I was thinking, that if my account got hacked (2FA enabled) every account can be hacked. So I researched a little bit, talked with friends and I am going to tell you how this can happen to you!
But first I need your help
! --------------------------------------------------------------------------- I need you to visit the above pages.
For each one click on the three dots (...)
, Select Find Support or Report Page
option, then Select "Pretending to be something
", then Select "A friend
" and in the field "Which friend" (that will open) select my name
those of you we are friends on facebook (those who we are not yet, feel free to add me friend)
My facebook profile is
: https://www.facebook.com/leopapadop/
This is the only chance to get back our admin access to those pages.
So here's what happened
---------------------------------------------------------------------------
On April 7th, I realized I was logged out from messenger. I use 2FA SMS verification, google authenticator and yubico (strong two factor authentication using hardware key). I was easily able to recover the account and get access again, but I still cannot access the pages (as admin).
Someone accessed my account, bypassing the 2FA probably from a Netherlands IP address (of course I will process to legal actions but this will take time). He removed me as admin from the 3 pages that had the most followers, then he posted on my profile 3 pictures of terorirists and a porn video. The result is I got banned from facebook instantly for 1 month.
Here's the only logical explanation. Using some link in a PDF or other malitious file, he got access to my browser's cookies. Since I was logged in to facebook, he didn't need some other confirmation. The weird thing of course is how facebook didn't detect the activity from unknown IP/device.
In the following video you can find why you always must login to facebook in incognito mode
, besides enabling two factor authentication
:
