On June 10th, 2021 at 4 A.M. my Facebook nightmare began.
Most days I get up around 4 A.M. to work on PopCultHQ.com before I head to my full-time job. This entails responding to emails, looking at potential advertising, checking stats, updating the convention list, combing through event news and if there is time writing an article or two.
First thing I do is I start going through emails. I noted that at 3:12am I had a notice from Facebook that someone had logged into my account, by 3:18 they had changed the phone number on my account and initiated two-factor authentication. They had also logged out all other devices, so now I couldn’t log in through anything.
I freaked, this was the main account for my business. PopCultHQ.com was compromised. I instantly attempted to log in and it wouldn’t let me, but it did let me change the password.
When I tried to change the password I noticed that there were now two emails listed for my account. The one I used and a second one that wasn’t mine. So every time I tried to reset the password the hacker also got notification. I changed the password in an attempt to limit their access, even if only briefly.
I reported the account and contacted everyone I could and told them to report the account.
Facebook Security Is a Myth
Supposedly when you report an account, Facebook locks it down until it can be confirmed, so I was only mildly concerned. I thought that I would contact Facebook, send over my ID and get this resolved rather quickly. I was wrong.
Account on Lockdown
First off, when Facebook locks down or blocks an account, everything and I do mean EVERYTHING associated with that account is gone. Every picture I ever took and tagged people in is gone. The Facebook pages I created are gone. Every file I ever created in Facebook is completely gone. For over three years I have been creating a monthly report of how PopCultHQ is doing and sharing that with my writers, EVERY single one of those reports is gone. Years of compiling data is gone in a heartbeat. I had always assumed that file that was shared with others would remain until deleted. Facebook just proved that assume just makes and Ass out of U and ME.
The good news was that everything was locked down, and I got it locked down before the hackers could do any harm. Boy was I wrong.
Still Billing Me
Because I am attempting to run a business that means we need social media, we used Facebook as our main social media and it was/is a big source of our traffic. To improve traffic, I would periodically run ad campaigns through Facebook, which meant that I would receive billing for those ads.
On June 12th, two days after I thought I had locked down the Facebook account, I was received billing from Facebook for advertising. It was two bills for $50 each. One was at 10:11 OM CST and the other at 11:49 PM EST. If the account was locked down, how did the hackers manage to bill $100 of advertising?
Facebook Response
As for getting access to my account back? I haven’t found a way to do it yet.
I have sent my identification in to Facebook using every way I can find and there are not many ways to do it. 90% of the help options require you to log in to Facebook. If you do not have access to your Facebook account that makes it more than a little difficult to use their options.
There is no way to contact a human at Facebook. I have found two phone numbers, both lead to a voice system with a variety of options, each and every option sends you to the Facebook help page. To make matters worse, some of those pages the system directs you to, do not exist.
When you find a form you can submit to without having to log in, you tend to get an automatic response:
“Hi,
We can’t give you access to this account or help with your request until we receive an accepted form of ID that matches the information listed on the account. Learn more about the types of ID we accept in the Help Center:
https://www.facebook.com/help/159096464162185?ref=cr
Thanks,
The Facebook Team”
Funny thing is, I have sent in several pieces of official documentation that match the name on the hacked account. I have sent it via multiple venues and in various formats. I sent in legal documents, I even created a presentation step by step of why I cannot access my account. I included various piece of information they could use to verify the account is mine, I listed specific pictures, listed who the top chats in messenger would have been and told them to contact those people for verification, I listed what pages I have created, what pages and groups I am part of, I listed a few ‘secret’ groups that wouldn’t be common knowledge. I have provided Facebook with more than enough information to fully identify that as my page. Even without any of that information they should be suspicious if I am suddenly logging in from a completely different IP, in a new continent. Even if it is a North American hacker, I highly doubt they are logging in from my hometown with the same windows system as mine. A sudden change in location should set up red flags.
Save Everything Now
My advice to everyone. Get a hard drive just to save backups on. Save backups of every file or photo you have, make a list of the groups you are part of, keep a separate list of the Facebook people you talk to and if you have a business on Facebook or pages you don’t want to lose, make sure you have at least one other person with administrative access or there will be no access to them at all.
I was lucky, I had put my editor on most of PopCultHQ’s pages so access was not completely lost. We would have been dead in the water without him.
