Michelle Boyd Waters, M.Ed. | April 15, 2022 2:07 pm

UPDATE: If your social media account is hacked and you have your financial information attached to it in any way -- even if your account is suspended -- CANCEL your card at your bank. CANCEL your PayPal billing agreement. Check your accounts to make sure the hackers did not spend your money. If they did, file a dispute with your bank and/or PayPal so you can get that money back. For the record, PayPal was no help.

UPDATE 2: After calling PayPal customer service, a representative helped me fill out the dispute form and I got all of my money back that was stolen through that account. Additionally, my local bank helped me get all my money back that was taken through my debit card. DO NOT use a debit card on Facebook.

Attempting to recover from being hacked on Facebook can be a nightmare. My account was more than 13 years old. I managed several business pages and groups, and was a member of hundreds of other people's communities. 

I lost it all in just a few minutes, thanks to a hacker whose IP originated in Los Angeles (even though I was in Oklahoma and have been since the pandemic).  

Hacked on Facebook Lessons Learned

Facebook hack Timeline

In the days since this happened, I've written a personal narrative essay about what happened and a friend and former educator, who now runs a local media production company, published it for me on his news website.

Today, I was reading about a security program Facebook is rolling out to some users, Facebook Protect, and wondered if they might have sent an email to me prior to the hack. For the record, they did not. But what I did discover is that they sent me emails documenting the hackers actions and my unsuccessful attempts to subvert their efforts to break into my account and upload something terrible.

Facebook Email Hack Notification 506

The first email I received from Facebook indicating anything was wrong arrived at 5:06 p.m. CDT on April 9. I was at the car was in Norman, Oklahoma with my kids and not checking my Facebook or email.

The image above is of the email notification I received from Facebook stating someone had requested a password reset. This would have been my first indication something was wrong, but I was busy spending time with my grown children in Norman, Oklahoma and not checking my email. Also, I have all those notification emails from Facebook going to a folder in my email account so they don't clutter my main feed. I will have to setup some sort of rule to keep security related emails in my inbox.

Next, you can see below where I received another email at 5:20 p.m. saying that someone had logged into my account using a confirmation code sent to an email address I haven't used since 2012 and no longer have access to, for a domain name that is not registered, according to ICANN. I also see that the email states the hacker's IP was based in Edmond. So maybe there was more than one?

Facebook Email Hack Notification 520

Email received at 5:20 p.m. stating that I had logged into my account using a confirmation code sent to an email address that haven't used since 2012 on a domain name that no longer exists.

Apparently, the hacker was able to access the confirmation code (I checked and my email account is not compromised because it doesn't exist.) or find some other way into my account. I know this because I received an email at 5:20 p.m. stating that someone had logged into my account from Los Angeles, I place I have never been.

Facebook Email Hack Notification

Email received at 5:20 p.m.

These are the clues showing none of this was me. Yet my account is still suspended and I have no way of contacting Facebook other than what I mentioned in my article and in my commentary below.

Facebook Email Hack Notification 533

Email received at 5:33 p.m.

Not sure why, but I received another email at 5:33 p.m. also providing a reset code. This is a different code. Another hacker? I don't know. Again -- this is not me.

Facebook Email Hack Notification 533

Email received at 5:33 p.m. This email no longer exists. The domain name also doesn't exist any more.

At the same time, I received an email stating that someone had logged into my account using a confirmation code and the same email address that no longer exists and from the same IP as reported by the email from 5:20 p.m. Here is the information on the ISP the hacker used.

Facebook Hack IP lookup

I know that sometimes cellphone signals can bounce off various towers. However, I was either washing my car or driving home during this time period, not using Facebook. You can see that in the screenshot below.

April 9 Timeline

My location from 4:48 p.m. to 5:34 p.m. I did not go anywhere else after that.

I logged into my Facebook app on my cellphone at about 5:35. I remember arriving at home and the kids getting out of the car. I picked up my cellphone and logged into my account -- and started getting the notifications in the app that someone had logged into my account from California. I clicked the button stating that this wasn't me and started going through the process of changing my password.

I had Facebook send the verification code to my cellphone, which is how I thought I had the verification process setup, as evidenced by my history in the screenshot below.

Facebook Hack Authentication

As you can see, I have historically used my cellphone to verify my Facebook account.

In the middle of that process, my screen suddenly changed to one stating that I had violated Facebook community standards -- something about child exploitation. Whatever the hackers uploaded, it was bad.

Facebook Email Hack Notification 536

Email received at 5:36 p.m.

As soon as I received that screen, I requested the review, thinking that Facebook would see I had been hacked and give me my account back. That was six days ago and I am still suspended.

I did just reply to the email notification that someone logged into my account from Los Angeles and asked Facebook to review my account. I will let you know if that gets any results.

What Did I Learn from Being Hacked on Facebook?

  • If you have a credit card or PayPal account tied to Facebook (you've paid for an ad, etc.) make sure you cancel the credit card and the PayPal billing agreement immediately!
  • Make sure emails from security@facebookmail.com are whitelisted, marked as important, and arrive in your inbox. When you get those, take care of them immediately.
  • Make sure you have more than one admin on your business pages and in your groups/communities.
  • Make sure you follow important people and groups in places other than Facebook. Get email addresses and phone numbers of important people. Follow them on Twitter and Instragram.
  • NEVER connect your Instagram to your Facebook account. If you Facebook account gets suspended, your Instagram will be deleted.
  • Read more here about how to protect your online business.

Would you like updates on how to protect your business?

I will continue to update this article as I learn more about what happened and if I hear anything back from Facebook. Don't miss out! Just enter your name and email address below and I'll send you updates to this article -- along with other information about how to start, grow, and protect your online business. 

About the Author

I chose to proactively retire from the classroom teaching and share my gifts in a different context. I'm a damn good teacher and I'm tired of working within a frustrating system that won't let me do what I know is right. So I'm taking my business full time -- and I'm still educating, still making a difference in the world. And I want to help you do the same.

Posted in: Collaboration
  • When I first moved to Tucson, my Facebook was hacked, and they ran ads worth over 1500 dollars. I did get my money back. I now have two-step authentication on everything and must have my phone to verify so let’s hope I don’t lose my phone…

    • Yikes! I’m glad you were able to get your money back, too. Both my bank and PayPal were amazing. And yep, I have two-factor authentication now, as well. So that’s another important step and has been part of my process to get logged back in this time. (Yes, someone tried to hack my account again today, but I’m back in.) Whew!

  • {"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}
    >