Shortly after waking up on the morning of August 18 I checked my email and found three messages from Facebook. The first, from 2:37 am, contained the security code I had supposedly requested. The second, from 2:40 am, asked if tried to log in from somewhere new. And the third, from 2:44 am, let me know my password had been changed. Obviously, unless I did all of this in my sleep, someone had hacked into my Facebook account. I tried logging in but was unable and when I tried to reset my password I found my recovery email address was changed. In less than 10 minutes, while I slept, someone hacked into and locked me out of my Facebook account. It didn’t take too long to figure out this type of thing isn’t all that uncommon and there is no easy fix. It appears the hacker accessed my email for the security code, but I had no other indication my email was compromised. I immediately changed my email password. We were on vacation in St. Louis when this happened, so I tried to figure it all out without letting it impact our plans. Long story short, I was never able to recover access to my Facebook account, although I was able to get it disabled, and I haven’t been on social media since.
I recently created a new Facebook account, although I don’t have any friends yet. As I prepare to dive back in, I thought I would share some thoughts about what I’ve learned from my experience losing my Facebook account and going five months without social media.
- Strong passwords. Although I don’t think it was a factor in this case, my Facebook password was weak. I didn’t think it mattered much because I didn’t think anyone would ever have reason to hack into a Facebook account. My email password wasn’t much better. I haven’t done it yet, but I’ve heard nothing but good things about password managers and plan to start using one soon.
- Two factor authentication (2FA). I received an email notification, but that didn’t actually stop anything. The hacker was able to lock me out of everything before I even read the email. If I had 2FA set up, action on my part would have been required prior to even getting into the account. I often choose not to set up 2FA because it’s a bit of a hassle, but it’s probably worth it for the extra protection.
- Virtual Private Network (VPN). While not directly related to this situation, in my quest to make things more secure I decided to start using a VPN. I started using NordVPN a few weeks ago and it’s working out pretty well so far.
- Facebook Customer Service. I don’t think this is a thing. As far as I can tell there is no way to talk to a person and it is very difficult to send messages or submit requests if you are not logged into a Facebook account. They do have a page to address situations like mine, but it was confusing, sent me around in circles, and was ultimately unsuccessful in getting me back into my account.
- The social media break was good for me. I never really posted a lot, but I spent a lot of time scrolling and reading on Facebook. Like many others I could easily get sucked into a divisive topic, even if I wasn’t actively posting on it. I think social media has done a lot to divide this country and it was good to take a break. I’ve been able to make better use of my time and I just feel better.
- I’m ready to get back on social media. I’ve always had trouble keeping in touch with people. Facebook made that a lot easier. While it’s definitely not the safe as in person, or even a phone call, I felt like I was able to stay somewhat connected to people. I miss that and I want to get it back. I also miss some of the discussions, even if they are at times contentious. I hope to learn from my hiatus so I can have a better experience with social media this time around.
I wish I had been smarter about keeping my account secure, but overall I think I’m better for the experience. I think I can take what I’ve learned and be a better social media user in the future. And I know I can always walk away.
**(UPDATE: 1/16/22) After sending my first friend request from my new account, Facebook showed me a list of recommended friends. To my surprise, there was my old profile at the top of the list. Apparently, my hacked account didn’t stay disabled but it didn’t look like there was any new activity. I decided to try recovering it one more time. They must have made some changes to their process; I was able to get into the account without too much effort. So it looks like I can delete the new account and won’t have to rebuild my Facebook life from scratch.