How I Finally Recovered My Facebook Account
Two days ago, my personal Facebook account/profile all of sudden, without warning, was deactivated. I have no idea why. Unlike my Linked, Twitter, YouTube, Bluesky, and Mastodon accounts, my Facebook account is personal. I use it only to communicate with family and friends.
I have no idea what happened to it to make it get deactivated. With that said, I post a lot of partisan political posts and maybe someone got mad at one of them (although I had not posted anything particularly upsetting recently that I know of) and reported me. I have no idea. Maybe I was hacked and my account was taken away from me.
I was de-activated for a few hours when I decided to start to recover it. I basically got nowhere with any of the automated recovery methods.
But after a few hours I was sent an email message from Facebook that said something like, “You won your appeal!”, which is weird because I didn’t have a chance to appeal anything and I was never told I had to appeal anything. But it did seem to point to some sort of reported objection that led to my account being deactivated.
While it was deactivated anyone going to my previous Facebook postings, messages, or profile got a message that said “Profile doesn’t exist” or something like that. (All the error messages I’m writing in this article are just summarized approximations because I didn’t save them).
So, my account was now activated. Yea! This occurred before midnight on the first day of my Facebook problems.
I tried to logon, but when I did it automatically prompted me to change my password. Not sure why. But it did give me this message.
Was that because of something a hacker did or was that Facebook detecting my additional tries from my work laptop? I don't know.
I put in my new password…twice. And then I got an error message say, “Error” or something like that. It was a crude, blanket-type error that really didn’t give any information or context. Sort of like a bland 404 error. Refreshes of the page just produced the same error message.
I tried logging on to Facebook from different devices (my work laptop and my phone). No dice. Same weird, blanket error.
I eventually got to Facebook’s Help and Support Center and it put me in “account recovery mode”…where I stayed for the next two days.
It asked me for my password. I’d type that in. Then it would send a recovery code to my email account. I’d type that in to Facebook. Then Facebook would ask me if I wanted to send the next recovery code to my authentication app (e.g., Google Authenticator or Duo). Not sure why I had to type on my password and two separate recovery codes…but it’s their system.
I hadn’t enabled my Facebook account in either MFA option. The only other option was to send a recovery code to my previously registered phone number. Facebook only shows you the last two digits, they matched, and so I told Facebook to send the code there. ?
Now, at this point, I got into a circular recovery mode where I would always take me to the recovery mode console where my choices would only be the authentication app or my phone number (see below).
?
I would always choose my phone number. The first 5 to 10 times, when I told Facebook to send the recovery code to my phone, it would send the recovery code to my phone. I’d type it in, and then I would get some other error that would eventually only take me back to the same recovery console. I would have to wait 3 minutes between being able to send recovery codes. It was a pain.
At some point, after 5 or 10 tries, whenever I told Facebook to send the recovery code to my phone it would say it was doing it, but the recovery code would not appear on my phone. This went on for two days. I wasn’t sure if the phone number Facebook was showing was actually my phone number because it only showed the last two digits. I started to wonder if a hacker had taken over my account and changed my phone number to a new phone number with the same two last digits just to mess with me.
Eventually, I noticed there was an “account recovery” link in the recovery console at the bottom. I clicked on that. ?It asked me to prove my identity by uploading some sort of identity document. I tried my driver’s license and it said it was the wrong number of pixels. After trying to scan or save my driver’s license image to a larger number of pixels and getting super frustrated, I eventually just sent an existing digital copy of my passport. It took it. I felt super uncomfortable sending my passport to Facebook, and felt the same way submitting it the next 10 times as I ended up in this recovery console with nothing working over and over.
They said they would review my identity documents and get back to me within a few days. I’m not sure what that meant because I never got an email or message related to that indicating that it was being reviewed or success or failure.
Somewhere in the process I was offered a chance to send the recovery code to WhatsApp. I have a WhatsApp account, but I had to re-install the app. The code was sent and showed up. Yea! I typed it into the browser recovery console and it then took me back to the screen where it asked if I wanted to use the authentication app or send an SMS code to my phone. Argghh!
At some point, Facebook said I could recover my account by going to Instagram, so I went there, but somehow my Instagram account wasn’t “linked” to my Facebook account, and so that was a dead end.
I checked with friends who checked my profile and nobody was posting malicious messages or bugging my friends with phishing scams. Either it wasn’t hacked or I took away control before they could abuse it. At some point, Facebook asked me if I had requested a password change from a Washington, DC, location. I did not. I clicked No. But I wondered if that location was due to my VPN’s virtual connection origination point as I had tried to recover my Facebook account from my work laptop at some point and that uses a VPN that sometimes makes it look like I’m computing from some strange remote location instead of where I was in Tampa, FL.
But after two days of trying, I could not get back into Facebook. I was stuck in the same endless, fruitful authentication loop that ultimately always ended asking me if I wanted to send to my authentication app or SMS. If you search, there are a million other people complaining about the same problem. I emphasize.
What Did Finally Work
I went to my wife’s laptop, had her go to my Facebook profile using her Facebook account (this is important), click the three little dots (“…”) near my profile picture and choose “Report Profile” (or something like that). That showed a bunch of other options, like that I was a fraudster/scammer, publishing porn, etc.)…none of which applied. We choose Other option at the bottom of the options. It said, “Thanks” as if it reported this action and then listed other additional actions that could be taken (by my wife).
One of those was “Recover This Profile” (or something like that). We choose that. It sent a code to my email. I typed that in. Then it took me to the exact same recovery console that had proven worthless for two days, with the authentication app and SMS choices. I sighed.
But I selected SMS message and lo and behold the recovery code was sent to my phone and actually appeared there. Not sure why dozens of others (sent from my computer and my work computer) didn’t send a code there even though the screen looked identical.
Praise be to God! I typed in the code, it asked me to change the password, and I was in!
It asked me if I submitted identity documentation on Oct. 21st 4:58PM. I’m not sure. I don’t think I had successfully submitted my identity documents the next day. I wanted to know what identity document, my passport or something some random hacker submitted trying to fraudulent recover my account? Facebook didn’t give any details or show any images. I just took a guess and said, “Yes”.
And like that I was back in, completely.
I changed the password again. I enabled the Google Authenticator app (as a second way to logon). And enabled stronger logging and alerting.
I still have no idea what happened. Typically, most victims have been phished out of their Facebook password or reuse a password that has been compromised somewhere else. For sure, neither of those things happened to me. Was I hacked? Was I reported as doing something wrong and deactivated and then reactivated “on appeal?” I don’t know. But I’m guessing it was the latter instead of the former since the hacker potentially had access for days and didn’t appear to do anything. Or did I get my stolen account back very quickly and away from the hacker before they could abuse it…and I was just stuck in some circular authentication hell for no reason. Who knows?
But if you’re stuck in the “I can’t recover my account” mode like I was at the same prompt, this might be a solution that will work for you (or your loved one). Your mileage may vary.
I will say that posting that my Facebook account was possibly hacked…resulted in over 14,000 views within less than a day. That’s among my highest viewed posts in awhile. Who knew? Maybe writing technical cybersecurity articles is not really what I should be doing? I’m working too hard.
In the many dozens of comments on my original post about my Facebook account being hacked/unavailable, were a handful of scammers, saying I needed to click here or there, call here or there, or email this person or that person, to recover my account (see an example below).
They were all scams!! As far as I know there is no legitimate person or service that can recover your Facebook (or Twitter or Instagram) account for you outside of the automated method. It’s all scams!
Ultimately, a legitimate user recovering their own account should not be as hard as it is. I get probably a hundred emails a year from someone asking me to help them recover their account. Many think I’m some sort of uber hacker that can magically just get it back. I’m not. ?If someone could easily hack back into your account on command, Facebook would figure out how they did it and close the hole.
I wish all the major social media vendors had an easier, more guaranteed (SAFE) way to recover a stolen or lost account. I’m not even sure what that process would look like and no doubt it’s really a lot harder than it seems or one of the social media giants would have done it already. Instead, we have tens of thousands of pissed off and sad people who permanently lose access to their beloved social media accounts each month/year. I was almost one of them.
Remember to back your social media content if you really care about it. Your social media account is not yours. You are borrowing it. You could permanently lose access to it at any time.
With that said, I hope this article helps at least a few percent of people who got locked out of their Facebook accounts. I eventually got back in. I got lucky.
Digital ID | Cybersecurity | Payments
1 周The question is - Did you miss it?
My condolences
May I suggest you scan that Google SMS into your Yubikey for making sure you have the scan in two places, and a pin on the Yubikey to access it? Never had a FB, never will.
I'm not a hacker. I'm a cybersecurity enthusiast.
4 周A clear cut case of enshitification. Like many service organizations, there is no help if things go wrong. There is no one to call, emails are ignored. This could have been a story about an ISP, a webhosting platform, Amazon.
Certified Cybersecurity Professional │ CompTIA Security+ │ ISC2 CC │ Google Cybersecurity Professional Certificate │ Safeguarding Digital Environments
4 周Congratulations on Recovering Your Facebook Account! I don’t use Facebook myself, but I have tried to help a few friends recover their accounts after they forgot their passwords or got locked out for various reasons. Unfortunately, my attempts were unsuccessful because they had outdated phone numbers or recovery emails linked to their accounts or for other reasons I can't remember at the moment. It’s an incredibly frustrating experience, and your description of how you managed to recover your account gave me PTSD! ??