I was hacked last week.
Amid a pandemic, working solo and with the fear of identify theft top of mind, I genuinely felt cut off from the rest of the world.
The hacker was able to access my Facebook account while I was sleeping.
I discovered I had been hacked when I switched on my phone at 6.30 one morning to start working through my emails and tasks for the day.
There it was – a message from Facebook three hours earlier, alerting me to an unusual login activity in Melbourne.
That’s hundreds of kilometres from me.
I worked my way through a handful of subsequent emails from Facebook, alerting me to an unusual login, followed by an email alerting me to the fact that my password had been changed.
The mobile number linked to my account was changed next, which locked me out of my own account.
It was genuinely terrifying.
This meant that Facebook’s automated process to recover my account didn’t work.
For two hours, I tried to recover my account. But the hacker had prevented the Facebook reset recovery code from being sent to me.
So, it was impossible.
I turned to Twitter, pleading for help from anyone willing to listen.
No help there.
Just bots, pointing me to ‘cyber experts’ wanting me to fork out for what should have been free – the assumption that my account was safe and that Facebook’s 'privacy' was assured.
Eventually, I was able to let Facebook know that my account was compromised – and it was suspended, taken off the air, for the team to review who the real owner was.
I no longer existed in the virtual world.
I could no longer reach out to my 200+ friends.
My mind raced to what the hacker could be looking at.
Given that so much of our school communication happens over Facebook Messenger, there was a lot.
I was mortified at the thought of what the hacker could be posting for my friends to see.
I worried that perhaps they could be hacked next.
My privacy settings are on – only my Facebook friends can see my wall.
So really, I thought that meant that I was taking all security precautions.
But now, I imagined the hacker scrolling through pictures of my children, messages from others including bank account details to pay for our soccer team coach presents, and phone numbers were laid bare.
I thought the worst – identify theft, here we come.
Later that morning, I turned to Facebook Australia’s media team, desperate for answers – and keen to write a story.
But it wasn’t straightforward for Facebook to figure out how to recover my account.
Twelve hours after the hacker gained access to my private world, the work day was ending, and I was no closer to having access back to my Facebook account.
That evening, my partner searched my name via his Facebook account, and there it was – my profile had been duplicated – quite well.
I reached out to the media team again.
They responded with: “I am working hard to restore this for you, our tech teams have been working to get a fix on this since you escalated this to me.”
Finally, a couple of hours later, a link to recover my account worked, and the account was recovered.
I was relieved, but angry. And scared that an identify theft could be around the corner.
While Facebook assures users that the platform is safe, actually seeking assistance to recover your hacked account is virtually impossible.
Earlier this year, more than 533 million Facebook users were hacked and their private data released to a hacking forum.
Full names, birthdates, locations, phone numbers, Facebook IDs, bios and even email addresses were leaked by the hacker.
Media stories also surface from time to time about similar hacks to the one I had encountered.
I put several questions to Facebook about hacking incidents in Australia, including how many accounts they estimate are never recovered.
Facebook Australia said: “We’re committed to safeguarding the integrity of our services, and work hard to protect our community from hackers, fake accounts and other inauthentic behaviour.”
Facebook also provided a link to its Guided help tool.
“We strongly encourage people to strengthen their online security by turning on app-based two-factor authentication and alerts for unrecognised logins,” the Facebook company spokesperson says.
Facebook also provided some ‘background tips users can use to avoid getting phished or scammed on the platform’.
The list read more like a handbook for dummies, including: ‘don’t click on suspicious links’, and ‘never reveal your login details’.
But I’m living proof that your private accounts can be hacked while you sleep.
* Not the author’s real name.