One minute I was in my garage, recording a behind-the-scenes video on Instagram stories, and the next minute, IG had kicked me out. I was irritated when I couldn't get back in. But when I went upstairs and saw all my passwords had been changed (bypassing two factor authentication), I was terrified.
In this very short podcast episode, I share my story of being hacked, the stories of 3 other victims (and why one is suing Facebook), how you can protect yourself, and my plan as I prepared to re-launch on Instagram.
Listen Now (Full Text Below)
Follow The Storied Recipe in Your Favorite Player
Update One Year Later:
About 8 weeks after I published this episode, I also published this one:
4 Things I Lost, 8 Things I Gained, and How YOU Can Benefit From My Hack
I was also interviewed about Facebook/Instagram security in this episode of the Eat Capture Share Podcast with Kimberly Espinel:
#53 What's Happening With Instagram
More Personal Posts/Episodes
Full Text (Edited)
[00:00:00] Well, good morning for me, maybe it's good afternoon or good evening to you.
[00:00:16] I am getting closer to either having my Instagram account reinstated or much more likely having to start fresh with a new one. In the meantime, I wanted to let you know a little bit more about this hack that I've experienced, what I've learned so far, and hopefully maybe even a couple things that could help you and me in the future, maybe not be in a situation like this.
[00:00:50] Unfortunately, hackers are good. They're motivated. They know what they're doing. And as you'll hear as I talk about this more, I'm not so sure any of us are ever completely safe. But let's see what we can do.
[00:01:03] So I'm going to start sharing about this experience, actually, from my brother-in-law's perspective. It was what he saw that gave me the clue into what was happening with me and allowed me to do all the helpful research that I've done over the last week or so.
[00:01:19] About 2:45pm last Monday, July 14th, he happened to be on Facebook. He got a notification that my profile picture had changed. So he clicked on it and he saw that my profile picture had been changed to a black flag with white markings on it.
[00:01:40] He didn't recognize this image, so he did a reverse Google look up and saw that it was the ISIS flag. So he switched back to Facebook to let me know. And by that time, my account had already been disabled.
[00:01:57] From my perspective, I knew nothing of this. I didn't even hear that from him until 24 hours later, from my perspective, I was actually in my garage. I was having a great time. I was getting ready to do a shoot. Marcus, my 13 year old who has been doing my behind the scenes videos, was getting set up. I had just published a different Instagram TV video that morning, all about using light in food photography. I was getting a lot of reactions. I was interacting with those. And just as I got ready to take a selfie with Marcus, my 13 year old, I, I couldn't I couldn't take the selfie because I wasn't on Instagram anymore. It actually reverted me to a different account. And I'll tell you in a minute why that account was not disabled.
[00:02:47] When I tried to get back in to my Storied Recipe podcast account, I got a message that said, "Your Facebook and Instagram accounts have been disabled because you violated community standards on Facebook. If you think this was an error, you can appeal the decision."
[00:03:08] Interestingly, I tried to take a screenshot of this message just so that I knew already this was a big deal, just so I could have a trail of what happened moving forward.
[00:03:21] And I actually wasn't even allowed to take a screenshot of that notification from Facebook. They blocked me from doing that. A little message popped up on the bottom of my screen saying, you cannot screenshot this screen due to security concerns, which is amazing to me that I wasn't allowed to take a record of a decision that had been made about my own account. So I was feeling a little panicky, as you can understand.
[00:03:51] I came upstairs to my computer and I immediately noticed two emails in my inbox, both from Facebook. The first one was saying that someone was giving me a code for my Facebook password recovery, and the second one was saying that my Facebook password had been changed. I need to say at this point that, yes, I do have to factor authentication on. In fact, at that point I tried to say, no, no, no, that wasn't me. Change my password back. And in order to change my own password back, I had to get a text on my phone with a PIN number. To this moment, I don't know how the hackers got around that, but they clearly did. Once I changed my password, though, I tried to appeal this decision.
[00:04:45] And let me tell you what the appeal process looks like. There's two pieces of information you can submit. One is your name and the other is a photo ID. I was not allowed to submit any documentation showing that I had been hacked. Facebook does not give any timeline about when they will review these appeals. And in fact, they only give a message saying that appeals are delayed because of covid-19. They don't give any guidelines on how they go about their appeal process. So clearly, that message gave me very, very little hope as to what I could look forward to or really even any fairness in this process. All of their messaging to me, the victim of the hack, is YOU violated community standards. There's no messaging that really takes into account that a person could have actually been hacked.
[00:05:48] So, again, it wasn't until the next day that I heard from my brother-in-law that he had seen an ISIS flag on my profile. That was a really useful piece of information, because once I had that, I was able to actually start Googling and see if I could find other people who have been through this.
[00:06:06] OK, so what do I know now? Well, I know a lot, actually. I know that this has happened to quite a few people. This is nothing unknown to Facebook. I know that most of the people that this particular hack happens to have business accounts because one of the goals of the hack, if not the main goal of the hack, seems to be to somehow get money by gaining control of the Facebook account and buying ads.
[00:06:39] How that money gets siphoned to the hackers, I don't know. But that seems to be a common thing that happens across these hacks. And I certainly, after my account was disabled, got a notification from my Facebook app saying that an ad for a company that was was in a different language. I don't actually know what it said. Fortunately, my credit card was shut down, so that did not go through.
[00:07:04] But I have found no less than eight articles about this particular hack. And I want to kind of just tell you about three of the stories that I read about. These were helpful to me for two reasons. One, because I realized that there are people out there that are in a much worse situation that I'm in. Two, because they helped me understand that the likelihood of getting my account restored is very, very low. That was good because it helped me put together a plan. And that's what I'm hoping to do, which is: unfortunately start from scratch.
[00:07:39] So let me just tell you about a couple of these articles. The first one was by an author named Graham Brown. Martin Graham's article was published on medium.com, and it was titled Dear Facebook, Are You Following the ISIS Flag Hack? And I think I like this article because it reflected the angry tone that I felt.
[00:08:01] Graham was a long time user of Facebook. He's an author and he had amassed Facebook groups of over fifty thousand followers. He'd spent over a thousand dollars in Facebook ads. And this is the way that Facebook handled his requests for help. He says, "without a Facebook account, there is no way of messaging you. Since you don't answer your emails, you don't acknowledge my messages on Twitter. Even your senior policy and digital safety staff, who over many years have connected to me on LinkedIn, refused to respond to my inquiries. Creating a new Facebook account would infringe your terms and conditions."
[00:08:44] And yes, this is true. This is not an option that's available to me, because if they detect that I've done that, they will shut down my new Facebook account and any related Instagram accounts. Also, just Monday, just two days ago, Graham actually posted a lengthy follow up to this article and he explained that he did get his Facebook account back eventually after writing this article, which has gained traction and also tweeting like crazy at Facebook. I don't have a platform as big as Graham and I actually don't even have a Twitter account. If I were to start one to start tweeting at Facebook, frankly, I think that would be ineffective without any followers. What I have done is reached out to my email list and a couple people on there volunteered to bring my case to people they know who work at Facebook.
[00:09:34] I've absolutely asked them to move those plans forward. I've also gone to LinkedIn and just searched for Facebook employees and I've used the rocket reach extension on Chrome to get as many emails of those employees as possible and just tried to email out to them. I will be happy if my account is restored through these tactics. But again, it's very unlikely since I don't have the type of pull right now that Graham Brown Martin has.
[00:10:06] Another victim of a similar hack is Susan McCarthy, who lives in Court County, Ireland, and works for the government there. This is the kind of treatment that Susan received. The counselor said Facebook refused to engage with her over the issue: "They told me my account was deleted and they would not be discussing the matter any further. She said there was no recourse. It was very hard to get in contact with the support center. And then I got a very strongly worded email back saying that the account has been permanently deleted and quote, We will not be discussing this further." Susan goes on to say that because she does work in the government, she was able to get some fairly high members of the government to get in touch with Facebook and basically demand that she get her account back. But again, this is not an option that's available to me.
[00:10:54] I read about this account in a in an article by Roisin Burk of Echo Life, i.e.. Again, I read eight different articles about this, but the third one I'm going to share is one that really broke my heart. There's a woman named Bailey Mesero who lives in Colorado Springs here in the U.S. She was a victim of this identical hack. She had 22,000 followers in her Facebook group and Facebook was her sole source of income. Since this has happened to her, she has tried every way of contacting Facebook as possible. She has been rebuffed at every turn and she has actually brought a lawsuit against Facebook based on this. And she says very plainly that her goal is not to seek damages. Her goal is simply to get someone at Facebook to respond to her. The article actually quotes, well, I'll just read this paragraph. Facebook announced in a March 19th update on its website that it was sending content reviewers home and relying, "more on our automated systems to detect and remove violating content and disable accounts. As a result, we expect we expect to make more mistakes and reviews will take longer than normal." Again, this squares with what I read, which was Facebook basically gave itself a pass.
[00:12:25] So having read those three articles, all I knew is that this was not going to be possible for me unless through some stroke of luck or from some mercy of God, these basically random emails that I've sent out have some kind of effect.
[00:12:43] So, let's transition a little bit. I've bellyached and you guys have listened to me. Thank you for that. I'd like to hopefully supply some kind of content or value for you here and just tell you three things that I have definitely learned so far. The most important thing I've learned also goes back to this article by Graham Brown Barton. He's looked into this quite a bit. He's obviously a very intelligent man who understands the technology well. And he verified something that I had suspected since the morning after this hack, which is that for this to work, it is highly, highly likely that the hackers actually had access to my email as well, which is a personal Gmail account. This is actually scarier to me personally than the fact that they were able to get into my Facebook. I don't know how they got around two-factor-authentication. I don't understand that at all, although I actually personally have a guess about what they exploited. But again, I don't understand the technology well enough. So the number one thing that I have learned: use a password for your email address that you don't use for anything else.
[00:14:01] I'm sure you know that hacks happen all the time and that massive amounts of data are exposed through breaches. It's very likely that my email address and this password were linked together and some sort of breach that none of us would ever hear about and that they have some sort of automated system or bot that exploits this and just, you know, bangs, bangs away at Facebook to see what they can get with this combination. And it worked for them. The second thing that I would say, and I am not saying anything new or fresh here, but none of us, absolutely none of us can rely on Facebook and Instagram as the sole or even the primary way that we reach out and connect with people that want to engage with our content or our offerings.
[00:14:53] So in my case, I have not done a great job with my email list. I didn't I started the podcast in October. I didn't do anything with it until December. Since then, I haven't been as aggressive as I should have, but I have managed to attract about one hundred seventy email subscribers. And I know that I can count on them next week when I try to restart. And I've been so touched and thankful and encouraged by the way that they have reached out to me with so much compassion and support during this week.
[00:15:25] So definitely you want to work on that email list. I'm also fortunate in that obviously I have this podcast stream. A lot of you are listening to this and learning about my situation through it. And I'm really hoping that you will support me next week. Also, when I tried to start fresh over on Instagram, I also have all of my former and future guests that I'll be reaching out to next week also and have kind of formed the community around me.
[00:16:01] So the third and final thing that I will say I've learned from this is that Instagram has brought me a community. There is no doubt about that. I do want to get back on Instagram and while I want to build up my podcast stream and I want to build up my email list, and those things are absolutely necessary, there's no denying the community that is found on Instagram, in the food photography and the food community. It's strong, it's sincere, it's genuine, it's supportive. And I have been absolutely overwhelmed this week. Well, this week and last week by the kindness people have shown me, by the way, they've actually sought me out and just said so many encouraging things that are giving me the resilience and the endurance to just keep taking one day after another with this.
[00:16:54] Finally, I'd like to tell you about my plan for next week and as humbly as I can, I would just like to say I need the help of each and every person listening to this. So next Monday, I'll be emailing all of my list and asking them to look for an email from me on Wednesday. On Wednesday, I plan to send an email with a link to an image on Instagram sharing that I've been hacked and that I'm asking for help sharing this and bringing people to my new account.
[00:18:39] Finally, the one last thing I will say is that if you do happen to find my account on Instagram, because several people have so far, I'm asking you to please not share that yet because my best chance of getting a boost, an initial boost in followers is if this happens in a big way, if it's shared by as many people as possible. A waterfall of support is going to be better for me than a trickle over several days.
[00:19:10] So that's my update. If you have any advice, if you have any questions, I would welcome them at Becky at the storied recipe dot com. Again, I want to say thank you so much to you all who listen, who have reached out, encouraged me, downloaded. Actually a week ago when I asked people to download episodes, had my second highest performing day ever of downloads. So that was again just the support that I feel is giving me a lot of endurance and hope and purpose during this time.
[00:19:45] Finally, I will just say that the community that Instagram gave me, it cannot take away by shutting down my account. And I hope to see you over there next week, unless, of course, God throws some other plans this week. Thank you and have a great week. My friends.
Would love to hear from you!