The hack swipes 2FA authentication tokens from the user’s computer and then uses those to login to their FB account, change their password, change the account name to Lily Collins, and replaces profile photos with a photo taken from the Instagram page of Lily Collins.

Their pages are then used to post ISIS propaganda, or to steal use of credit cards stored on the FB account to buy ads on FB to promote cryptocurrency scams and similar.

FB then detects content “violating community standards” and disables the account with a warning to the owner of the account that it is suspended and all content will be deleted in six months. Most find they have no workable recovery option to regain control of their account.

The attack has been underway through multiple attack vectors since at least January and is still underway today. Facebook has made no comment about the attack and has done nothing to stop it.

A simple action they could take is to require a second 2FA authorization to change account settings. But FB has laid off 25% of its staff during the past 12 months, may be understaffed and morale is said to below. Unfortunately, FB security is weak.

So … FB keeps quiet.

This matter, however, is gradually beginning to get some media attention and at some point, FB may have to respond.

Update: Over a week later, I received an unsolicited email from Facebook now saying that my account had been hacked and here is a set of workable steps to restore the account. This was different that the two emails received the prior week, addressed to someone else, and saying my account was suspended and would be deleted. My account has since been restored.

Coldstreams Skeptic