Today’s blog post comes courtesy of our good friend Johanna White, owner of Design by Jo. She had the unfortunate experience of being targeted by hackers. Without further ado, here is her story.
SURE 2-STEP SECURITY IS ANNOYING…
But then I got hacked, and I wished I had turned it on yesterday!
by Johanna White – Design by Jo on May 30, 2020
Last week, my life got taken over by bloody marauding pirates. Ok…so they were actually just some faceless hacker from Hung Yen, and it was just my email, facebook, business page and instagram…but after the ease with which they snatched part of my identity, and the week of harrowing frustration that I went through to try and get it back, it certainly felt like the work of pirates. Now, a week later, feeling scarred, vulnerable, and just a little worse for the wear, I’m here to beg you to do whatever you need to to keep yourself and your business safe from similar fate!
I had known that my security was weak for years (use of the same password in multiple locations, refusal to turn on 2-step security, etc.) But I hated the thought of trying to remember EVEN more passwords, or worse, constantly find myself locked out of my own accounts whenever I attempted login from a different device, and didn’t happen to have my phone on me to receive the verification codes.
Unsurprisingly, my weak security was a dam waiting to break, and when it happened, it happened in the blink of an eye. In one fell swoop, hackers broke into my email, and from there, logged into my personal facebook account and reset the password, successfully locking me out. They then took over my Facebook BUSINESS page, added themselves as admin and 100% removed me from the account.
This was the hardest move to fix, causing me to have to spend the following week on a frustrated bunny trail with unhelpful facebook bots, sending multiple forms of identification, and going so far as to have to make a written statement and get it NOTARIZED as I frantically tried to prove that I was the owner of the page, and not the sudden new admin located somewhere in Vietnam.
In the meantime, the hackers also managed to get themselves onto my linked Instagram account (I know it seems easy to log into other apps via facebook, but don’t do it folks!) and changed the instagram handle to their own name, successfully taking my photos and followers with them. The awful profile picture that they uploaded to my personal facebook account was sadly the least of my worries (though it did prompt some concerned texts from friends who thought I may have gone off the deep end and joined the jihad!)
I thought once I regained access to my personal facebook account, and reset the passwords, that would be the end of it. Unfortunately though, it was just the beginning. As I went in search of my business page, I was frantic when I discovered that I no longer had access. All that I was granted was a tiny oh so helpful notification saying that I had been removed… and BAM. Just like that, they were the owners, and facebook didn’t even believe that it was my page.
(Apparently all the photos of my work, that looks exactly like the photos of my work on my website, and the live photos of me with my work meant nothing…)
GETTING IT ALL BACK – It’s not so easy my friends!
As it turns out, it is far easier for a hacker to steal something than it is for you to get ahold of a single live human who can help you get it back! I had to click at least 20 different “problem” buttons on varying help pages of facebook before I finally landed on the one and only link that appears to take you to an actual form that you can fill out, and it was something to do with reporting the theft of intellectual property. Unfortunately it turned out to not be the salvation I hoped for, as they offered me only 2 options: be passed off to a different team that handles page admin reassignment, or permanently delete the page, losing years of content and client communications along with it.
I begged them not to pass me off to the admin team, because I had started there, and all I had gotten in return for clicking all of those links was this very unhelpful notification, saying that I had no eligible admined pages:
Apparently there are SOME business pages who get struck by really kind hackers, who just remove you as admin, but keep you as staff on the page. This form is for them. But it is not for people who are dealing with nefarious pirates that remove you from the page completely.
Facebook responded to my begging by telling me that they could not help, as I had contacted the wrong channel, and suggesting that I email the new admin of the account and request being re-added. They also then politely informed me that they considered the matter resolved now, and were closing my support ticket. WHAT? Again WHAAAT? Sure Facebook. Let me just email the hackers who stole my stuff, and kindly ask for it back. I’m sure if I knew who they were, and had their email, that plan would have been solid. Totally would have worked. 100%! But alas for me, I had none of that, so I had to resort to filling out yet another claim form, reporting stolen intellectual property, and start the process all over again.
About a week later, after only a few sleepless nights, and fingernails chewed to the quick, wondering what kinds of messages the hackers might be sending to my clients through my business page, Facebook finally granted the opportunity to prove that I was who I say I was. All it took was spending a sunny Saturday that I would have rather spent outside, providing legal documents naming me as the business owner. Oh and a few forms of government ID, plus driving to a notary and getting them to notarize a sworn statement saying that I was the owner. I’m not sure how this really helps, but I guess if the hackers ever try to sue and get my page back, the lady from the UPS store will definitely back me up in court. (more fun facts… when they sent the message saying I could submit this info for review, they also let me know that I only had a couple days to provide it, or they would consider the case closed and I would not be allowed to contest it again.)
So friends, don’t end up like me! Please, I beg you, turn on your 2-step notification. Change those old duplicate passwords (and consider using a password authenticator like LastPass for the really important ones.) Log into apps with separate passwords and accounts, rather than taking the easy street and clicking “login with facebook.” And whatever you do, if the pirates attack, never wave the white flag!
Johanna White – Design by Jo