Update, 8/16/22, 4:00pm. Scroll down for the original posting and previous updates.
A small victory. Once I realized the source of the hack of my Facebook account was likely someone registering a domain name I relinquished six years ago (see below), I started working to get that domain shut down. I contacted the registrar of the domain in Japan, the DNS provider, the company providing the email forwarding for the domain and Google whose Gmail service was the end recipient of the forwarded emails.
I almost immediately had success with the email forwarder. I showed them the domain registration record and how less than one and a half hours after the domain was registered, email from Facebook through their service was used to hack my account. Behind the scenes they stopped the email forwarding.
The domain registrar initially rebuffed me, saying I had no proof and that it was my word against the person that registered the domain. However, I contacted them again providing detailed records including the time of the domain registration and the email headers showing the time the initial email went out right afterwards. They never did reply again, however, today I see the DNS servers have been changed to an “abuse” address leading me to believe I convinced them.
The DNS provider proved to be useless in helping and I have yet to hear from Google about getting the end Gmail address shut down.
At this point I can at least derive some, tiny bit of satisfaction that my efforts appear to have gotten the domain name associated with the hack shut down.
Having said all that, so far, all of that work has not accomplished getting me back on Facebook and my account reinstated. I can clearly demonstrate that my account was hacked by an outsider, how it was hacked and thus that I was not responsible for the postings that occurred. That does me little good, however, because there is no way to communicate all of this to the company.
Yesterday I sent off another batch of snail mail letters to all the officers at Facebook. I continue to tweet at them in the hopes of getting their attention. I even emailed and tweeted at the NPR reporter that did the story a year ago about cases almost exactly like mine.
The silence from Facebook is deafening, maddening and just wrong.
Update, 8/9/22, 4:00am. So frustrating. I have tried everything I can think to regain access to my Facebook account. I’ve emailed every address possible, written letters, tweeted, etc, all to no avail. It really is infuriating to say the least.
A bit of a mea culpa in the interest of being honest. I do think I have figured how the hackers were able to gain access to my account.
Many years ago, I worked on a side project and had registered a domain name and then setup an email address with that domain. While I let the registration for the domain name lapse in 2016, it appears I might have still had that email address listed in my FB profile or somewhere else.
Well, the bad guys registered that domain name for themselves in Japan on Saturday, July 30 and within hours, were hacking into my account. I had received emails saying someone was trying to login with that email address I used long ago but never put two and two together until the other day when I sat down and started hashing through everything that happened.
I’ve since emailed the new registrar of the domain and the DNS provider trying to get it shut down but have not had any luck so far.
One lesson learned that should be passed on is to be sure all your contact info on your social media accounts is accurate. Get rid of any old stuff in there or it may come back to haunt you.
So, it does fall on me for having an old email address listed on my Facebook profile. That, however, does not justify Facebook continuing to lock me out and not giving me the opportunity to correct the issue.
Original post, 8/4/22, 4:00pm.
Well, no good vacation goes unpunished. I spent much of this past week up in the Colorado high country taking in the sights and critters. I return to find my Facebook account was hacked and they have put it on hold, pending deletion.
First, let me say that I am no computer dummy. I am an IT manager by trade and take all possible precautions to lock down all of my important accounts, including all social media. For Facebook, this included a ridiculously complicated password and two factor authentication.
Last Saturday, I received a notification from the Facebook app that someone was trying to login as me and, with two factor authentication enabled, asked if it was authorized. Naturally I immediately clicked the “no” button.
I then attempted to change my password but due to the limited connectivity where we were camping, I couldn’t complete the process. I wasn’t overly concerned as I had told Facebook to deny the login. Makes sense, right? Nope. Apparently not.
Facebook did indeed let the bad guys in and they in turn started posting what I can only guess is some nasty stuff. Sunday morning I wake up to find my Facebook account was suspended and is pending review due to my violating their Community Standards.
Now, if someone had access to my account and they detected it, I applaud Facebook for disabling it. However, they have taken it too far by preventing me from accessing it again.
I have appealed their decision but now am sitting in limbo, staring at notices counting down the number of days until my account is permanently deleted. Certainly they have the capability to tell there were nefarious actors involved and that I had no part in posting the offending content.
There is literally no way to contact a real person at the company. I have sent emails to the few active email accounts I found and this morning even sent letters via snail mail to all of their executive team.
In my searching, I found many reports of people going through the same ordeal. Major news outlets including NPR have reported on Facebook’s failures to help their users. Many more examples abound including here, here and here.
So, I sit here concerned about losing 10+ years of personal memories not to mention access to my Thornton Weather page that I have spent years cultivating and growing. It just is not right.
Yes, Facebook has a responsibility (and right) to police the content on their site. However, it is simply wrong to essentially “erase” someone through no fault of their own, something they have evidence of!
For you, my friends, this means I won’t be posting to Facebook until this gets resolved. At least I hope it gets resolved. If not, I guess I won’t be found on there again.
In the meantime, please head over to my Twitter account for my postings. Thank you for your patience.