(See later posts on this – this is known as the “Lily Collins hack” on Facebook. It has been underway since at least January 2023 and as of mid-March is still underway. Facebook has no comment or response as to what is going on. The hack bypasses 2FA and all security alerts. FB is just suspending and then deleting end user accounts. Per some reports, FB won’t let you create a new account with the same phone #. One report says millions of accounts have been affected so far. Looks like I will no longer be using Facebook.)
This morning I received a bizarre email, addressed to my email address but with someone else’s name and photo:
The email address I use for the FB account is a nearly one-off email address used for perhaps half a dozen, mostly social media, accounts.
The FB account had 2 factor authentication set up using an authenticator app.
I checked the email server itself and the email account remains intact. The only message received there was the above – there was never an email saying someone logged in or someone had changed something about the account.
I then attempted to go through FB’s recovery procedure but – it wants to send a verification code to my phone #. It displays the correct phone # but I never receive the verification code.
I have verified that other services can send codes to my phone and others can send texts to my phone, and I accessed my service provider’s account (which has a double layered password scheme to make changes, plus 2FA) – and that looks correct.
It looks like FB itself had an internal database problem. This happened once before on Instagram when someone created an IG account using my email address. Which should not be possible. I logged in by saying I’d forgotten the password and deleted that bogus account, and of course, changed passwords elsewhere.
When I logged into Instagram this morning – where I do not use my FB account for access but a standalone IG account – it tells me my previously linked FB account has been removed.
Thus, my 2FA protected FB account was compromised through unknown methods and promptly used by a person representing themselves as “Lily Collins”, in a way that got the account immediately suspended and deleted.
I have no explanation as to what occurred. I am very leery of creating a new FB account as I do not believe their security can be trusted. This is unfortunate as it was a primary social connection for me and a source of information, via several hobby, travel and more groups.
Simultaneously, this morning, I am unable to login to Twitter either. It does not recognize the 2FA codes I use – I had recently set up 2FA in advance of today’s Twitter switch over to mandate 2FA usage. 2FA was previously working.
Does this mean that the authenticator app system was compromised? I do not know.
UPDATE: Still nothing heard from Facebook. I assume my account is gone for good. Facebook laid off 25% of their entire staff during the past 12 months as the company has floundered under Zuckerberg’s leadership. Today, Facebook has no support for end users, and no explanation as to how their security systems failed. My sister tells me her sister-in-law lost her FB account last week, the same way as me, as did one of her friends.
An important takeaway from all this is that social media platforms are 100% untrustworthy.
I was once shadow banned on Twitter for the offense of sharing actual ACA price quotes linked to healthcare.gov. In other words, Twitter shadow banned me for political choices made by Twitter. In this case, Twitter appeared to have shadow banned my entire account for a significant period of time.
Facebook shadow banned my posts about how social media was used to disseminate propaganda messaging, as a “frictionless platform for the spread of propaganda” – something we today know to be 100% true.
Today we also know, from the Twitter Files, that Twitter (and others) were suspending accounts of American citizens passing along factually true information – and doing this censorship at the request of government agencies and an academic program at Stanford University.
We should consider discontinuing use of social media platforms and revert back to something like blogs and RSS newsfeeds – a distributed, not centrally controlled system – which put us, as information consumers, in the decision making seat for what we choose to see versus having the Zuckerbergs and Dorsey’s of the world control our thinking.
