UPDATE: If your social media account is hacked and you have your financial information attached to it in any way -- even if your account is suspended -- CANCEL your card at your bank. CANCEL your PayPal billing agreement. Check your accounts to make sure the hackers did not spend your money. If they did, file a dispute with your bank and/or PayPal so you can get that money back. For the record, PayPal was no help.
Attempting to recover from being hacked on Facebook can be a nightmare. My account was more than 13 years old. I managed several business pages and groups, and was a member of hundreds of other people's communities.
I lost it all in just a few minutes, thanks to a hacker whose IP originated in Los Angeles (even though I was in Oklahoma and have been since the pandemic).
Facebook hack Timeline
In the days since this happened, I've written a personal narrative essay about what happened and a friend and former educator, who now runs a local media production company, published it for me on his news website.
Today, I was reading about a security program Facebook is rolling out to some users, Facebook Protect, and wondered if they might have sent an email to me prior to the hack. For the record, they did not. But what I did discover is that they sent me emails documenting the hackers actions and my unsuccessful attempts to subvert their efforts to break into my account and upload something terrible.
The first email I received from Facebook indicating anything was wrong arrived at 5:06 p.m. CDT on April 9. I was at the car was in Norman, Oklahoma with my kids and not checking my Facebook or email.
The image above is of the email notification I received from Facebook stating someone had requested a password reset. This would have been my first indication something was wrong, but I was busy spending time with my grown children in Norman, Oklahoma and not checking my email. Also, I have all those notification emails from Facebook going to a folder in my email account so they don't clutter my main feed. I will have to setup some sort of rule to keep security related emails in my inbox.
Next, you can see below where I received another email at 5:20 p.m. saying that someone had logged into my account using a confirmation code sent to an email address I haven't used since 2012 and no longer have access to, for a domain name that is not registered, according to ICANN. I also see that the email states the hacker's IP was based in Edmond. So maybe there was more than one?
Email received at 5:20 p.m. stating that I had logged into my account using a confirmation code sent to an email address that haven't used since 2012 on a domain name that no longer exists.
Apparently, the hacker was able to access the confirmation code (I checked and my email account is not compromised because it doesn't exist.) or find some other way into my account. I know this because I received an email at 5:20 p.m. stating that someone had logged into my account from Los Angeles, I place I have never been.
Email received at 5:20 p.m.
These are the clues showing none of this was me. Yet my account is still suspended and I have no way of contacting Facebook other than what I mentioned in my article and in my commentary below.
Email received at 5:33 p.m.
Not sure why, but I received another email at 5:33 p.m. also providing a reset code. This is a different code. Another hacker? I don't know. Again -- this is not me.
Email received at 5:33 p.m. This email no longer exists. The domain name also doesn't exist any more.
At the same time, I received an email stating that someone had logged into my account using a confirmation code and the same email address that no longer exists and from the same IP as reported by the email from 5:20 p.m. Here is the information on the ISP the hacker used.
I know that sometimes cellphone signals can bounce off various towers. However, I was either washing my car or driving home during this time period, not using Facebook. You can see that in the screenshot below.
My location from 4:48 p.m. to 5:34 p.m. I did not go anywhere else after that.
I logged into my Facebook app on my cellphone at about 5:35. I remember arriving at home and the kids getting out of the car. I picked up my cellphone and logged into my account -- and started getting the notifications in the app that someone had logged into my account from California. I clicked the button stating that this wasn't me and started going through the process of changing my password.
I had Facebook send the verification code to my cellphone, which is how I thought I had the verification process setup, as evidenced by my history in the screenshot below.
As you can see, I have historically used my cellphone to verify my Facebook account.
In the middle of that process, my screen suddenly changed to one stating that I had violated Facebook community standards -- something about child exploitation. Whatever the hackers uploaded, it was bad.
Email received at 5:36 p.m.
As soon as I received that screen, I requested the review, thinking that Facebook would see I had been hacked and give me my account back. That was six days ago and I am still suspended.
I did just reply to the email notification that someone logged into my account from Los Angeles and asked Facebook to review my account. I will let you know if that gets any results.
What Did I Learn from Being Hacked on Facebook?
Would you like updates on how to protect your business?
I will continue to update this article as I learn more about what happened and if I hear anything back from Facebook. Don't miss out! Just enter your name and email address below and I'll send you updates to this article -- along with other information about how to start, grow, and protect your online business.
