly the mixed experience in navigating the car’s entertainment system depending if I was plugged in or not, but also not having the benefits of Google Maps telling me where there were delays on each trip and suggesting alternate paths (which comes in handy driving to work where there’ll be an inevitable daily car crash somewhere, holding up traffic).

Enter the Motorola MA1 Wireless Car Adapter For Android Auto™. A small enough dongle designed to make a wired only Android Auto car, wireless. It does what it says on the box, and very simple to pair via Bluetooth and get started with. Once paired, there’s nothing to do – I get in the car, turn it on, and within 10 seconds Android Auto is up and running with my phone still in my pocket.

This means I can do things like quickly scroll to the address of work as I take off in my car and get those traffic benefits. Or, I can control my Podcast app and pick a different item to listen to (legally – my car blocks the touch screen when the car is moving, but allows dial/button controls which I can do at red light).

Answering and making calls was already fine by normal Bluetooth – it’s probably easier to look up contacts now but I’d normally use a Google voice command to call someone anyway. No real difference there.

The only negatives I can call out about this device are that the cable between USB port and dongle is a bit stiff and can’t be twisted – if inconvenient though, I’m sure a USB extension cable would work to get the dongle in a preferred location. The second is that because it’s now running via Bluetooth, I do have a rare occasional dropout and I think it’s actually when I drive in a certain physical location near a hospital; possibly something’s getting in the way of Bluetooth itself. It does take about 20ish seconds to recover, but will do so without having to do anything but wait.

I purchased mine via Telstra Plus Rewards with some points that were going to expire, but you can also buy via Amazon.

Worth checking out for those that answered ‘yes’ to all those questions at the start – it’s a lot cheaper than getting a new car with wireless Android Auto.

A Tale of Two TVs

On second count there’s 6 TVs referenced in one way or another, but don’t let that throw you off my story:

My very cheap ‘FFalcon’ brand TV (which I believe is a rebadged TCL) which for a 65″ 4K TV cost ~$500AU from JB Hi-Fi (link is for a similar model). It actually functioned fine for a year or so, but like a frog slowly heating up in a pot of water, the backlight slowly went from reasonable, to the state you see below and I finally noticed how bad it was; which I couldn’t unsee:

New TV time! I started my research and read article after article, while keeping an eye out for potential bargains. One TV came up – an 85″ Samsung Q80B which has a hot sale down from ~$6000AU to ~$2300AU direct from the Samsung site. As I spoke to their online chat about it to answer a few questions about panel type, the TV sold out. I was annoyed at the effort it took to get to that point, found a great price and missed out. The person on chat gave me a discount coupon to use on any other product, but the prices had gone up across the board and nothing seemed worth it.

A few days later during my sadness of a great deal lost, a new deal came up. 1 day only – the Linsar 82″ TV was down to $999 from $1799. There was also a way to buy the TV via eBay, sign up for Zip and get $150 off – after delivery, that price came up as $904. For an 82″ TV, I thought it was worth a shot!

The TV arrived a few days later, and after having a friend reinforce the wall mount for the TV weight going from less than 20KG up to 41KG, we put this giant rectangle up on the wall, with my brain having visions of a smashed TV lying on the ground, and half the wall ripped out:

55″ TV in background for reference (also a Ffalcon, but no issues with that one and was stupidly cheap a few years ago at $350AU, still going strong)

There was no TV smashing. However, when turning on the TV for the first time, I had a different disappointment:

That line isn’t supposed to be there. It wasn’t an absolutely broken line of pixels or anything like that, but a clear difference in brightness or contrast running down the TV. It was reasonably visible in most shows I watched – and after a bit of back and forth with The Good Guys, they organised a replacement to be sent out and for this TV to be sent back, a relatively easy process thankfully.

The replacement TV did not have the same line in question, but it did have worse backlighting line issues – again quite visible when watching anything on the TV and to me, not really acceptable even in a cheap unit.

After visiting The Good Guys again, and their sales people telling me how bad Linsar is and complaining that they shouldn’t even sell them with statements like “If you want another Linsar I won’t sell it to you”, but then trying to upsell me to $3000AU+ TVs, I asked for a refund (which they had no issue in providing) and went back to the drawing board.

More research again, and I landed on the TCL C825. Reviews were very positive in the value of the TV compared to cost, and complementing the Mini LED technology in it. The TV had been quite cheap recently (sub $2000AU) but had gone up again at most places to mid $2500’s or more, with an ETA of a few months for more stock to arrive. Other models (C7xx, C6xx) didn’t have overly positive reviews, and the C9xx was pricier. I managed to find the unit in stock at Appliances Online for $1745 delivered (including a $50 off voucher) which despite not being as big as the 82″ TV and twice the price, was still an amount I was happy to pay to get a decent TV experience.

After receiving the TCL 825 and mounting it on the wall, the first test of course was a grey screen:

I was much happier with these results!

Everything about this TV is better than the last one – apart from the 7″ less viewing surface I have, it’s a great image quality experience. Impressively, the inbuilt Google TV feels faster than the Chromecast with Google TV device I had plugged in, so I’ll actually use the native experience; first time I’ve been happy with that.

As always, it takes me a while to be completely happy with all the screen settings and I’m fine tuning them searching for perfection, but out of the box I was already content with what it was doing.

The inbuilt sound is fine by me, including a small subwoofer in the back of the TV itself. I’m not audiophile, but I don’t hear anything tinny or annoying.

What is the point of this story? A few lessons learnt – try to find out if the place you’re buying a TV from has a decent returns policy (better to search online than purely ask and trust them), but also taking a shot at a bargain TV that has no reviews online whatsoever may be worth it, but don’t expect it. Also, giant TV boxes are annoying and hard to get rid of.