Views: 37

Facebook Page Attacked by Hackers

At the start of August, 2017 I got an auto message from Facebook. It said that one of the Pages on which I am Admin had just had a suspicious login.

Alarm bells but thank goodness for Facebook’s smart system that gets triggered when hackers attack.

But wait!

Facebook let the hackers in and shut me and the Page owner out. Or the hackers had more sophistication than I first thought.

September 11 update
It’s now way more than a month since the Page was hacked and Facebook notified. No response from Facebook and the hackers are still using the Page unhindered and the Page-owner is still locked out.
Facebook hackers unhindered
I submitted a complaint to Better Business Bureau today:


Extreme Wishful Thinking:


27 August UPDATE These hackers are mighty cocky and they are not too busy making money from hacked pages.

Yesterday they decided to show me who’s boss. While I was writing this post, they hacked into my private Facebook Page —not the nun’s Page I am writing about— just to give me the finger and to show me that my impossible password had no power to stop them.

But instead of being a nuisance, they managed to trigger Facebook to act — something I have failed to do for 3 weeks. Facebook noticed an irregular login and they made me go through a lengthy “prove and reset” process before I could get back into my own Page.

In that process, I could see that the hackers had made a couple of Posts and had cheekily friend-ed one of the hackers’ “Admins”. Facebook’s process gave me the chance to delete those hacker actions and it shut down my Ad Account.

Facebook (?) told me that they were looking into these irregularities and reviewing Ad Account charges.


BUT: why/how is it possible for someone (hackers) that Facebook sees should not be in that account/Page to still get in? Facebook knows I am the rightful owner but they do not let me in to my Page, they let the unknown hackers in instead. Facebook made me go through a long process to prove that I am the right one — even though they can see my IP is here in Australia where it has been for many years.

Why didn’t Facebook make the hackers prove who THEY were before they were allowed into my Page?

Even though the hackers triggered a Facebook alarm and checking sequence, they were none-the-less freely able to get into my account/Page from Indonesia without having to prove —first— who the hell they were!

Some Background on the Situation

I and the Page owner have a long history with and are well known to Facebook. Not personally. It’s just that we are both verified owners of Pages and users of Facebook. They know all about us and they know years of our activity on their platform. And in spite of that, the unknown hackers took precedence over us — they got access and we were locked out of the Page.

The Page is for a small Buddhist group in Sri Lanka; it’s a sub Page owned by a Buddhist nun living in Sri Lanka. The Page is a few years old and has over a 1000 Page likes. I run ads on my personal Ad Account to promote their Events and those ads target people living in Colombo, Sri Lanka.

Facebook knows all this in detail.

Another odd thing is that the Page owner was immediately bumped from Messenger and I am unable to even reach her Page any more.

When I search for her in Facebook search, her Page does not show at all. Photos of her do appear in the search and I can see some Posts where she is mentioned on Facebook but I cannot reach her from inside Facebook.

What the Hackers Were Able to Do Inside the Page

Once they got in, the hackers had immediate access to my Ad Account. They increased the spending limit to $1 million US and set about running ads — targeting Indonesia and in the local language.

Facebook allowed this without any alarms being triggered.

They also failed to notice that the Page Admin was changed, the Buddhist Posts and Events were removed, the address, Page purpose and About were all changed from Buddhist to selling Watches — English to Indonesian.

Still no alarms. The hackers were free to operate and still we could not regain access. We changed passwords but it did not stop them, other than to halt their ability to use my Ad Account, as far as I can see.

Hackers Ran up Almost US$500 on My Facebook Ad Account

Facebook allows the hackers direct access to my personal Ad Account from within the hacked Page.

It’s probably no surprise to you when I tell you that the hackers lined up many ads to run without Facebook noticing, limiting or requiring any kind of proof. That was after the hackers had simply (without Facebook requiring any verification from me) raised my spend limit to $1 million without any resistance from Facebook.

boosted post hacked

I sat inside my Ad Account for some time, cancelling each of the hackers’ ads every time they tried to run a new one.

Hacker Admins

hacker facebook admins

I checked the Pages of the Admins that the hackers were using. They are both from Australia and I assumed they had also been hacked so I messaged them to let them know. Neither has replied.

Why Didn’t You Just Ask Facebook to Stop the Hackers?

Yeah, right.

Of course that was the first thing I tried to do while cancelling the ads they were running from inside my Ad Account.

I left messages at the end of every dead-end that Facebook calls “support” on their site. You know the ones. Facebook makes you jump through a series of hoops before they let you ask your question or leave your support request. Then when you’ve done all that, they pop up their boilerplate response that thanks you for writing but also tells you that they do not read what you have left for them. Support!

But then in some miraculous way, they claim they use that (unread) input to improve their “service”. What?

no help in the facebook community

“help community”— no one has read this in 3 weeks. Top-left you can see that I have left a total of 5 Questions over the years and have had 0 Answers

The hackers may have disabled this other notify-Facebook avenue. I tried using Facebook’s hacked-page stream but it requires a selection of the Page in question before you can leave any input. But none of the Pages —where I am Admin— appears in the drop-down so I am unable to proceed. There is no other option.

Look at how different these ads are — in every way. Yet Facebook doesn’t notice or perhaps, care.

What Else Did You Try to Get Action From Facebook?

I have Tweeted @facebook twice but have had no reply. I tried via Better Business Bureau and although Facebook replied to them asking for more information, many days have passed in silence since I gave that extra information.

I tried searching for phone numbers but they list none that come up in a Google search. Facebook goes out of its way to avoid giving any kind of customer service.

I’m a customer because I spend money advertising on Facebook — but Facebook gives me no protection from hackers that are able to penetrate their level of security (a level of security that I have to rely on). Hackers are free to roam and pillage Facebook’s customers without Facebook seeming to care at all.

Many Weeks Have Passed. The Hackers Continue to Use the Page. Facebook Still Has Not Noticed.

I guess the hackers have accessed someone else’s Ad Account because they are still using this stolen Page today.

hackers using stolen facebook page

How Do I Get Customer Service From Facebook?

I am so desperate that I have just commenced trying to advertise on Facebook to ask anyone who works at Facebook to contact me to get the Page back for the nun who is the Page owner. So far, they won’t run the ads!

And they closed down my Ad Account on 27 August so there is no way I can run any ads for this cause.

Please share this post.

facebook hacker posts

28 August hacked Posts on the Page