Yes, it’s time for another tale from the hacking of my Facebook account. Do you know how the motherfucking hacker got into my account? You will absolutely never guess it.
Do you remember my message boards? They started as fps.com message boards. Then we had a contest to rename them and the name Celestial was chosen. For a while I used the email address firstname.lastname@example.org for logins and communicating with people online. But it wasn’t a really long time. By 2008-2009, I had stopped, but I put that in as an email I’d had that people could search for me on Facebook—back when that’s a way you could find friends. I left it on there with the setting “only me” to keep it private. And since they’d been in my account earlier, thus my change of passwords that night, they’d been able to see the list of current and former email addresses.
I quit renewing that domain years ago, and forgot it existed. Well, this motherfucker decided to resurrect it so that they could make an email address. Not just any email address.
My. old. fucking. email. address.
With my goddamn name on it.
After they set up my old fucking email address, they just submitted a password reset and got the code there. They found a workaround to two factor authentication. They’re probably why the code generator quit working.
A few people I had told about the hack had been kind of placating and some had even talked down to me. This morning I saw an email saying they were sure the PayPal being compromised was just a simple mistake:
Given my 4-decades of doing networks/cyber, I have yet to see Facebook (Meta) hack PayPal accounts to increase their ad revenue. I am also not aware of any Cyber-Crime wave where hackers target PayPal accounts to purchase ads on Facebook (steal your money, yes. Run a Facebook Ad, no.)
Again, with the information I have, I would suspect that a simple mistake was made somewhere. An errant click on something bound to the PayPal account, or some such. Facebook is not above trickery, but not outright theft. Hanlon’s Razor states “never attribute to malice what is adequately explained by stupidity”, and while I don’t think this was an act of stupidity, the most likely and plausible explanation was a mistake.
Admittedly, he wasn’t included in all of the emails about my hacked account, but most of the other folks in the email were. And most had been acting like it was unfortunate but no big deal, so I decided to give them an idea of just how everything happened and when my problem became their problem too. His response was leas condescending, but still a tad clueless:
That was clearly information that I was not privy too. Perhaps the ad buys were just a probe to see if the PP account was valid, before a full scale compromise.
I don’t think this was about HAL’s PayPal or HAL in general. Why would someone hack my account to get at them? Why would they buy a domain name that belonged to me to do this from? It doesn’t make sense to me.