How my Facebook account got hacked and suspended 👍
When I woke up on Friday 6th of January this year, like most people, I immediately checked my phone to, like most people, realise that I have not missed anything important on the multiple different social networks and apps I use. But this time was different. I was logged out from my Messenger and Facebook apps. My login didn’t work, the password was wrong, and my account was locked. I was asked to prove my identity by submitting a picture of my ID card and answering some security questions I set up 13 years ago. Having done that, I could change my password and get back control of my account.
It would be nice if that was the whole story, but that was rather the beginning. Already when resetting my Facebook password, I couldn’t log in into my email address – you guessed it, incorrect password – so I first had to reset that. It was one of my old email addresses, which was linked to my Facebook account. I know, I know, a huge mistake. Anyway, now I had my Facebook account back, but I couldn’t use it. As it turns out, it got suspended. Furthermore, it was suspended apparently for “not following the Community Standards on dangerous individuals and organisations”. I still had no idea what exactly happened, but I hit the “Disagree With Decision” button on Facebook, found out that it might take them up to 30 days, hoped for the best and went walk my dog.
Because my Facebook account was still suspended half an hour later, I started digging in and trying to recover what has happened during the night. From emails I discovered that at 6:20 AM someone requested a reset of my Facebook password, getting the password reset code. This email was read, so I assume that someone has gotten into my email address as well. At 6:26 AM, there is an email informing me that my Facebook account was recently logged into, but it says that it was done from a Czech network. Perhaps a VPN? At 6:34 AM, there was another login into my Facebook account, this time from Vietnam, using that old email address I mentioned earlier and the confirmation code. There goes the 2FA I guess?
Meanwhile, at the same time, at 6:27 AM, I got an email saying my Spotify password has been reset and changed – since my Spotify was using my Facebook account, I assume that it indicates when my Facebook account password was changed. At 6:46 AM, 20 minutes after the first login, according to my emails, my Facebook account was locked by Facebook due to suspicious activity, which is why I had to secure and recover it after waking up approximately 2 hours later.
This is good, this is something I would expect to happen from Facebook when an account gets hacked. And because I was clearly able to verify my identity, reset my passwords and get my account back, it seems like this security thing works. But I still couldn’t use my account. Something must have happened during those 12 to 20 minutes the hackers had access to my account, which cause it to get suspended. I started trying to figure out if any of my friends have maybe seen any weird activity or posts on my account, but none of my closest ones have. To be fair, they were all sleeping happily at that time, just like I was. One thing I was able to discover, apparently “I” sent my sister a picture of an Islamic fighter waving the Isis flag. Twice, even, at 6:46 AM, at the same time Facebook has locked my account.
I don’t know if that was enough to cause the suspend. I don’t exactly know how the Content Policy works at Facebook and what measures are put in place or if a simple picture like this is enough. I assume that they have also posted something else, but I don’t think they messaged any more people, or at least no one told me anything.
When I tried to log into my Facebook account later that day (and pretty much the whole following month), I always saw the same screen saying “Check back here for the result” and that it usually takes them just over a day to review my information. So, I waited. That Friday I was still processing the whole situation and at first it got to me more than I thought it would. I still believed that I was going to get my account back, I have never violated any of Facebook’s policies before, I was a long-time active daily user, and if they at least looked at my case, connected the obvious dots of a password reset, weird login and suspicious activity, surely, they would be able to put two and two together, right? They even locked the account due to the suspicious activity themselves! But as the days went on and I couldn’t get to my account, I was getting more and more sceptical. I couldn’t connect with my friends on Messenger, a messaging service we use the most in Czech Republic. I missed all my group chats and I also started to realise what I have accumulated on my Facebook account over the 13 years of using it pretty much daily. Hundreds of friends and connections across the world, from my high school in Prague, university in the UK, another one in Vienna, multiple trips and international events I’ve attended, all that was gone.
As the time went on, I tried to approach the non-existent Customer Service at Meta multiple times – writing to any email address I could find, messaging them on Twitter and Instagram. But obviously, nothing worked. I also began researching how common this is and why would anyone even do this. I found several Reddit conversations and some blog articles describing exactly the same situation as mine. Some people got the account back in a matter of minutes, some waited a few days and some never got it back. About a week after the event, I pretty much lost all hope already. After trying to log into my account, all I could do was request a download of my information, which only included the very basic one, like name and address, where I was hoping for at least a list of friends or all my Facebook messages and content I’ve posted. When logging out, I always just saw the same message, saying that the account will be disabled in a few days (30 days after it got suspended), and that I only have a limited time left to request a review. But I already did? There was no other option, other than pressing the magic “Disagree With Decision” at the beginning, which at this point I even wondered if it actually did anything.
About a month later, on the 14th of February, I got a short email from Facebook, saying that my account is now officially gone and there is no way to get it back, ever. (As if there was until now, right?) One final log in to Facebook showed basically the same picture.
More than a month of silence from their side before a permanent ban, no one to contact, no way to try and get my account back. By that time, I was not sad anymore, rather mad and fed up with the whole system. Of course, I had already created a new account to stay in touch with my closest friends, but I only use it for Messenger and I have decided to not go back to the traditional use of Facebook again. I was also lucky that thanks to Chatalysis I downloaded all my messages from my old Facebook account few months ago, so I haven’t even lost that much data.
The messages on Facebook Messenger are also probably the most interesting thing at anyone's account - especially in countries and communities which use Facebook Messenger a lot. You would able to obtain a lot of private info from one's personal messages, not mentioning inappropriate photos or offensive content (uhh.. what?). Luckily for me, I don't think the hackers got access to all my messages in the short time. Exporting Messenger data from Facebook takes hours, if not days, and searching for something in the app itself manually doesn't work well.
In the end, the main issue which came out of this was a Facebook business page of my parents’ store which I ran and through which we communicated with the local community. That was gone, but even worse, the page is still out there. No one can claim it, no one can use it, there is no way for us to at least get that back. It also complicates us starting a new one, since there is no way to delete the old one.
I also think that the business page was the reason behind the hack in the first place. Of course, I might be completely wrong, but what I gathered from various articles and comments around the internet, the hackers like to target accounts with access to business pages and see if they have a credit card linked to be able to buy ads. I don’t know if this is the case, maybe I just got unlucky (together with the embarrassingly bad security practice with my old email address), but my theory is that they tried to buy ads for something through my page, realised that there is no credit card linked, and decided to just screw with my account by posting content violating Meta’s content policy. Thanks, I guess. At least I got a cyber security lesson I will never forget, and, looking back at this whole thing now few months later, I realise that nothing significant really happened and my life goes on pretty much the same.
started writing on 19 Apr 2023
updated on 14 May 2023