Meta's security team seemingly does not care. My mom had her long-time Facebook account taken over during the summer. It was a credentials stuffing attack (she's now using a password manager with random passwords), and the bad actor immediately put on 2fa TOTP and signed up for some advanced security so the account couldn't be recovered without the 2fa.
We spent weeks trying to recover the account, but recovery codes weren't being sent through to her email or phone, the email and phone that has been on the account for 10+ years. The bad actor started making posts that she had cars to sell and to message her if they wanted to buy (also claiming that her sister was sick and she needed the money which is why she was selling the cars, completely untrue) Tens of her friends including her son reported the account as taken over and the posts as fraudulent. All responses from Facebook saying there was no indication of anything violating the guidelines, which is insane because all this behavior taken together screams account takeover.
Eventually, I reached out to a friend who worked at Meta who filed an internal report and we were hopeful that might actually fix it, but nothing ever came of it and when I reached out to the friend a month later he said the report was closed and he couldn't see any more details (for security reasons). If my mom meeting me in person, and me reaching out to my former teammate on a live phone call and proving my identity, and that teammate filing a report with the security team can't get it fixed, what can?
At this point, we think the original account is still up (we can't see, since the bad actor has blocked the entire family) and every new account she makes gets deleted for being a sockpuppet / ban evader.
She's devastated that someone ruined her online life like this, and that she was in Facebook groups for her career that she no longer has access to, she can no longer keep up with her friends and family. So many local businesses post their events and updates on Facebook and she has no ability to see these anymore.
We don't know what to do next. I'm so thoroughly disappointed with how Meta handled the situation. It's clearly an account takeover if someone looked at the account and the indicators. I think our next step is to write a letter to Meta legal alleging gross neglect after being presented with evidence of identity theft. Maybe that finally would get someone's attention. I'm nearly to the point where I would potentially spend thousands of dollars of my own money for a lawyer just to prove a point.
We spent weeks trying to recover the account, but recovery codes weren't being sent through to her email or phone, the email and phone that has been on the account for 10+ years. The bad actor started making posts that she had cars to sell and to message her if they wanted to buy (also claiming that her sister was sick and she needed the money which is why she was selling the cars, completely untrue) Tens of her friends including her son reported the account as taken over and the posts as fraudulent. All responses from Facebook saying there was no indication of anything violating the guidelines, which is insane because all this behavior taken together screams account takeover.
Eventually, I reached out to a friend who worked at Meta who filed an internal report and we were hopeful that might actually fix it, but nothing ever came of it and when I reached out to the friend a month later he said the report was closed and he couldn't see any more details (for security reasons). If my mom meeting me in person, and me reaching out to my former teammate on a live phone call and proving my identity, and that teammate filing a report with the security team can't get it fixed, what can?
At this point, we think the original account is still up (we can't see, since the bad actor has blocked the entire family) and every new account she makes gets deleted for being a sockpuppet / ban evader.
She's devastated that someone ruined her online life like this, and that she was in Facebook groups for her career that she no longer has access to, she can no longer keep up with her friends and family. So many local businesses post their events and updates on Facebook and she has no ability to see these anymore.
We don't know what to do next. I'm so thoroughly disappointed with how Meta handled the situation. It's clearly an account takeover if someone looked at the account and the indicators. I think our next step is to write a letter to Meta legal alleging gross neglect after being presented with evidence of identity theft. Maybe that finally would get someone's attention. I'm nearly to the point where I would potentially spend thousands of dollars of my own money for a lawyer just to prove a point.