I got hacked and Facebook banned me

Update 2nd June 2022

Thank you to the 5 lovely people who work at Facebook and reached out using their personal email. My Facebook profile has been unlocked! This post had so many views via Hacker News (thanks to my husband for sharing there) and sparked an interesting discussion. I appreciate the help, even though I don’t actually know who made it happen or how it happened!

Also apologies to those who emailed me asking me to share how this was fixed. I wish I knew, I wish there was a clear process for me to direct you to. Unfortunately while I thankfully have access to my account again, the how behind all of this remains unclear. I have passed on your email addresses to the people from Facebook who reached out.

What do you think happens if your personal Facebook profile gets hacked? Until last week I naively thought it would be a simple matter of letting Meta know, and them helping me reclaim my account… The actual process has been upsettingly opaque.

TLDR; I let an old domain expire and an attacker got me banned from Facebook.

Last Wednesday I was up with my baby at 4am and went to scroll Facebook Marketplace, as you do. I was logged out. I tried to recover my password but no text ever came through with a verification code. I simply couldn’t get back in. Trying again I noticed the primary email listed was not my email anymore. I’d been hacked.

The attacker has since put up content that has had my account suspended, to be deleted within 30 days. What I have discovered is that there is no way to speak to anyone at Facebook about this, no way to get your account reinstated, no way to get the photos, connections and memories back. I have gone from a regular Facebook user (15 years with a profile) to nothing. One bad actor is enough to erase you and Facebook do not give a damn.

The attack

I’m still not sure how I ended up in the attackers crosshairs.

My best guess is that an old email [email protected] was involved in a data breach.

Years ago I had a blog called Happy Tree Pose, about yoga and other bits and pieces. Eventually I stopped writing it, and let the domain happytreepose.com expire. I had forgotten that I’d setup [email protected] as a recovery email on my Facebook account. I switched across to a more current address 10 years ago, and didn’t think that it would remain active.

The attacker must have had a list of emails and found mine with an expired domain.

They registered the domain using Wix, and then were able to reset my Facebook password.

Password reset using old email

Then they locked me out (and enabled two factor auth)

Email changed

I got no notification when their yubikey was added as the 2nd factor authentication.

They tried to spend my money on ads

They then started posting ads for… Alaskan Crab Meat 🦀.

Attacker trying to spend money on ads Attacker trying to spend money on ads

Their spammy ads got me banned

Eventually these strange spam ads got me banned. Account suspended pending review. To be deleted after 30 days.

I got banned for alaskan crab meat spam

If you view my profile now it simply says ‘review requested’.

Action needed

Countdown to deleted account

This all happened a week ago. This means I should have approx three weeks to get my account back before it is permanently deleted. I have tried emailing addresses I found online, with no reply or even receipt. I have filled in online forms that ask for my license but then give me no indication that this has been received. I have also searched the net and sadly found that I am not alone.

I’m not sure what to do next. Everything is online, and requires you to login to your account. There is no way to contact support, no way to recover your memories when things go wrong. Thanks to one bad actor I no longer exist on Facebook. I have all the documents I need to prove my identity, and my old profile is full of pictures of me… surely it shouldn’t be this hard?

Perhaps I shouldn’t care. I should take this as a chance to move off socials and find other ways to connect. Thing is I’m a Mum of two who has just moved to a new area. Facebook groups have offered me support and community, and Mums I’ve met in local playgrounds have added me as a friend so we can use messenger to plan playdates. Without these apps sadly my little social life becomes a lot lonelier, and harder.

So, what can we do?

Firstly, if you know anyone at Facebook would you please pass this on? I honestly don’t know what else to do…

Perhaps this post can reach an actual person and they can help? I’d really love you to share this until I can find someone who actually has a face and a name and the ability to figure this out.

Second - go set up two factor authentication on all your accounts if you haven’t already. I feel like a prize idiot for not doing so. Sure, I had a baby and had just moved house but ugh I wish I had taken a moment.