My Facebook Account Was Hacked But I Recovered It And Here's How You Can Keep Yours Safe
Social Media has become the digital scrapbook of our lives. We stay in touch. We post our lives. We share our photos, and our witty well thought out captions. And we network on these platforms.
Since joining Facebook in 2006, I've been dragging my monstrous Canon 5D Mark III to the most inconvenient of places like Horseshoe Bend and Antelope Canyon just to ensure I have a robust collection of visual memories as souvenirs to take back from my adventures. My social media reads as a footprint of my life trailing back through events, milestones, places I've been, things I've seen, people I've met, and yes, even the things I've eaten.
From the day I purchased my trusty Toyota Prius, to the day I quit my 9-5 job to focus on my photography career, to the day I trekked out to Arizona to start my life over, and all the seemingly inconsequential moments in between, social media has been my journal entry to each of these landmarks in chronological order.
These platforms are my never-ending stream of recorded information about what I call life, pinpointing moments in my journey that would otherwise be swept away like seashells to an ocean current.
But about a month ago, these memories were all washed away when my Facebook account was hacked. I woke up one morning and tried to log into my mobile facebook app when I was notified that my password had recently been changed. Thinking that was odd, I tried logging into Facebook through my computer when I got the same error message. When I went to reset my password, an alien email address email@example.com stared back at me. My email had been changed to an email I have never owned or used but peculiarly was the original and legal name of my photography company before I rebranded to Rachel Smak Photography. Slowly I began to realize that my account had been hacked.
As the sheer panic settled in, I discovered the hacker who broke into my Facebook had changed my email, removed two-factor authentication, and eventually changed my name from Rachel Smak to Hussain Naser and my gender from female to male. When the extended recovery option of using my trusted contacts I'd set up years ago failed to regain access into my account, the mild dread I started my day with turned into full-blown hysteria before my first sip of coffee.
I felt like Sandra Bullock in the movie The Net when she had her identity completely stolen from her. Why had I been hacked? When other people checked my account, there were no recent updates, no weird messages from the impersonator asking for money, and no crazy pornographic link suggestions. Just a foreign name and a case of gender confusion apparently.
Scouring the internet looking for answers, I was disappointed to find very few instances of restoration. Anyone who's been hacked can testify to how impossible it is to reach out to a human being that works at Facebook and not the generic response emails from the “facebook team.” I read through hundreds of message boards with broken links and outdated email and phone support numbers. I took to LinkedIn to spam anyone who worked for the company to see if they could help, but every lead turned into a dead end.
By the second week, I contacted the BBB and filed a formal complaint, but all I got in return was another generic message from Facebook directing me to their support page, a page I'll mention you can only visit if you have a Facebook account.
Over the coming weeks, I assessed the damage of the things I'd lost through my hacked account like an insurance claim adjustor cataloging valuables. It read as follows:
ALL the content for my personal and business page, including updates, photos, and videos.
Personal friend connections (I had 897) and Facebook fans (764) that I'd cultivated over the last thirteen years.
Messages that went back through the years
Access to deceased loved one's accounts, like my mom's account and my former roommate who both tragically died by suicide
Everything going back from the year I started my account in December 2006
Convenient access to sites that let you log in via Facebook
The ability to run ads on Facebook and Instagram for my business
The original URL of the first Rachel Smak to sign up for Facebook http://facebook.com/rachel.smak
A face on Facebook
It was emotional and painful to think about, and a few weeks into my ordeal I'd finally cracked under all the pressure. I was living in a new state, and a new city and my connection back home was gone. For the first time in my life, I found myself homesick, and I cried.
I googled Facebook's headquarters and weighed the pros and cons of a twelve-hour road trip to Menlo Park California. After a little digging, I discovered I wouldn't even make it past the parking lot to talk to a receptionist without knowing someone who worked at Facebook.
I took to Instagram and posted a Live Story about my ordeal, wiping the tears away as I tried to magnify the loss I was experiencing hoping all the while that six degrees of separation was still a thing and someone would see my story and have a connection out in Facebook land.
And as it turns out my sappy emotional plea to my followers on Instagram worked. I received a few leads of human beings who actually worked at Facebook in the fraud department who could help me out. I emailed the team I'd been connected to all the details of my ordeal including screenshots of my hacked account and photos of my driver's license after a month of being locked out and feeling left out my Facebook account was restored. I received an email from Facebook with the steps to log back in and secure my account. It was weird seeing messages my friends and family sent the hacker, but it felt heartwarming knowing I had people in my corner and friends who cared and had my back.
What have I learned through this ordeal? Here are ten ways you can secure your Facebook account from getting hacked!
1) Never use variations of your password. I'd been foolish in using a generic password like Phoenix123! with small alterations across my accounts. But this experience taught me to be paranoid and to use completely NEW and UNIQUE passwords for each online account. Avoid including your name, birthdate, pets, or common words in your password: make it REALLY REALLY difficult for a hacker to guess.
2) Implement the password manager app and secure digital wallet Dashlane which I set up to securely keep my login credentials and generates strong hack-proof passwords for my accounts.
3) Set up two-factor verification on all your accounts that have this option. Google, Instagram, etc. While my Facebook was still hacked with this setup, it's still an added precaution that can protect you from hackers. Under Settings> Security and Login> Two-Factor Authentication go to use two-factor authentication and save your cell phone number.
4) Set up trusted contacts on Facebook. Under Settings> Security and Login> Setting Up Extra Security go to choose 3 to 5 friends to contact if you get locked out. Make sure to pick people you trust, and people who can navigate Facebook reasonably easily. Don't list your grandma as one of them. (If you're reading this grandma I love you, and while you know your way around an excellent twice baked mashed potato recipe, you don't know your way around a facebook generator link very well.)
5) Stop linking everything to your Facebook login. If your Facebook is compromised and you didn’t create separate ID’s for everything, guess what, like I discovered you have lost access to everything else you signed up for using Facebook.
6) Purchase a YubiKey from Yubico. This incredibly robust hardware-based authentication is around $50 and comes on a little keyring you put next to your phone or in your computer USB port for NFC authorization into your accounts that makes it virtually impossible to have any of your accounts compromised. Thanks to my super techie friend Preston Palmer for this suggestion, I've ordered one for myself.
7) Change your password every six months. This goes for all of your passwords — not just your Facebook one. Set a reminder on your phone or a note in your calendar to help you remember to do this.
8) Set up Login Alerts on Facebook. Login Alerts send you an alert when someone logs into your account from a new device or browser. Under Settings> Security and Login> Setting Up Extra Security go to get alerts about unrecognized logins where you can choose to get login alerts via Facebook notifications, email, or text messages.
9) When connecting to public Wifi hotspots be cautious and use a VPN. Virtual private networks (VPNs) offer an additional layer of security and privacy, and they aren't just for big corporations. You can set up a VPN while you browse by following this instructional link here: Set Up VPN
10) Backup your Facebook data. With a backup, you have your own offline copy of all the photos you've posted to Facebook in one single folder, which you can easily store in a safe folder on an external hard drive. If Facebook ever crashes and burns, all your selfies and other personal photos and information won’t go down with it. You can follow this instructional link on how to do so here: Download A Backup Copy Of Your Facebook
I know I'm among the lucky ones who managed to navigate this scary hacking ordeal relatively unscathed. As I logged back into my account today I couldn't help but feel grateful, this ordeal was daunting and devastating, but at the end of the day, I successfully regained access to my Facebook account and learned how to prevent something like this from happening again. The adage 'what doesn't kill you makes you stronger,' and in this case, it is true. I'm logging back in tonight stronger and wiser from this experience, and I hope that my nightmare does the same for you.
I'd love to hear from you! If you've ever been hacked how did you recover your account? See any security tips I missed? Leave me a comment below and let me know!
Images of me taken by Delight In The Desert