[lo_fye]

HELP?

I woke up to a bunch of notifications on my phone from the past 30-60 mins, indicating that people in in Montreal, Argentina, and Kathmandu had attempted to login to my account, and at least one had succeeded. I'm nowhere near any of those locations, and I didn't get any 2FA messages.

I tapped Instagram, and it asked me for a new password, so I set one, and it just hung and did nothing.

My Instagram, Facebook, Messenger, Threads, and Quest accounts were all permanently disabled. My Quest headset is a brick, too. It said I had violated their terms of service, and there would be no appeals process. No recourse as far as I can tell. I was a member of all of them from year 1 if not day 1.

I use 1Password and complex unique passwords and 2FA religiously. I even had Advanced Account Protection turned on in Facebook. Now it says that my phone number and email are not attached to any known Facebook accounts. I have no idea how this could have happened.

I couldn't care less about using social networks as social networks, but I have hundreds of people on there that I have no other contact info for, and I'm a member of many groups that don't exist anywhere else.

Moments ago, I was able to login to Instagram, presumably because that password change did actually work, eventually, so I'm trying to make some headway there, but trying to find & access Meta Customer Support is impossible, especially when I can't get into the main Meta Account that everything is tied to.

If you or anyone you know have any clue what to do about this, please let me know.

[lo_fye]

UPDATE!

At around 12:20pm, after hours of trying anything I could, the Desktop version of Facebook Web's Meta AI Support asked me to upload a video selfie. Then it asked me when the issue began, and as soon as I said around 7am this morning, their AI was like "Ah ha!" -- It asked me for my alternate email address, which I provided, and as soon as I clicked a link in that email, I started getting email about Pages being republished, access to Marketplace being restored, etc.

Now: Can I even prevent this from happening in future? How can I make sure everyone has my blog url (or phone number) so they can contact me even if I lose contact with them?

Thank you for your support and concern, despite however dumb my comments in 2009 were. LOL.

[xk3]

So the solution was to do the same thing that the hackers did??

> "tell the Meta support AI that the account is hacked and ask it to send the verification codes to an arbitrary email address they control"

I agree it seems like they could later use the same flow to get access again but maybe Meta has blocked some location spoofing now

[brianmcnulty]

Not exactly, I think part of the tools it has access to allows it to perform an "investigation" into recent malicious activity and account changes that may have occurred that were likely unauthorized (such as changing from an email used for a long period of time to a new one). I think this AI-version of this check was originally broken and just allowed any email but has now been fixed to only be emails that look like they were attached to the account, which is what the poster used to obtain access back into their account.

[parable]

The bug still exists - two of my friends have lost access to their accounts as of an hour ago. They've partially recovered but are unable to change their passwords, so their accounts are still technically in the hands of the attacker(s).

[brianmcnulty]

Yeah, it seems another ATO bug has popped up. I haven’t looked too much at it personally, but I hope Meta plans on taking their Meta AI Support Assistant offline until it undergoes far more rigorous security review.

[parable]

It seems pretty trivial to just add a check in the agent's tool call to determine if the email is actually the one on file (or one that has previously been on file). I'm not sure why it's taking them so long to remediate.

[rd]

You've gotta leverage your network and find friends you know who work at Meta/IG. I was able to get my account back without asking friends at IG (because mine wasn't fully disabled just password changed), but people I know who lost their accounts have had to ask multiple people very up the chain at IG to do some special restoration.

[s_dev]

First off, this is shit position for you to be in.

I perused your comment history as I often do with HNers.

Some guy was predicting this exact situation in 2009 and your comment was that this would all sort itself out due to market forces. The market forces have spoken and the market lacks empathy.

Hope you get your account back and then when you do you hop on to the the other side of the fence. We can all stand to learn from your experience here and 2009 was a long time ago.

If you are in the EU or an EU citizen you will have options (you can email them from the email associated with your account asking for all your data). If you are in the US (assumption) you will be stuck with their ToS and hope some guy in Meta with leverage reads this who simply wants to help.

For reference I proudly do not use any Meta products exactly for these reasons. This is an absurd and dystopian position to find yourself in.

[lo_fye]

I'm in Canada where we can't even see or share news on Facebook

[smcg]

I'm sorry, what? What happens if you try to share news on Facebook? Does it bury it in the algorithm?

[mwarkentin]

Just gives you an error if you have a link to a “news” site in your post.

> News content can't be shared in Canada In response to Canadian government legislation, news content can't be shared. Learn more (links to https://m.facebook.com/help/2579891418969617/)

https://cbc.radio-canada.ca/en/media-centre/blocking-of-news...

[limagnolia]

Your recourse for Meta bricking your hardware is Small Claims Court, in the US anyway... other countries may have something similar.

[p-t]

no idea about your account but i would suggest getting email + other accounts for all of your acquaintances asap lmao

[deadbabe]

There is nothing to do. Game over.

You must rebuild your contacts via some alternative medium of communication.