And I couldn’t recover it.
A few weeks ago, I woke up to look at my phone, opened the Facebook app and saw someone else’s account flash up, which then changed to a message saying that my account had been de-activated due to breaking community standards. I first thought ‘this isn’t even my account’ but upon logging out and in, I soon came to the realization that it was actually my account.
This also affected Facebook Messenger, which I could no longer access. Others could see my account in chats, with it’s new name ‘Lily’ and profile picture (which on doing a reverse Google Image search, I found was a very popular fashion influencer – and not the potentially breaking community standards type).
Facebook had an option on signing in for me to request the decision to be reviewed. As it seemed like it was a pretty cut and dry case where someone had somehow accessed my account, I followed that process. The process sounds like a scam in itself but is an actual thing they do – first I had to take a photo of myself and upload it, then take a photo of some sort of ID and upload that too. After that, the automated Facebook system told me to wait for the results of that review.
Only an hour or so later I logged back in to check, and saw this message:
I’m going to conclude that their review process isn’t very thorough, or they’ve automated it and it’s come back in the negative for some reason. Although I don’t expect much of Facebook, I did expect to get my account back, but that was a dead end. I didn’t really care about my Facebook account too much – I was really just using it for Messenger, as well as Facebook Marketplace and some local news/events stuff. Creating a new account didn’t take long and got me back to where I needed to be.
I was still curious on what happened – I was using a unique email address and password for Facebook, and 2FA was configured; any time I’d log onto a new device I’d get an existing device to prompt via the Facebook app to authenticate. I used the ‘Download Your Information’ button above, which took several hours to be ready and give me some download links.
The 3 ZIP files Facebook provided contained quite a large amount of information – it’s interesting to see how much data they actually keep about your activities – too many to list, but some examples:
“Advertisers using your activity or information” (list of thousands)
“Your off-Facebook activity” (thousands again, example – Menulog feeds back searches, purchases etc)
“IP Address Activity”
That’s when I became ‘Lily’.
Interestingly, “Authorised Logins” shows no logins from this IP, but there is a record under “Session updated“
Unsurprisingly the IP appears to be a VPN endpoint. I’m no cyber expert, but appears someone potentially obtained a cookie off me to gain access judging by the first 4 characters, as the logs show I first used it in April 2022.
The other biggest ‘loss’ I had from losing this account was any other service I used that I’d done the lazy thing of using my Facebook account to set up access, rather than creating an individual account. One I knew I’d done this with, I could luckily follow a reset password process using the email address I used for Facebook.
I also lost control of my Facebook page where articles from here were posted – there’s probably a way to take this over, but having a quick read it requires uploading your ID, and that didn’t go to well so far.
I still haven’t been able to exactly work out how access was obtained, or what was actually done with the account to breach community guidelines (maybe just impersonating someone famous was enough) despite having all these logs. I’ve gone through chats, page likes etc and could not see anything suspicious.
The biggest lessons learned I can pass on from this is – realise that you may lose your Facebook account at any time, and despite doing the right thing and being able to prove you are you, not be able to recover it. Also, don’t be lazy and use that account to access other services if the other service can let you create an account in another way (ideally email + password + another authentication factor). If you are concerned about what Facebook might be gathering for you, follow their instructions on how to download your data – it gets presented in a nice HTML front page to dig through.
Also – if you post on social media about your account being hacked, a bunch of bots will respond and recommend services to get your account back. Ignore these.
Update: Check out Part 2 where I get the account back.