I am writing this to share my awful experience and hopefully get it off my chest, but also I hope this really helps someone else. Especially if you are running a small business facebook page from your personal facebook account.
Please be assured this this security breach relates to my personal account on facebook only and my own personal paypal account. (not linked to paypal payments on my website) My Website is secure, as is my business paypal and so is my instagram. The hack began on Facebook and for that we are all vunerable because Facebook has leaked all of the UK users data and it is in the wrong hands. so if you do nothing else, change your Facebook Password immediately.
Also, if you want to keep in touch with me, please do so via Whatsapp on 07407 104679, my website contact or on instagram messenger. I have lost access to over 600 contacts, so I will no longer be able to send out invites to my special events etc if I don't have your number. So if you normally receive messages from me on messenger, please send me a little message with your name on the above number so I can include you in future VIP events.
I will share my story below, but if you just want to skip to the help part - scroll past for my guide to online safety after my awful nightmare!
So I arrived joyful in to Toronto. We had booked a gorgeous deluxe suite at the OMNI King if you wanted to go (just avoid their wifi). As soon as I arrived I set up their wifi as we all did to catch up on events during our travels. Straight away, I had a notification that someone had changed my facebook password. I had to notify them that this wasn't me. It had my profile picture and all the details, even now when I look at them looked authentic, so I am assuming it was genuine. I said it wasn't me and changed my password. This happened the whole time I was in Toronto (4 days) and I kept changing my password. I had two factor authentication on so I felt pretty safe as I had to enter a code from my phone each time I changed my password.
I then travelled across Canada to Brockville, we were staying with friends and I logged on to their wifi. I might add, that on previous holidays I would have just used my 4G, but was advised it was £6 a day so decided against this for a 3 week holiday! As an aside my £60 bill was still £95 from us trying to call our limo service pick up at the Airport, and that was my only useage!!! (yes I've checked it was right, just everything in Canada is sooo expensive!) After a lovely day out on the boat with no wifi access at all, I came home and checked my phone! I had several messages, all telling me
1) My Facebook password had changed
2) I had lost control of my Darling Diva Skincare and Candles page on Facebook
3) I had been suspended for posting child sexual exploitation - I could appeal, but it is unlikely to be reversed and the facebook account will be disabled permanently in 30 days. (14 days left and counting)
4) Tony my husband had also been removed as Admin from both my business facebook pages. This was a disaster as there was no one else but Tony who could add me back!
They had somehow managed to take my two factor authentication login off my phone and changed it to my email address that they had hacked that I cannot now access!
5) There are various reporting tools you can use, and we have tried them all. Long story short, I'm permanently disabled from Facebook under Tori Bennett. I tried to set up a new account as Tori Yerbury so at least I had a page to reattach my business pages to if I could get anyone to sort it for me at Facebook, but that too received a violation notice and was permanently disabled with no review available. I have no meta business suite access and there is no where you can ring or email. I have sent reports every day on report a problem from Tony's Facebook and my own when possible, but no one ever gets back to me.
6) I also had all my payment details linked to pay for Facebook ads, so I immediately logged on to my bank and stopped my linked bank card. I then logged in to paypal which is how I paid, and they had already set up 5 payees under my paypal account.
7) It took me a while to understand how they were doing it, but what they had done was hacked an old historic talk talk email that I no longer used, but still had it on Facebook from when I first set up my account. Somehow, they managed to hack that email, change recovery details to their own email address, as well as my email and then changed the password. This means I am locked out permanently from this email address, so even if I can get facebook up and running, the hackers will be alerted and can hack me all over again unless I can beat them to it! I spent a whole day talking on chat bots to talk talk to see how I could get a hacked tiscali email address shut down. Apparently the only way is to write to their data proctection officer to ask for this to happen and send your ID with it! I felt very uncomfortable sending my ID off to an unknown person, but again, there is no way of contacting anyone by email or phone, so I checked out the address to be vaild and have sent off my letter, signed for and 4 days on my email is still live and I have heard nothing back from Talk Talk. So check your accounts and email addresses in use before this happens to you. It will be way less stressful than the way I'm doing it!
8) My Messenger for Facebook both personally and for business pages is all disabled, so please don't send any messages to me on messenger as I won't be able to pick them up.
9) We found a way to recover a facebook account by verifying with your passport but this also failed and now facebook has my passport details and they cannot secure any of their data!
10) This isn't the end - I am personally really struggling to accept there is no help coming from Facebook. It feels like I've actually been burgled and I feel so violated, swinging between really upset and really angry. There isn't another company that could offer so little protection and so little help when needed. I loved Facebook, I loved keeping up date with everything my friends were doing, sharing what I was up to with my business and my travels. Watching silly dog videos when I should be sleeping!! It feels like a loss! 15 years of memories and events with people all wiped out! 5 years of building a business on the facebook platform, all gone!!! Every now and then I feel like it will all be ok and get sorted. Two weeks on I am nearing acceptance that Facebook is over for me forever! I also still feel unsafe online, even with a VPN and my changed passwords I want to act like a little old lady and put all my money under a mattress! On that basis I need to get the business pages shut down, change my website and reprint all my business cards! I just don't feel ready to accept that yet, so please bear with me and if things change I will update you immediately.
I just hope my tale of woe helps someone else avoid going through all of this as it has and continues to be devastatingly upsetting for me.
Sending you all lot of love and online safety! (see the steps I took below if you are worried)
Tori
Help Guide
1) FACEBOOK SECURITY SUCKS and their TECHNICAL SUPPORT IS ZERO!!
Last year some time, Facebook was fined £50.5 million for breaching an order imposed by the SMA, they have also received fines on two separate occasions £500,000 for not conforming with data protection rules.
What actually happened was that all of the UK's Facebook users data and the US was leaked! You might have seen it in the news. What this means is that your username and password is out there! The hackers are just waiting for an opportunity. So Firstly - Change your Facebook Password ASAP! Secondly, add two factor authentication also. Double check all emails and numbers are relevant on your account! This is where I fell foul! An old Email was on there from when I first registered with Facebook and they managed to kick me out of that and own that email address too!
2) UNSECURED WIFI
We've all heard about this ,but I have never really paid much attention to this, and assumed if I logged on to a business WIFI, they and my IPHONE would protect me! WRONG! Once you log on to an unsecured WIFI they are in! you need extra protection on your phone to use an unsecured wifi.
3) VPN
I've always heard techy people talk about this and assumed it was for shady characters trying to hide their IP address. It actually protects your IP address from being visible which helps prevent Hacker. VPN - Virtual Private Network - an arrangement whereby a secure, private network is achieved using encription over a public network - typically the internet. You can get all sorts of VPN but beware, not all are legitimate, and could even be hackers trying to get your info! With this in mind, I have downloaded NORD. It was voted best VPN in 2022 and it's well known. It cost me £46.99 for the first year and will be £89.99 thereafter! A bargain for me not to have to go through all this again! You just download the APP, subscribe and wait for the email to get you started and just follow the instructions from there. You can check no one is using your email on the dark web, and it tells you how safe you are online - (100% with the VPN switched on)
4) Google Authenticator
A great way to generate a code that can't be hacked! You can use this for lots of APPS, and NORD will ask you to use it for them to keep you safe. It's a free app and I just keep it next to the NORD App as you will have to flick between the two with limited time before the code updates.
5) IPHONE security
Turns out we can be hacked on an IPHONE! I thought that was the whole point of APPLE? Anyway, you can be hacked on an iphone. What I also didn't know is that there are security recommendations all the time, you just have to know where to look! Might be just me but thought this was worth sharing.
Go to settings
Scroll down to passwords
Look at Security Recommendations - mine had 120!! I've been working all week on this and I still have 81 to go! I asked a couple of friends to look to see if it was just me! They had more than me! So click in to that and it will tell you if you have had any security leaks and will prioritise what to change first. From there you can just work down your list and change your passwords from that section. Some are easy! Some are hard! It depends on the website! If you can't manage to do it, do contact the website and ask them to help you and leave it in your security risk list until you can sort it. Some autofill, some you have to copy and paste. Take the time to do this. It feels like a weight lifted! I worked on the priorities the IPHONE suggested first and then from their I prioritised my own based on what I use the most often and most important - like: banks, investments, online groceries, amazon, netflix, ebay etc
6) ACTION FRAUD
If you have been hacked personally as I have you have to report it to Action Fraud - Don't bother to try and do it on the phone, it's awful! I logged mine online and to be fair, I've heard nothing back, but at least I have a reference number if things do get worse.
Action fraud website is - actionfraud.police.uk
7) Paypal - If you are anything like me, you will have clicked on to adverts of pages/websites you know and like and sometimes made a purchase. That means Facebook holds your paypal account details and bank details. My Paypal account had been hacked and 5 payees had been set up within minutes of me being hacked. I changed my password, and deleted the payees, and deleted the card details immediately and stopped my card. Thank goodness I did this! When I got home, I was still feeling unsafe with this account, so I have deactivated it altogether and set up a new one whilst on my new and secure VPN!
8) Home WIFI
If you are like me, you will have got your wifi set up when it arrived and still kept the same password it arrived with. That means, it is more open to be hacked! So it's a real ball ache but you need to change your home wifi password . Then you will need to add the new password to all your devices, TV, phones, computers etc! Hassle but worth it!
9) Things you wouldn't think of:
reset passwords on home security cameras, RING doorbells etc. Have a think about your safety and walk round your home. Have a look at what is using WIFI? Does it need a new password? Also think about anything you have that you don't have a log on to that could be beneficial to the fraudsters! What about old pensions, life policies etc. Contact them all and update your contact details if necessary (your phone number might have changed etc)
10) BANKS Luckily I could log online securely to my bank and stop my debit card online. If your app doesn't do this, then there is the number you need to call on the back of any debit/credit card for lost and stolen. They are very helpful and when this happened to us once travelling in America. We stopped our cards in New York, and they couriered a new set of cards to us in LAS Vegas upon our arrival.
Even if you haven't had any money stolen, you can still ask the bank to put a flag on your account to make extra checks for suspicious activity and you can ask them to make a note of your conversation to prove you have reported the issues if anything else happens further down the line.