Two months ago, popular photographer and digital artist John Wilhelm‘s Facebook was hacked. Below, he shares the step-by-step story of how the hack happened, and how the hacker used his very popular Facebook page to scam hundreds of his followers out of their hard-earned money.
I received a message through my John Wilhelm is a photoholic FB Page via Facebook Messenger. A man introducing himself as Adam Torres told me he would like to buy my page. I clearly remember how I was laughing about it with my wife (who is actually my girlfriend but it confuses people all the time to have 4 kids with a girlfriend so I call her my wife) and how I wrote him back that I was not interested in money.
Adam Torres followed up and wrote that it was a misunderstanding, and he was actually interested in setting up an advertising concept for my page. He knew quite a few things about me. He said he would be working for Bored Panda (who’s featured my work and who I’ve been in touch with quite a few times over the years) and there was a possibility to combine my posts with ads and earn a little extra money this way.
I asked about references and was skeptical the whole time, but finally, I agreed to give it a try for a week.
He sent me an invitation to Facebook Business Manager, which I copied to a text editor and after that to a Google Chrome Incognito session. It was definitely an address that pointed to the Facebook Business Manager, but I guess it was not my own but a prepared one to which I was given admin rights for the moment. Strange thing was, I checked the roles in the dashboard and I could only see myself as an administrator. He asked me to add my Photoholic site, and later on he would tell me the source to add for the advertising catalogue.
I added my site, because I was absolutely sure this business manager was “my” business manager, and as long as I didn’t add another source or another person nothing bad could happen. But something bad had already happened…
In the background another admin was lurking, and this admin would drop me off the site a little later (as you no doubt already figured out).
After adding my site, I got a strange feeling somehow. I don’t know exactly why. Adam Torres’s performance was perfect, clearly social engineering at its finest. But something was wrong. I wrote a message to Bored Panda and asked if they knew an Adam Torres and if he works for them. The answer was shocking: No it’s scam!
I wanted to return to the chat with Adam to give my soul a little peace and smash him some nasty curse words, but the chat was gone… Adam Torres no longer existed. Well, I thought, that was quick. Facebook got this guy already and was able to shutdown his account.
How naive that assumption was.
I was doing a little workout in my attic when the phone rang. A follower from Zurich (thanks a lot Farid!) told me that he believed my GB page had been hacked. I was shaking. Damn! Adam Torres immediately came to mind. I jumped onto my computer and tried to fix this—tried to delete those video streams—but after a while I realized that I no longer had control over my page.
It was like watching a bad TV show of yourself. I could see what was happening in my name but I couldn’t do anything to stop it.
Of course I wanted to contact Facebook. Just a few clicks to get in touch with a friendly customer support agent and we’d be good to go again, right? Nope. Facebook customer support has no email address, no phone number, no form to fill out, no nothing.
I think I was really trying all I could to contact Facebook and the only success was to get a support-bot (called Horst) “on the line.” Horst didn’t help at all, of course.
During the following days my mood was alternating between sarcastic fun and complete desperation. Luckily, I have a really great community and many many of my followers tried to cheer me up (thanks Peter for the Pandas) and showed me their full support. So great! One person reached out to me and told me he had a contact within Facebook that could help. I was a little skeptical because the name sounded somehow like Adam Torres for my ears, but I’m pretty sure I only got my page back because of this person, and I’m really really grateful for what he and his contact did.
Nguyễn Minh Tiến contacted me. He told me he was connected to the hackers and could help. He showed me a screenshot of a Vietnamese version of my page. I could see another admin in the role field.
The messenger chat ended with him asking to have the credentials of my real Facebook account. He needed it to help he told me. Argh! Bugger off!
I reported the hacking of my page to the local police.
I got my page back but Facebook did not contact me. I don’t know what happened from any official source, so I can only guess. It’s great but also not so great, because I don’t feel safe yet. I’m not sure if there’s still someone on the back end who could revoke my admin rights with a single click.
Unfortunately, after I got my page back I discovered a much greater misery than my own: in my inbox are hundreds of messages from cheated Vietnamese guys who wanted to buy one of those glasses or a watch. Most of them paid for a product but will not receive anything. So sad.
So, what will I do now? Will I stay on Facebook (and Instagram) or is it better to leave this behind me? I honestly don’t know yet. Three days ago I was absolutely sure I would leave, but now, after reading all of the messages, comments and feedback, I’m not so sure anymore. I guess I’ll have to sleep on it.
Mostly, I just want to thank all of my followers from the bottom of my heart for their support. The hack was horrible, but how they tried to defend me and my site was absolutely amazing and touched me!
About the author: John Wilhelm is an IT professional and photographer who specializes in amazing digital manipulations. You can see more of his work on his website, or by following him on Flickr, 500px, Facebook and Instagram. This post was also published here and is being republished with permission.