Facebook Password Hack

Hi,

I have an unusual problem over the past week whereby someone appears to be able to access or is attempting to access my wife’s Facebook account.

Last Friday my wife got an email notification that someone had logged into her account from an unusual location. Following this she changed her password through Facebook on safari on her mobile phone.

She got another email notification on Saturday and again changed her password through Facebook on safari on her mobile phone.

She got another email notification on Sunday and again changed her password through Facebook on safari on her mobile phone. She also enabled 2 factor authentication at this point.

She got another email notification on Monday plus it was now accompanied by a 2 factor authentication code to her mobile phone (which leads me to believe that whoever is attempting to log in must know her password to get past the first layer of authentication thus trigging the issuing the 2 factor authentication code text). At this point we logged into her Facebook account on Chrome through my desktop and there is a ‘logins and logouts’ area where the successful log in attempts (times and IP addresses) are shown. I could see that there was an IP address different to my wife’s which showed a successful log on at the times that she got the notifications on Friday, Saturday and Sunday. Following the enabling of 2 factor authentication there was no further successful log-in’s shown on this page within Facebook but still every day this week she has received a 2 factor authentication code text once a day and she has changed her password every day. I don’t understand how she is getting the 2 factor authentication code by text every day without the person who attempting to log into her account knowing the new password she sets every day.

I was concerned that her phone was potentially being monitored while the password was being changed (hence compromising it) so on Tuesday we changed the password using my phone over our home wifi. Same 2 factor authentication code was received by text on Wednesday so to eliminate the potential that our home wifi network was being monitored we again changed the password on my phone over 4G with a VPN turned on. As per usual she got the 2 factor authentication code on Thursday which means the password was again compromised. Its baffling as I proved that neither her phone or our home network was compromised and following us changing her password on my phone over 4G with a VPN turned on she did not use Facebook and the password we setup was never typed in again on any device but somehow the following day she received a 2 factor authentication code by text meaning that somehow her password was obtained.

I am coming to the conclusion that it may be an issue on Facebook’s side rather than my wife’s side. She only gets one 2 factor authentication code notification per day and various times ranging from 4am to 13pm; could this be a technical glitch? She has tried contacting Facebook through their ‘something went wrong’ section but they have not reverted and they have no contact us section, email address or phone number. She was next going to report it to the Data Protection Commissioner as a data breach as she can’t get any good of Facebook directly.

Just to say I am an amateur and have no background in internet security.

Any thoughts would be appreciated.