UKC

Odd one, this.  My wife has just had a reply in FB messenger, to a message that she apparently sent at 7:30am to a business selling some sort of fancy dolls, asking if one of them is still available.  She did not send this message!

We don't seen any evidence that she's been hacked, and my first thought was that it was a pocket-dialling type episode.  But it seems a bit too complex to have happened by chance - the messenger group has been given a name and a photo.

Planning to simply change her passwords and keep an eye on things.  Is there anything I'm missing?

https://www.howtogeek.com/269854/how-to-see-other-devices-logged-into-your-...

Thank you!

That's interesting.  There are a string of sessions via her phone and our PC, all with the same IP address.  And then there's a login yesterday from a totally different IP address in London.  

Will close that session, and change passwords!

Those messages are default options to send regarding items on Facebook marketplace. I've sent some by accident when scrolling on my phone, it's easy to press it accidentally!

That was my first thought.  But it seems to have created it's own (specifically named) group for the message, and uploaded a nice photo.  Surely the auto-reply won't do that?  Combined with a login from an IP 100 miles away, I'm a bit nervous.

Password changed, two-factor authentication switched on, login notification switched on.  That should do it.

Yes. It does. I’ve sold a lot of stuff on Messenger. The number of times I get one of those messages that says “Is this still available”, I reply “Yes”, and then there’s never any reply. 
 

It makes dealing with marketplace a bit tricky at first, but eventually you get the hang of it and work out who are timewasters very quickly. 

IP address in London may be harmless. My BT home broadband in Glasgow IP address used to show up as various places in NW England and when travelling on the East Coast mainline Google thought I was Swedish.

If you use internet in a local shopping centre or cafe in a national chain the IP and location might show up as a data centre hundreds of miles away. All customer traffic in the national chain goes via national chain's intranet but that does not show up to Facebook, Facebook just sees the national chain's external facing IP address.

Changing password is still a good idea.

Cheers, all.  Maybe it was a harmless pocket-dialling episode after all.

Still a bit perturbed by the IP address in London - she hasn't been connected to the internet other than via our own wifi or on roaming phone data, and as I understand it those should both show up accurate locations?  It also showed up as a different device to the occasions when her phone was logged in.

Anyway, passwords changed etc so should all be fine now!

Probably the mobile roaming.

On home WiFi https://mylocation.org/ tells me I am using BT (correct) but IP address is in Leeds.

Switching off WiFi and using roaming data https://mylocation.org/ tells me I am using Virgin Mobile (correct) and IP address is in London.

Try those on home WiFi and mobile data.

Curiouser and curiouser.  On my home wifi, mylocation.org gets the same IP address as FB did, but whilst FB knew I'm in Oxford, mylocation.org thinks I am in Sheffield (where PlusNet is based).

Switching to roaming, I get a different IP, in Basingstoke - this is presumably the EE IP adress that our mobile services are carried on.

But that's not the IP address in London that was logged into FB!