In the past week and a half, I've had two good friends of mine text me to ask if I'm trying to log into their online accounts. One was an iCloud account, and the other was Facebook Messenger. I recently moved to NYC, and both friends are currently living in Iowa. They both received alerts from iCloud and Facebook, respectively, saying that someone from NYC was trying to log into their account. Luckily, it appears neither attempt was actually successful. I have no reason whatsoever to access their accounts, and I definitely did not try to log into them myself.
Could this just be a coincidence, or is there actually a strong possibility that I'm being used to assist these attempts? Am I able to tell if my network or any of my accounts have been compromised? And is there something I could be doing to inadvertently allow an attacker get to my friends' account information?
I'm concerned about the possibility of this continuing to happen in the future, and I'm a little worried about how many of friends this has actually happened to that I don't know about. I also cannot confirm whether or not these attempts are coming from my home network.
For what it's worth, here are some more points of information that may or may not be relevant:
- My home network is (and always has been) WPA2-AES encrypted and is hidden from the public (it will not show up in a standard wifi dropdown list).
- Neither of my friends have ever used any of my devices to log into any of their accounts before. One of them came to my house and used my wifi once before, however.
- The Facebook alert said the attempt was done on an iPhone 7 Plus, which no one in my household owns.
- At the time of the iCloud attempt, I was the only one at my home. At the time of the Facebook attempt, no one was at my home.
- I use two-factor authentication on my major accounts that support it (Google, Facebook, Amazon, etc.), and I have not seen any evidence of anyone else trying to log into my own accounts.
- I work remotely and frequently visit coffee shops in the area to do work. Obviously, most of their networks are open, but I always, always connect to my work's secure VPN if I'm using an open network like that. Even at home I use the VPN a lot of the time. The VPN I connect to is located in Iowa.
- Having said that, my phone does not use a VPN. Although a lot of the time I'm using LTE, there are still some times when it may get connected to an open wifi network.