Can someone use IP spoofing to access your facebook profile as an administrator?

Question

Do any IP addresses have security so they cannot be used by a hacker to access secure pages? For example, could a hacker spoof a Facebook IP address to enter someones profile page and make changes as an administrator?

My facebook profile was hacked twice and the IP addresses both came from the Facebook office in Singapore. I'm wondering if someone hijacked these IP Addresses so they could access my account and make administrative changes to my profile, which is what occurred.

I was under the impression that companies like Facebook would have strong security restrictions to prevent people from hijacking their identity.

Answer 1

We don't know what security measures Facebook exactly provides but spoofing the source IP of a TCP connection (which is used when accessing a web site) and still doing something useful with the connection is impossible in practice.

This means that it is more likely that the site was really accessed from the shown IP address (no spoofing), that the database records tracking the IP address were tampered with or that you've interpreted the information wrong. If any of these happened or something else can not be inferred from the provided information, but I'm pretty sure that no IP address spoofing was done by an attacker when connecting to Facebook.

Answer 2

We do not know how Facebook implements security internally, so we can only guess. But common best-practices regarding admin authentication is to use the IP address as an additional authentication factor, but not the only one.

For example, it would not be uncommon to only allow admins to connect from specific IP addresses which were authorized for this, but it would still be a good idea to ask for username and password regardless.

The question why your Facebook profile was apparently accessed from an IP which is registered to Facebook Singapore is a question you should ask to Facebook support directly.