When I saw the notifications, my heart instantly started to race.
First was an email informing me of my Facebook recovery code as the security had received a notification for my password to be reset. The one above it told me that my password had successfully been reset from a Galaxy device in New York City. I own an iPhone and live in Toronto.
My hands started to sweat as I began to prematurely mourn the decade of memories and friendships contained within my profile.
The panic started to set in as the email above it told me my trusted contacts had been added (a new security feature on Facebook that allows you to designate four friends for account retrieval should you get logged out). The one above it asked if I had logged into my account from somewhere new. Finally, the newest notification told me that someone may have accessed my account – not that they needed to tell me that at that point, obviously.
Luckily, I was able to follow the emailed links that said it wasn’t me and reinstate my Facebook account. I deleted the four users the hacker had added as trusted “friends” should he get locked out of the account and ignored his attempts to add me as a friend (sick, right?) and blocked him. Obviously, I changed my password, but also the email address associated with the account. I added the second-factor authentication feature. With this, if suspicious activity is detected in your account, you’ll receive a text with a code to access your account.
But the hacker wasn’t finished.
I went upstairs to retrieve my charging phone only to realize that I couldn’t get into Instagram. When I tried, I was advised that I would get an email instructing me on how to reset my password. The only problem was that – from what I could tell from the visible digits of the email address – it wasn’t mine. Panic immediately set in as I ran to my desktop to search my name. My account was there, but the photo has been replaced to a black and white shot of a man (the same guy who tried to add me on Facebook, presumably from his phone in New York City) and a new name in Arabic writing.
Then, one by one, my photos began to disappear, erasing my curated documentation of what had been an epic summer.
I frantically searched for a help centre to call for Instagram support. Guess what? There isn’t one. The “support” page on your Instagram profile basically takes you in circles in a situation like mine. THERE IS LITERALLY NOTHING YOU CAN DO.
A friend of mine who works for Facebook (the social media company owns Instagram) tried to pull a few strings, but couldn’t get in contact with anyone. I searched my user name again on my desktop. It was gone.
A friend told me she was still able to see the account by searching her contacts under my name, although the user name had changed (hence the reason I couldn’t search myself).
I will admit, my absentmindedness didn’t help the situation. I could have sworn my Gmail account was associated with my Instagram (where I would have received a notification that my email was changed), but it was actually linked to another. Relief swept over me when I found an email informing me that my email address associated with my account has been changed (which displayed the hacker’s email address), instructing me to revert this change if I hadn’t made it.
Shaking, after a few minutes, I was finally able to reset my password under the new user name he had created and re-access my account. Luckily, in that amount of time, the hacker was only able to delete about a month’s worth of posts. I promptly changed my security settings to add the two-factor authentication the way I did with my Facebook account. The hacking was over; I had won. I had especially won after I re-added all of my precious summer memories to the account. Minus some likes and comments, it looked the way it did before, but with a new profile picture.
It’s a good thing I re-added them, because I would still be waiting to hear from Instagram regarding my request (albeit via a message on their Facebook page when nothing else worked) to restore my account. Can you imagine if he had wiped out all of my photos? Or deleted all of my followers? I am not sure I would ever get my account back. While this may seem trite to some, the reality is that some social media influencers (nit myself) earn their livelihood through Instagram posts. No followers means no dollars and a ruined career.
In a conversation with people after, I learned a few things. Another guy who had his Facebook account hacked into (and jumped through every hoop imaginable to get it back, even walking into the Toronto Facebook office himself) had learned that the hackers had accessed his account through a now invalid email address that he had used to sign up for his account – a Hotmail email address. My account was also linked to a now dormant Hotmail address. Lucky for me, I followed my Facebook pop-up’s advice to add my Gmail account to my Facebook profile a few months back (where the notifications of the hacking were sent), but I had still been logging in with my Hotmail address as my user name.
So, what did I learn?
1) If your Facebook account username is linked to an inactive email address, change this now.
2) Never forget which email account you signed up for Instagram with.
3) Turn on two-factor authentication on both accounts now.
4) There is no live customer support at Instagram or Facebook; you’re on your own.