It’s about half past midnight here on the island, and I just finished getting my hacked account back into my possession with a brand new password and 2FA enabled.  But I wanted to tell you about my horrific journey and how to recover a hacked account, and of course, ways to make it more secure once you have the account back.

What Happened?

My take starts just under 2 weeks ago.  June 9th, 2023.  I was asleep at my buddy’s house back in my homeland in Ontario Canada, and while I was sleeping, someone in a far-off land was up to some mischief.  Unbeknown to me, I received 2 emails around 7:15 AM EST.

Two emails from Facebook

Of course, I did not know this yet, I didn’t find out till way later in the day.  But even if I was up, these happened so fast, I would not have had time to recover the account.

The first email, was the hacker adding their own email address to my account.  The second email was the hacker removing MY email from the account.

Now this was a nasty trick, you see. facebook has this nice feature:

Note: If the email associated with your Facebook account has changed, you can reverse this. When an email is changed, we send a message to the previous email account with a special link. You can click this link to reverse the email change and secure your account.
https://www.facebook.com/help/203305893040179/

Well, this cheeky bastard didn’t modify my email, no, they removed it, after adding their own.  So when I went to click the “This wasn’t me” button at the bottom of the email, not only could I not recover my account, but when I wanted to reset my password, it wanted to send it to the Hacker’s email.

Ok, so now I am a bit upset… how could I let this happen to me, I am usually really good about my password, but for some reason, the account I use to log into any app that allows me to, was the least of my concerns? Well, that would have to change… but first, how do I get my account back?

Sadly, as this has already happened, I can only describe the screens I had and how frustrating it was to unlock my account.  Facebook has a reporting system for compromised accounts.  I tried this from m.facebook.com on my mobile device, and by going to Facebook.com on my PC.  In both cases, you need to prove who you are by uploading an ID, this was easy on the mobile, just snapped a shot of my Driver’s License, then it forward me to a page where it told me what they do with the IDs… And a message saying that the Mobile site is being updated to be more something or other… helpful? useful? Well, something like that anyways.  So I decided to hop on my PC and do it from there… I scanned my ID in my HP scanner and prepped it for upload, just like I did on the Mobile site… No such luck though, no the PC wants you to hold your ID up to whatever webcam you have so it can “scan it”… well as much as my webcam is HD, it can’t focus at the distance required for the app to take a picture… which was about 2 inches from the cameras.  So I took out my work laptop with the built-in camera, this seemed to focus alright, so I submitted to Facebook from it… and again I was forwarded to a help page describing what it does with the IDs… no other info…

So rinse and repeat for about a week, waiting for this email telling me how to recover my account.  Nothing.  So I did a quick search on the web, I mean, after tweeting Facebook with no reply other than the bazillion auto accounts telling me to contact Jim, John, or Jacob to help me hack back into my account… Don’t answer these, by the way, all 500 of them are scams…

So I email every Facebook email I could find, but none existed anymore.  Then I found it… the answer to my problem.  An article on a site that helps secure things, yeah it’s a site that promotes their own product so you spend $X a month so they can help you protect your accounts… but that was not what I was interested in… I was interested in their advice on how to get back into your hacked account.  The link I found was this – https://cyrus.app/blog/unhack-fb-account/ which pretty much got me 50% of the way right after reading it.

How to Unlock your account

So from the page mentioned above, I found out the fastest way to recover your account, is through the mobile app, not the m.facebook.com site, but the actual app.  Now, if you read one of my previous posts from 2021 – Why I left Facebook you would know that I haven’t had this app installed in over 2 years now.

So I proceeded to install the app back on my phone and followed the instructions from Cyrus.app. I submitted my ID and almost instantly, I got the email, now this should work for most, but for me, when I went to change the email, for whatever reason, it kicked me out saying that this feature could not be used.  So here is where I was at.  It allowed me access to my account but with no password.  I could not change the password because for some reason “this feature is not allowed”.  So ok, I figured, my email was added back to my account, now if I go and reset my password, it should send to MY email… I was half right… as the hacker’s email was still on the account, it sent me ad the hacker the codes to get back in… so in my rush, I attempted too many times and got locked out.  So, back to the web, how long do I have to wait till it stops telling me I used too many codes?  24 hours, or so they say.  many people were commenting that they have waited weeks and still cannot reset.  I am not one of those people, 24 hours later, just before midnight tonight, I reset my password and removed the hacker’s email (cus you need your password to do this).

My account was once again mine, and only mine… But how do I secure it?  How do I make it hard as possible for hackers to hack my account?

How To Protect Your Account

That same page, further down, has some great advice.

  1. Enable 2FA (you also need your password to enable this)
    • Also, enable Backup codes, take a screenshot, and save them someplace safe.
  2. Change your password to something strong & unique – And I mean strong, not 8 or 10 characters, 12-16 is a good starting point, and use UPPERCASE, lowercase, Numbers(1234567890), and Special characters (!@#$%^&*).  Do not use known words, etc.
  3. Monitor other devices/locations which are signed in to your account
  4. Monitor third-party applications
  5. Update your contact info / Remove Hacker info! (first thing I did when I got my password changed)
  6. Secure your email account

That last one is a huge one… if you do not have 2FA on your email account, time to set it up.  Because if your email is compromised, losing access to Facebook is the least of your worries.

So I hope this article helps some of those lost souls who like me, use Facebook to log into just about everything.  Now as mentioned, I don’t really use Facebook.  I use Messenger, but Facebook grew old for me, I didn’t need my account back for any other reason than it is a key to access a world of other apps.  Some I have purchases on that I wish not to lose.  Could I have created a new account?  Yes, but, hundreds of apps, with purchases, gone, hundreds of $$$ that I would have to respond… no thanks.  I had to fight for this account, I did, and I got it back.  Hopefully, you can too.  Now, back to a life I believe is considered normal.