How a hacker accessed a Facebook account just by moaning
The tale of a man who lost his locked down Facebook account in only 4 hours to a “hacker” who just moaned at Facebook customer service.
There are lots of ways you can secure and lock down your Facebook account, and we discuss them in our blog post here. But if you believe that your Facebook account can ever be truly impregnable, just ask Reddit user SquidWhale.
SquidWhale – real name Aaron – claims via a Reddit post that a hacker (we’re using this term even though the person didn’t really do any technically-orientated computer cracking) contacted Facebook’s support team via the hacker’s own email account requesting that the password for Aaron’s Facebook account be reset and login approvals turned off.
Again, according to Aaron, the hacker claimed that he no longer had access to either the phone number or email address associated with Aaron’s Facebook account, but still needed to access the account. The screenshot Aaron included in his post showing the hacker’s communication with Facebook is below –
Facebook responded by requesting a scan of Aaron’s ID for verification purposes. The hacker – not actually being Aaron – sent in a fake ID – a photocopy of a passport. However only the name on the passport matched Aaron. The other details, including the photo and date of birth, were all wrong.
Despite this, Facebook reset the password, changed the email associated with the account to the hackers own email, meaning Aaron lost control of his Facebook account. The hacker duly accessed the account, deleted several of Aaron’s business pages and even sent an obscene photo to his fiancée.
The hacker managed this all without Aaron’s Facebook password, phone, email or indeed anything that should allow someone to access an account that doesn’t belong to them.
As you can imagine, Aaron was not impressed. However as many will be well aware, contacting humans at Facebook is no easy feat, since most get forwarded to help forums or Facebook’s maze of a Help section.
There was light at the end of the tunnel for Aaron, however. After a social media campaign, he finally managed to get a hold of Facebook staffers who worked with him to help him regain control of his lost account, where he eventually managed to restore the pages the hacker had deleted.
Sponsored Content. Continued below...
So what is the bottom line here?
It’s essentially a reminder that the Internet is NOT a secure place. No matter what steps we take to protect our accounts (and Aaron’s was pretty well locked down) there are no guarantees when it comes to the security of your Internet accounts. This is largely down to “social engineering” – the ability to trick humans, not computer systems, to gain illegal access to places you shouldn’t be. Humans are fallible, and it is clear that Facebook staff should have never accepted the fake ID that was sent to them by the hacker.
This in turn is a stark warning about becoming too reliant on our Internet accounts. Every day we do more and more online, and the consequences of losing our accounts become that much more drastic.
With that said, locking down your account is still vital. We may never be 100% secure against criminals, but we needn’t leave the door wide open. Remember to enable two-step verification (login approvals) to your account and use a strong password to keep your account as protected as you can, and the same applies to your Internet email account too!
Remember you can read our article on best locking down your account for both security and privacy by reading our article.