Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Who is accessing Facebook from my machine in the middle of the night?

Question:

My question is about security on Facebook. For the past few months, I’ve been
downloading my Facebook archives and expanded archives. The expanded archives
are showing logins to Facebook several times a week around 2:30 am, when I
leave my desktop and laptop on. Login durations are between eight and 15 minutes
and show my IP address. I’m meticulous about signing out of everything, and
have very strong passwords, and the computers in the house are not networked.
If I shut down the computers at night all week, and then download the archives,
they show no logins. If it means anything, Firefox is set to delete all cookies
when closed. I’m baffled. I’d appreciate your thoughts.

In this excerpt from
Answercast #30
, I look at a computer that seems to be accessing Facebook in
the middle of the night. Tracking down the source will take some
investigation.

]]>

Who is accessing Facebook?

I’ll admit to being slightly baffled myself. The thing that comes to mind, (and I realize the details of what you describe doesn’t quite match) but what comes to mind for me are other devices.

For example, here at home, I have my Android phone; I’ve got a couple of tablets; my wife has her Android phone and they’re all set to connect via Wifi through my network. Therefore, they would all appear as logging into various servers with the same IP address as the computers I have here at home. If you have some kind of a Facebook application on some other device, that could possibly explain it.

Now, you said that this doesn’t happen if you turn the computers off, which makes me think that it’s not what I just described, but something clearly related to those computers. Just exactly what it would be I’m honestly not sure.

Malware and browser add-ons

Malware comes to mind and is certainly something worth looking into.

I would also look into Facebook-specific browser add-ons: depending on what browser you’re using – Firefox for sure. Perhaps there’s an instance of the browser that’s running. It might be doing something unexpected if you haven’t completely logged out of Facebook, or if you have Facebook set to automatically login, or remember your password on those browsers.

Analyze computer logs

The other thing that I would throw out is to perhaps use something like Process Explorer to see exactly what is running on your machine. See if perhaps there is some other Facebook-related utility running on your machine that’s doing something related to Facebook that might cause it to login at around 2:30 in the morning.

This is also a case where it might be worth looking in the Event Viewer and see if there are any events that are happening around that time every night. That might give you a clue as to what kinds of things are going on at that time.

  • Don’t let all of the errors and warnings in Event Viewer bother you. They’re normal even though it looks horrible (Event Viewer is a mess).

What I would focus on specifically is exactly what’s going on at 2:30 in the morning when this kind of Facebook access is happening. See, if there are any clues that can provide.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

5 comments on “Who is accessing Facebook from my machine in the middle of the night?”

  1. Leave the computers as is and disable internet access. Check the logs to see if the PC is still attempting to access FB.

    Reply
  2. Leo, thanks for such a quick response. No other devices and no FB-specific add-ons. Spyware Doctor runs a full scan every mornig and I run full scans with Malwarebytes and Superantispyware several times a week, so I feel pretty confident there. I’ll look into Process Explorer and Event viewer and see what I find there.
    @Dave, done and done weeks ago.
    @Richard, I will try that. It couldn’t hurt.
    Thanks to all of you, even you Danny.

    Reply
  3. Additionally, none of my passwords are stored in the browser. I keep them on a thumb drive because they are complex and lengthy and it’s removed after signing in.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.