[Updated – Good News!] Sad News and New Facebook Page

Some sad news. Last night, around 9 pm 30/08/21, the Facebook account connected with Hello Angkor was hacked. The hacker was able to change the login info and security details leaving no ability to recover the account. Having tried all means with Facebook to reinstate access I have to now accept the page is lost along with all the effort and the wonderful and kind people that followed the page.

It is a bit soul-crushing as sharing all those quirky ancient sites, unusual facts, and slowly watching the following grow was a lot of effort, and it’s gone. All that can be done is to take the lesson and start again, so a new page is born which can be followed here. (update: here)

Why?

That is the puzzling part. There is no commercial activity here, it’s not like there is a battle for riches going on, actually, it’s just a labor of love that has costs in terms of money, time, and effort that only the true of heart could bear. So, why bother hacking the FB page and related account? I can make baseless assumptions that I’d triggered somebody, somehow, but just as likely is that it was just a bored hacker doing what they do. SO, without that knowledge and never likely to ever knowing, all one can do is go on, with greater caution and perhaps broadened ambition.

Lessons learned

Responsibility rests with me as there were several things I hadn’t paid attention to. I have no interest in creating a personality cult and used a dummy Facebook personal account to set up the page where the focus was on the temples alone. The problem was, I never took that personal account seriously and never set up the necessary security options. Once the hacker had control over the personal account, they had control over the page.

By visiting Facebook from a PC that was previously logged into the account I was able to provide FB with an old password and notify that it was hacked and in turn, they automatically disabled the personal account but that isn’t enough for them to return access. While the FB Hello Angkor page is still visible, it sits online as a zombie page without an admin. It also means all the page shares and content from that personal account are also lost.

Takeaways for the next FB account and maybe check yours are

  • enable 2FA
  • register a phone number with the account
  • register an alternate email
  • add several admins to pages/groups as redundancy in case of personal accounts being lost
  • follow the official suggestions here https://web.facebook.com../

UPDATE
Good news, the account and page have been recovered and the original FB page is back! I think I am very fortunate as most are unable to recover their accounts after this type of attack.

It is quite strange how FB handles these types of issues and I must bear responsibility too for not setting up the account correctly. I never realised this before, there is no way to actually contact Facebook! Kinda amazing to think that it’s possible to make so much money and have no consumer front at all.

All I could do was keep trying the login screen which would always end in the same place saying sorry we cannot identify you. After trying on PC and mobile over two days, for some reason, the mobile flashed an option for submitting a passport! A day later I had an alternate email setup and a recovery link that gave access to the account, but, the hacker had enabled 2FA and FB had not removed it! I was still blocked out.

The hacker is quite sneaky, once they are in, they remove all email addresses and replace them with their own and enable 2FA which will get sent to their email and phone.

There was no way for me to get the 2FA code after hours of scouring the net all I found were plenty of complaints regarding the same style of hack without a way forward. Apparently, it’s a very common issue with most people never recovering their accounts.

However, searching some more, I did find an obscure and unlinked FB page about login problems that had a form to submit a request to help. The standard security and login help pages don’t have this page linked at all. Sometime after that, I received an email with a link and code to reset the account but I do not know if it was related to that form submission. Sadly the code was eight digits long and the code required was six digits! WTF?? There was a link to resend the code on that page and tapping that a six-digit code arrived by email, and access was granted. Pure luck.

Hello Angkor