I want to share my story with you about losing my entire Facebook presence/ecosystem.
Facebook removed my Facebook Page, Blog Comments, and Personal Profile because I was hacked.
On June 4, 2022, I decided to create a Facebook ad campaign for my first coloring book that consisted of two simple videos. Except for when it launched in 2017, I never marketed my coloring book and I thought now would be a good time to start.
Right before I was going to launch the ad campaign, on June 10, a hacker got into my Facebook ads account. The hacker’s activity set off the artificial intelligence to put my account into a 30-day review for violation of communities standards. After the 30 days were up, Facebook disabled my account rather than reenabling it.
This means that I lost:
1. My Facebook Page with over 12,000 followers
2. All Blog Comments on The Art of Healing Trauma Blog – Thousands
3. Friends / Personal Profile
4. Thousands of Messages – Business messages to colleagues and personal messages.
I ran and maintained the Facebook page, The Art of Healing Trauma, since approximately 2012 so that represents 10 years of selecting quality content and also answering lots of comments.
Thousands of Blog Comments
Unfortunately, when I set up my blog, I didn’t know any better and I just used the Facebook Comments Plugin for the comments. I had no idea that this meant that someday I could lose thousands of quality comments that significantly add to the value of my blog. I answered every single comment on my blog for 10 years. Because the Facebook Comments module was so horrible – costing me hours and hours of work over the years as well as money hiring IT people and buying plugins to try to deal with it – I thought it could just suddenly fail one day so I copied my blog comments on June 19, 2018. At that time, I had 241 pages worth of comments in Calibri 12-point font. So, 241 pages plus the last four years of comments were destroyed by Facebook.
Friends / Personal Profile
I also lost all the friends that I made in the trauma healing community as well as all my other friends. And all my saved posts (many of which were for research for my blog and books), groups, activity logs, etc.
Thousands of Messages
I lost a lot of important messages from trauma therapists and colleagues that were in my business Page.
Destructive of Valuable Content and a Massive Amount of Work
I invested a lot of time into all of this. And all the valuable information – the content lost – is massive. The messages I got through my Page from therapists, colleagues, people around the world asking for assistance or just giving thanks. There are people who translated my articles into other languages and I’ll never know who they were now. So much data has been lost, and such a huge support network as well.
How it Happened
When I was setting up my ad, I didn’t do anything unusual that would have allowed a hacker to gain entry to my account. I did everything in the normal and expected way for setting up an ad. I didn’t answer any strange messages or click on any strange links. Others who have gone through this experience sometimes did things like answer messages from questionable people or click on links. In my case, the hacker gained entry without anything unusual happening on my end.
Immediately after the hacker gained access, Facebook put my account into 30-day review for violation of community standards. The only thing I personally had done to “violate community standards” is, right before this happened, I sent two silly sex jokes, via Facebook Messenger, to a friend. My friend liked them so there was no harm done there. A year ago, I posted some things on my personal profile that “violated community standards,” but to me were reasonable and legitimate opinions, but I had not posted anything with that designation recently. Few people saw those and I never got in any trouble for them at the time. I was not a prolific poster on my personal Facebook profile (whereas on my Page sometimes I posted 3 times a day). (I planned to go back and delete those posts from a year ago if my account was restored after the 30 days just to be safe but my account was never restored.)
From June 10-15, the hackers ran their ads through my account and charged my credit card for a total of 12 transactions totaling $438.
06/10/22
$50.00
06/11/22
$9.00
06/11/22
$9.00
06/11/22
$15.00
06/11/22
$21.00
06/11/22
$62.00
06/11/22
$62.00
06/14/22
$15.00
06/14/22
$21.00
06/14/22
$50.00
06/14/22
$62.00
06/15/22
$62.00
$438.00
I immediately canceled my card and got the charges refunded.
The hackers continued unabated using other people’s cards. Something that caused extreme stress beyond all the stress of having my card charged was that after I canceled that credit card the hackers kept running their ads using my account and charging other people’s credit cards. I would get all these emails saying that they charged $20, $50, etc. transactions for some ad campaign onto someone else’s card.
Facebook was 100% Inaccessible
The worst part of it was there was absolutely no way to contact Facebook to get it to stop. Because my account was in review, I couldn’t use any Help or Support interfaces on Facebook. I searched articles upon articles for a few entire days and there was literally no way to get help or to contact Facebook to get them to stop the hacker from charging people’s credit cards. They also make it impossible to use a friend’s account to tell FB about problems with your account as the Help section just tells your friend to tell you to do something, but you can’t when your account is in review. So the hacker’s ad charges just kept going on and on, the same thing every day.
Emailed Facebook
I finally found an article listing some email addresses for employees of Facebook and I emailed every single one of them asking them to get the IT department to stop the hacker from constantly charging people’s cards every day through my ads account.
I sent the email to:
platformcs@support.facebook.com
CCox@fb.com
auchil@fb.com
SSandberg@fb.com
(These email addresses didn’t work: abuse@facebook.com, support@fb.com)
Apparently at least one of these emails went through because the hacker activity stopped.
The email I sent is at the end of the article.
Some Examples of the Countless Others who were Hacked and Lost their Pages, Profiles, etc.:
There are stories all over the place of people with followings who have lost access to their pages due to hackers.
Mashable – Facebook scammers are hacking accounts and running ads with stolen money
Facebook account hacked? Business Manager hacked? Here’s how to get help
In the above article, Mari Smith mentions that a social influencer “Adryenn Ashley had a big hacking experience. The bad actors took control of a large number of Facebook Pages she administers, including her own blue-check verified public figure Page, which she has still been unable to regain control of, despite following all the steps and speaking with her Facebook reps.”
Mari Smith also mentions, “I emailed my subscribers to get a sense of how commonplace hacked Facebook Accounts and Business Managers are. I was amazed to receive dozens upon dozens of replies all with very similar stories.”
FACEBOOK DISABLED MY ACCOUNT AFTER I WAS HACKED – NOW WHAT??
Clearly Unfair
I assumed my account would be reinstated after 30 days but instead, it was disabled.
This is unfair – hacking is something that’s completely beyond our control and something that we didn’t cause.
So Many Loops
When my account was first disabled, I immediately requested a review. Then I noticed that the message on my profile when I tried to log in said I still need to request a review. But there was never any way to do that. Almost every day of the 30 days I tried to request a review in some way but they were always unending loops. So, towards the end of the 30 days, when I would go to sign out of my account (thinking I might make another one to see if I could solve it from another account somehow) it would say that my account will be disabled unless I request a review (even though I already requested a review). But then when I would try to go into my account it would say my review is already requested. If I tried to request the review again from the Help Page for that, it would go straight to an error page. There were MANY unending loops because every single solution requires your account be active, which makes no sense because you’re trying to get a solution for an account that is disabled. (????)
Recourse?
If anybody knows any recourse, please let me know!
I thought maybe I could send an appeal to The Oversight Board but that seems to have the same neverending loops as you need to access your disabled account to request an appeal for a disabled account that you can’t access.
***
Here is the Email I Sent to Facebook:
Hi,
My ads account has been hacked and is currently being used to run ads by hackers.
Every day I receive emails informing me of the charges that are being incurred on other people’s credit cards through my ads account.
Please get somebody in IT to get to the bottom of this and stop the hackers.
Details of the case:
I have over 12K followers on my business page The Art of Healing Trauma and have ad campaigns planned that 100% comply with all rules and policies of Facebook ads. Before I could even test a couple ads out, my Ad Account was hacked. The hackers removed me as a user from “Trauma Blog” pixel and proceeded to charge my credit card on file for about 10 ads, and then a second credit card (not mine) for another 8 or so (then two additional credit cards that don’t belong to me for ads today June 13).
Then my personal account was deactivated for a 30 day review (I read that this happens at the same time sometimes because the hacker’s activities set off the AI that detects these things).
Could you please have somebody in IT investigate and remove the pixel and ads belonging to “Trauma Blog,” remove Trauma Blog and remove that user? Probably they should delete all users, pixels and ads in the ads account associated with my business page The Art of Healing Trauma. Make sure to figure out how the hacker is getting into my account and stop them from accessing it. Then reinstate my Facebook account so I can manage everything. When I can manage everything I can make sure everything remains secure.
Because I cannot access my account, I can’t remove the users who don’t belong there, nor can I remove the fraudulent ads. I also can’t report anything to you via any of your contact forms. I also can’t manage my pixels because they are managed through The Facebook Plugin for WordPress which requires you to log into your Facebook account to manage the pixel.
There have been a lot of attempts to log into my account using the email heidi@heidimariahanson.com. This is not my email. It is an old email I had years ago. The hackers bought that domain (today actually), are hosting it on amazon AWS, and created that email with it. Please make sure nobody is logging in to any account in Facebook using the email address heidi@heidimariahanson.com.
Additional notes:
When I was setting up my ads I was asked if I needed help so I replied to the Support person via Messenger with one question about how to get the pixel set up on my WordPress website. When they replied via email this was included:
Your FBE Seller Support Inquiry | Job: XXXXXX Facebook Marketplace Team <case++aazqlkzdiw2joc@support.facebook.com>
Tue, Jun 7, 9:52 PM
They mentioned that I was no longer the user for “Trauma Blog” – I was not using that pixel for ads but I should be the only user for all pixels under my account. [Note: Facebook should have some kind of alert whenever a Page with one owner suddenly has that one owner kicked off their own ads campaigns so FB can go in and remove the hacker but apparently they don’t.]
“A. Pixel: XXXXXXXXXXXXX
– You do not have a role on this Pixel.
B. Pixel: XXXXXXXXXXXXX(*Trauma Blog Pixel*)
– The Pixel is owned by Business Manager: The Art of Healing Trauma
– You do not have a role on the Pixel via the Business Manager”
I set up two ads under “Trauma Blog ONLY” but I never launched them as I was still working on them.
Then I got an email from you saying there was unusual activity in my ad account and I need to verify payment info. Of course I couldn’t as my account is inaccessible.
These are the fraudulent charges and ads:
REFERENCE NUMBER XXXXXX 50.00
Jun 11, 2022 FACEBK XXXXXX -$9.00
Jun 11, 2022 FACEBK XXXXXX $15.00
Jun 11, 2022 FACEBK XXXXXX $21.00
Jun 11, 2022 FACEBK XXXXXX $62.00
Jun 10, 2022 FACEBK XXXXXX $62.00
Jun 10, 2022 FACEBK XXXXXX $9.00
EMAIL MESSAGE:
Date range Jun 9, 2022, 12:00 AM – Jun 9, 2022, 11:59 PM
Product type Facebook ads
Billing reason A manual payment was made on this account.
Payment method Visa · 2910
REFERENCE NUMBER XXXXXX
S71 Smart – genuine product – Copy $2.58
S71 Smart – genuine product $2.00
S71 Smart – genuine product – Copy $2.11
S71 Smart – genuine product – Copy $2.31
Campaign total $9.00
ALSO
REFERENCE NUMBER XXXXXX 62.00
REFERENCE NUMBER XXXXXX 62.00
REFERENCE NUMBER XXXXXX 21.00
REFERENCE NUMBER XXXXXX 15.00
THIS IS NOT MY CARD I DON’T KNOW WHOSE CARD THIS IS:
EMAIL MESSAGE:
Date range Jun 10, 2022, 12:00 AM – Jun 11, 2022, 10:30 AM
Product type Facebook ads
Billing reason A manual payment was made on this account.
Payment method MasterCard · 0840
REFERENCE NUMBER XXXXXX
S71 Smart – genuine product – Copy 691 Impressions $2.21
S71 Smart – genuine product – Copy 391 Impressions $1.11
PH44 Smart – genuine product – Copy 11,901 Impressions $20.24
PH44 Smart – genuine product – Copy 12,525 Impressions $19.74
PH44 Smart – genuine product 12,740 Impressions $20.63
PH44 Smart – genuine product – Copy 11,809 Impressions $20.31
S71 Smart – genuine product 136 Impressions $0.36
S71 Smart – genuine product – Copy 151 Impressions $0.40
Campaign total $85.00.
Here are two of the ads
New Messages Ad (NOTE: THESE ARE NOT MY ADS):
Non-electric multi-function water sprayer Special offer only #2,999php get 1 full set of accessories —————————————— Advantages & Utilities of T400 water sprayer: 3 hours of continuous use – only 1 hour of charging Portable: Compact, easy to wash the car anywhere there is water, the car is always as clean as new. Watering plants, watering mist on the head. Clean your house, balcony, terrace or anywhere without connecting pipes, wires… Increase outlet pressure, spray far from #30m 2 spray modes: long spray and wide spray – suitable for many jobs. Brushless motor, pure copper wire, piston pump structure, stable electricity, long product life, stable performance. —————————————— Specifications: – Brand: SanKi – Battery voltage: 24V – Power: 200W – Water pressure: 30bar – Spray capacity: 06 liters/minute – Speed: 1200 rpm – Pipe length: 5m – Maximum distance: 30m – Continuous use time: 180 minutes of continuous use. (Customers using 20-30 minutes SHOULD leave the machine idle to protect the engine) – Charging time: 01 hour – Weight: 2.3kg – Dimensions: 35 * 25 * 12cm ———————————————- Customer care policy: Made in Japan Warranty: 1 year, 1 to 1 exchange in 7 days Free delivery nationwide
New Messages Ad
???? ?? ??% Ip13 pro max price only 8999php Ram 6Gb 256Gb memory 6.7 inch fullhd screen A15 Bionic chip Face ID unlock 1 nano sim + 1 esim 24 + 48mp camera 5000mah battery ——————————– Only 10 promotional slots left Buy it today! Cash on delivery Return in 7 days Commit 100% goods as shown
And today, June 13 we have:
Note – these credit cards do not belong to me.
Meta for Business <advertise-noreply@support.facebook.com> Unsubscribe
3:07 PM (2 hours ago)
Receipt for:
Facebook Ad Account for Trauma Blog
Transaction ID: XXXXXX
Payment summary
Amount billed
$116.03 USD
Date range Jun 11, 2022, 12:00 AM – Jun 13, 2022, 9:00 AM
Product type Facebook ads
Billing reason A manual payment was made on this account.
Payment method Visa · 1066
REFERENCE NUMBER XXXXXX
You’ll receive your next bill when your ad costs reach $125.00 or on your monthly bill date, whichever comes first.
Campaign Results Amount
PH44 Smart – genuine product – Copy 39,824 Impressions $33.74
PH44 Smart – genuine product – Copy 41,144 Impressions $33.67
PH44 Smart – genuine product – Copy 36,403 Impressions $33.83
PH44 Smart – genuine product 17,143 Impressions $14.79
Campaign total $116.03
Total $116.03
Meta for Business <advertise-noreply@support.facebook.com>
4:00 PM (1 hour ago)
Receipt for: Facebook Ad Account for Trauma Blog
Transaction ID: XXXXXXX
Payment summary Amount billed $20.00 USD
Date range Jun 10, 2022, 12:00 AM – Jun 13, 2022, 9:00 AM
Product type Facebook ads
Billing reason A manual payment was made on this account.
Payment method Visa · 7410
REFERENCE NUMBER XXXXXXX
You’ll receive your next bill when your ad costs reach $125.00 or on your monthly bill date, whichever comes first.
Campaign Results Amount
PH44 Smart – genuine product 23,177 Impressions
$19.43 PH44 Smart – genuine product – Copy 13 Impressions
$0.04 PH44 Smart – genuine product – Copy 27 Impressions
$0.08 S71 Smart – genuine product 1 Impression
$0.01 S71 Smart – genuine product – Copy 23 Impressions
$0.06 S71 Smart – genuine product – Copy 103 Impressions
$0.31 PH44 Smart – genuine product – Copy 54 Impressions
$0.07 Campaign total $20.00
Total $20.00
And regarding the email that they are attempting to use:
WHOIS search results
Domain Name: HEIDIMARIAHANSON.COM
Registry Domain ID: 2703408957_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.registrar.amazon.com
Registrar URL: http://registrar.amazon.com
Updated Date: 2022-06-13T03:48:00Z
Creation Date: 2022-06-13T02:30:10Z
Registry Expiry Date: 2023-06-13T02:30:10Z
Registrar: Amazon Registrar, Inc.
Registrar IANA ID: 468
Registrar Abuse Contact Email: abuse@amazonaws.com
Registrar Abuse Contact Phone: +1.2067406200
Domain Status: ok https://icann.org/epp#ok
Name Server: DEREK.NS.CLOUDFLARE.COM
Name Server: LUCIANE.NS.CLOUDFLARE.COM
DNSSEC: unsigned
The SPF record is v=spf1 include:spf.hanami.run ~all
Please stop the hackers from sending ads through my ads account.
Thank you for your prompt attention to this matter.
—
Kind regards,
Heidi Hanson
The Art of Healing Trauma Blog
— end of email to Facebook —
Please Join Me on Telegram!
I will be posting content – art, quotes, memes, article excerpts, etc. – on my Telegram Channel “The Art of Healing Trauma.”. Here is the Invite Link – you are invited to join: https://t.me/theartofhealingtrauma
Thank..