Details are here.

I believe there were multiple attack vectors. The one described at the link is an analysis of a Google Chrome extension that grabbed the authentication cookie for FB (after you’ve already done your 2FA) and then used that to gain access to your account, as if you were logged in. The immediate goal was to take over group pages and likely use those to post messages “that did not meet FB community standards”, after which FB killed the account.

Another possibility, as I saw it, was they had added Lily Collins on to the attached Meta Business Platform, which some people indicate was used to purchase ads for scam businesses – if you had a credit card on file.

I was able to briefly re-enter my suspended account. A new “Friend” had been added, with a Vietnamese name, and using Vietnamese characters (which most of us don’t know how to enter as we don’t have a Vietnamese keyboard).

The source code analyzed above also has Vietnamese text throughout the extension source code.

This suggests a Vietnam connection, but we cannot be certain. Someone could fake the Vietnamese, for example. Or it could be someone from Vietnam originally but now working from a different country.