Yes, it’s time for another tale from the hacking of my Facebook account. Do you know how the motherfucking hacker got into my account? You will absolutely never guess it.
Do you remember my message boards? They started as fps.com message boards. Then we had a contest to rename them and the name Celestial was chosen. For a while I used the email address firstname.lastname@example.org for logins and communicating with people online. But it wasn’t a really long time. By 2008-2009, I had stopped, but I put that in as an email I’d had that people could search for me on Facebook—back when that’s a way you could find friends. I left it on there with the setting “only me” to keep it private. And since they’d been in my account earlier, thus my change of passwords that night, they’d been able to see the list of current and former email addresses.
I quit renewing that domain years ago, and forgot it existed. Well, this motherfucker decided to resurrect it so that they could make an email address. Not just any email address.
My. old. fucking. email. address.
With my goddamn name on it.
After they set up my old fucking email address, they just submitted a password reset and got the code there. They found a workaround to two factor authentication. They’re probably why the code generator quit working.
A few people I had told about the hack had been kind of placating and some had even talked down to me. This morning I saw an email saying they were sure the PayPal being compromised was just a simple mistake:
Given my 4-decades of doing networks/cyber, I have yet to see Facebook (Meta) hack PayPal accounts to increase their ad revenue. I am also not aware of any Cyber-Crime wave where hackers target PayPal accounts to purchase ads on Facebook (steal your money, yes. Run a Facebook Ad, no.)
Again, with the information I have, I would suspect that a simple mistake was made somewhere. An errant click on something bound to the PayPal account, or some such. Facebook is not above trickery, but not outright theft. Hanlon’s Razor states “never attribute to malice what is adequately explained by stupidity”, and while I don’t think this was an act of stupidity, the most likely and plausible explanation was a mistake.
Admittedly, he wasn’t included in all of the emails about my hacked account, but most of the other folks in the email were. And most had been acting like it was unfortunate but no big deal, so I decided to give them an idea of just how everything happened and when my problem became their problem too. His response was leas condescending, but still a tad clueless:
That was clearly information that I was not privy too. Perhaps the ad buys were just a probe to see if the PP account was valid, before a full scale compromise.
I don’t think this was about HAL’s PayPal or HAL in general. Why would someone hack my account to get at them? Why would they buy a domain name that belonged to me to do this from? It doesn’t make sense to me.
So you know how my Facebook was hacked over the weekend? I might have mentioned it in the last blog post about my shitty week. Basically, someone hacked into my account while I was sleeping on Saturday night/Sunday morning, changed the password, took one of my emails off the account, added some of their accounts to the Huntsville Art League business/ad account, and did enough to get my account disabled & put on a thirty day countdown for permanent deletion. I’m having it reviewed by Facebook but there’s little to no hope of recovering it.
Well, today it got worse.
When I realized what went down Sunday, I messaged two HAL members to let them know that the organization’s Facebook was compromised. The guy in charge of the page kept telling me that he didn’t see any of what Facebook had emailed to tell me happened. I couldn’t check because my account is disabled, so I had to take his word for it.
Today, I got notifications for Facebook ads that were being paid for via HAL’s PayPal. The treasurer got notifications from PayPal. The same two guys I’d told focused on changing passwords, but I told them they had to cancel/pull the merchant agreement to cut off the money. They told me again that they’d changed the passwords so it should be fine, but the treasurer listened and pulled the agreement. Now, HAL should be safe, but it looks like they’ve started charging a former President of HAL. I’ve contacted her on Instagram and I hope she can pull hers too.
I don’t think they can access my bank/credit cards because I had terminated my agreements a long time ago. But if they do, I’ll file a dispute at the bank and update the FTC and IC3 complaints.
I still don’t know how any of this could have happened.
The weekends this year are starting to remind me of the winter of 1996. We’ve had two winter storms so far and we’re only fifteen days in. In 1996, we seemed to have a winter storm every single week in January and a couple into February.
Of course memories of that year are pretty vivid since it was also the winter when so many relatives died and the year when both of my grandfathers died. It’s also the year when my OCD got kicked into high gear. Basically, it wasn’t the best of times for me & my family.
I love snow, except for how it seems to isolate me from my friends and, now, Chris. It gives me no way to get out and deal with my anxiety, which isn’t great. At least when we were on lockdown, I could be in my car and drive around a little. Or I could go up to Lowe Mill and work a little, but I can’t do that even on the clearest day since that studio is no longer being rented by HAL. (I need a safe place to do art.)
I hope the snow won’t keep us stuck inside for long.
So it’s been a while since I’ve blogged. I haven’t added my old posts back yet, but I do plan to do that. I guess I should mention what’s been going on in my life.
I am an exhibiting artist at Huntsville Art League, and have been since last year. For a while I was the Education VP there, but now I’m the President. I was also teaching there and at Michael’s, but then a little thing called COVID interrupted that.
I have published two books of poetry—The Dark Lady and Ambition. I have sold precisely two copies of those books, which was honestly more than I expected to sell. Publishing them also led to my creation of my Goodreads Author page.
I finally had to get another iron infusion last week. My hematologist had told me last year that this would definitely be the year for it, and he was right. My ferritin had been steadily dropping since 2013—when I had my last infusion. This year it actually slowed down on that descent and only got to 21, but my iron saturation went from 35% to 16.7% and my platelets had already started going up. With my risk of clots, that last part was a bit more concerning. So I got an INFeD infusion to help get that under control.
Oh, and I have the most amazing boyfriend ever. His name is Chris. He’s my age and has a 13-year-old son. Chris is funny, sweet, smart, and I am so in love with him. We have been together since May 17, 2020. We didn’t meet in person until September 2020 though because of COVID. I met his son in May 2021.
He and I are actually going on our first trip together this weekend. We’ll be going to California for his best friend’s wedding. I haven’t been on a plane since 1999 and I’m a tad nervous, but I’m sure he’ll find a way to calm me or get my mind off of the anxiety.