How the Spirit Science Page was Hacked (Again and Again)

What a surprise to wake up this morning to find the Spirit Science Facebook hacked, and stolen again.

If you’ve been following the Spirit Science Facebook page at all, you will have noticed that us getting hacked is not anything new, in fact it seems to happen at least on a monthly basis.

From behind the scenes of Spirit Science I can tell you that especially lately there has been an increasing number of attempts. The hackers clearly have a foolproof method for changing my password, it happens on a daily basis, and up until recently it was the Facebook “Code Generator” that has been keeping them at bay. I can say that in some of the past attempts, Code Generator was not turned on, which resulted in the hack. This time, however, it WAS on, so they had to find another method.

This feature (Code Gen) requires a security code that is texted to my phone input into the text field in order to gain access to the account, even if you have the correct username and password, which they do when they hack the system in order to change it.

This morning I woke up to see about 8 different “Here’s your Code!” texts on my phone, which apparently spanned throughout the night as the hackers attempted to gain access to my account… I wasn’t sure about how they still got through this… but then it all clicked.

As I looked through my emails, I see email after email of attempted trickery by hackers submitting fake copies of my ID, and repeatedly telling them to remove the code generator and login approvals. In fact, there are quite a few of them. Most of them get denied, but this morning, the facebook security team approved it.

Here’s an email I received this morning approximately 3 minutes before the page was hacked.

facebookscreenshot1
Here are a few other things they’ve submitted to Facebook as me.
facebookscreenshot3

The moment they got approval based on the fake ID that they submitted, they were able to get through. It doesn’t entirely even make sense to me, because that email still says “Well you still have login approvals turned on”, but I believe it may have been exempt because they were already logging in and communicating to facebook from a computer that they had changed my password on.

I could be completely wrong. I’m even open to the idea that somehow its my fault, that i’ve missed something and I opened myself up to the attack by clicking a link I shouldn’t have… I don’t want to say its 100% Facebooks fault, I know that I have been responsible for such a thing in the past at least once.

Either way, what’s true for certain is that they did get through, and transferred ownership of the Spirit Science Facebook Page to someone else, and now are continually posting spam, and porn, on repeat, ad nausea.
rulesforhacking

It took me about an hour this morning to get back into my account and knock out the fake users from my account, but even then, Spirit Science was gone.

If everything goes the way it normally does, Facebook will restore it by tomorrow morning… but still, this is pretty rough, and I am growing tired of this crap.

Thanks for reading, please just don’t look at our FB page today, and I am so sorry again for this happening. If you press “ignore posts” you may not continue to see the posts in the future once the page is restored. Please don’t unlike the page, and let your friends to know to do the same. We have a lot of new and exciting stuff on the way and we are doing our best to overcome the limits of the old systems.

With love,
Jordan