Completely helpless against FB ID-theft from stalker ex-GF

The BBQ Pit
1

I never imagined that this would actually be possible, but holy fuck she’s got me.

I broke up with my ex (“X” from now on) a few times over the last month but agreed to get back together for various reasons. I could write 10 pages on how truly fucked up she is, but I’ll just briefly mention, she’s got very deep and serious issues (and one’s that up until recently I’ve been very sympathetic to). She’s an only child raised by an insanely controlling, paranoid-delusional mom, in a locked-in gated house, and she’s been abused as a child.

She was so horrible to me one night a few weeks ago that I tried to end it once and for all as we sat in her car in front of my apartment. Just as I was about to open the door, she it the gas. (And again at the red light when I tried to jump out). Finally the next light I escaped, she got out after me leaving the keys in the car, she broke down crying on the sidewalk at my feet, I couldn’t get her to budge so I said finally that we would go somewhere together and talk, car got stolen with all her stuff… not wanting to abandon her after this I got back together with her, figuring I’d at least stay with her until she was in a stable place again regarding her lost car, IDs, laptop, iPhone, etc.

AND, I gave her my Samsung tablet so she’d at least have access to the internet in the days immediately following. It wasn’t long before major fights continued and there was a period where I refused to take her calls or communicate with her.

One night about a week and a half ago I was online late at night and I got a strange message in gmail that my account recovery info was changed. Well the message wasn’t strange (and I quickly responded to it and changed the gmail password) but what was strange was that the message immediately disappeared from my inbox without a trace (bot in “trash” either).

At some point I noticed my skype password was changed and I regained access to that. And FB was changed once or twice where I was able to get back in. BUT a couple of days ago, on the 21st, she called me while I was drinking in a bar with friends, and I foolishly answered it. She threatened me numerous times with how she’s gonna ruin my life and I told her in no uncertain terms “I’m not interested in your threats. Do whatever you need to do”.

While I was still in the bar she managed to get into my facebook account, remove all the email addresses associated with it, create a new fake email address to associate with it, and remove phone numbers and other security verification info.

When I got back to my friend’s place that evening I tried to log in and couldn’t. There was a verification procedure I could follow but in the end FB said I’d need to wait 24 hours before gaining access again and te page would be down in the meantime. I figured, OK I can deal with it further tomorrow when I’m sober.

But the following day she had already gotten back in and posted personal and fairly explicit photos on my profile. I tried again to verify my identity with FB and again they accepted it but said I’d need to wait 24 hours before logging in again. Five minutes later she was back in.

I went to the police and filed a report but the police officer (a nice guy who genuinely wanted to help) really had nothing to say about the cyber stuff. (There was other real-life stalking going on as well). I got home and she had posted even worse video.

At this point, when I tried to do the “forgot password” verification, I only had 2 choices: either reset my PW through the fake email address that she created, or I could choose 3 friends who would be sent a code, who I could then call, get the code to provide to FB, which again locked me out for 24 hours. She was back in the next minute. And this is what I did all night. I have wonderful friends who took it very seriously and immediately provided the codes, but at some point X thought to unfriend some of them. (probably coincidentally, not because of the verification process). In any case I would provide codes, page went down, she was back in the next minute, wash rinse repeat about 5 or 6 times.

At some point FB no longer offered this other procedure and it was only through the email that she controlled that one could verify their identity. Holy fuck! I was losing my mind.

At this point there’s nothing you can do. Absolutely nothing. After clicking “forgot password” there’s the option of reset through that one email address or you can click that you no longer have access to that account, at which point FB simply says “sorry, you need access to a registered email to gain access to your account”, and there’s a link to help menus and stuff. None of the help menus, or various reports will get you anywhere I’ve tried them all.

(shit, apparently she’s back in my account now unfriending more of my friends who I’m in contact with).

Anyway, there is absolutely no mechanism at this point to regain control. None. This is simply unbelievable. There are no email addresses or phone numbers or ways to report this.

The Samsung had my email password saved and from that I guess she got into my other accounts. I had my deleted mail recovered yesterday and I saw everything she did. About 15 or 16 emails in all where she did every step. I called a lawyer who is on the case but there’s nothing he can do to get any immediate action. He has sent a letter to the offices in Dublin and I think contacted the police, but she could very well have control of my account for weeks.

This is truly a nightmare.

Anyone know if what she did is actually illegal in Germany, and what if so how is it even punishable?

2

Is she still accessing your accounts through the tablet, or did you get that back? I don’t know about samsung, but with my iPad, I can erase all the content remotely (through the find my iPad app) and basically turn it into a pretty brick. If this is how she continues to access your accounts, you may look into that, at least as a temporary fix, especially if she doesn’t have access to internet elsewhere.

I can’t believe facebook makes you wait 24 hours, that seems completely ridiculous. I can’t imagine you are the first person to experience something like this. It seems they should make the entire account inaccesible by anyone until the matter is resolved. I feel for you. What a terrible situation.

3

May I suggest you open up a whole new Facebook account, maybe with a fake name so your ex can’t find you?

4

It truly is a nightmare. I actually had a security app (Cerberus) installed on the tablet. But before I could use it she uninstalled it. (great security app :rolleyes: )

Anyway, I don’t think she’s using that at this point. I think she found the passwords in my email and now no longer needs the tablet.

5

Already done. I’m using this to keep a close watch on the activity of my real account. I also filed a report from the new account saying that the old account is impersonating me (this is one of the few options you have in the report function). But I’m not sure how FB even handles such reports.

None of the report options in any of the links covers this situation.

6

Can you not get some kind of a restraining order against her? What she did with her car (I think) would count as a felony in the US. Surely it is also illegal in Germany.

7

One of my friends had her Facebook account compromised a couple years ago. The interloper posted some vile jokes and was reported to Facebook by others but they did nothing. Eventually my friend just made a new account. Sorry to hear about your troubles.

edit: I am not a lawyer but I’m pretty sure leaking explicit photos of you without your permission is pretty bad. If it’s really as you have described it, make sure the lawyer and cop you have been in contact with know that.

8

I’m in the process. But I was advised by the police against pursuing the car thing. Without a witness she could deny it and win and that would affect the credibility of everything else I say. I have provided enough valid info though to get a restraining order but first the police will send her a letter. And I have to give her 14 days to return the tablet. (I could get it now but then I wouldn’t get the tablet back). This is what the police advised.

9

I don’t know that the police need be involved in getting a restraining order at all, unless it’s to provide evidence of a history of intervention in domestic disputes. And I have never heard of the police “sending a letter” to anyone other than a traffic ticket. What does this letter say? Can you get a copy of it?

Also, you’ve been acting like an idiot for a while now, so stop. Never speak to this woman again. Never see her again, unless it’s in a court room. Consider a tablet a cheap price to get rid of her.

Think of everything she might possibly access from the tablet, and contact vendors and change accounts and passwords whether there’s been interference or not. Things like utility bills, a Netflix account, etc.

10

I mispoke by saying “letter”. The police will simply send her notice that I’ve filed a report. And you are correct that a restraining order is done by the courts, not the police.

About acting like an idiot, well… the reality is always a bit more complicated than a few paragraphs can explain. Certainly in hindsight there were moments when I might have chosen to go in a different direction than I did. But I don’t want this thread to be about that. As it stands I’ve been completely, totally, unequivocally, and unimpeachably broken up with her for about 3 weeks now (and arguably much earlier).

At this point I just hope that there is a serious penalty for this at the end. Unfortunately because of Christmas I won’t be able to contact my lawyer until Thursday, and this sitting around, and waiting, and refreshing the screen to see if she’s done anything else, is killing me.

11

The most frustrating thing is I have all the evidence to prove exactly what she did, if I could just get someone at FB to hear/read it.

12

You should create a brand new gmail account. Contact all the places where you have the old gmail registered and switch it to your new email address. In fact, it’s not a bad idea to create several new different email addresses and use different ones for the bank, Amazon, iTunes, etc. It’s pain in the ass to set up but it’s nothing compared to the damage that can be done if anyone finds the words for one of your accounts.

A password generator and manger like Last Pass or Roboform can help you keep track of all your new words. Use their master password list to protect all your passwords - that way you only have to remember one word.

As for Facebook, and Germany, and so on, I have no idea, except maybe to ask your lawyer’s advice about waiting two weeks.

Good luck!

13

Legal question: Can FB be held legally responsible for not having an adequate procedure for dealing with identity theft? Can I sue FB? (according to US law)

14

In what way? You gave her everything. You didn’t mean to but you did. It’s in no way facebook’s fault.

15

I didn’t give her anything (I lent her my tablet). But in any case, that’s not the question. I’m not talking about prevention. But once an account is hacked, and someone’s identity is taken over, they could do a lot of damage. If a victim has the knowledge and all the information and evidence, shouldn’t FB have a mechanism in place that would allow someone to get access back, or to get the account shut down? I mean, this could theoretically go on for weeks and even months.

16

I think Loach is saying they do have plenty of mechanisms. You used them, right? But you also handed her that tablet which apparently had all kinds of saved passwords, and she probably knows all the answers to the account recovery “secret questions” since she was your girlfriend. So she’s got a leg up on the average hacker by those very reasons.

17

Presumably you’ve contacted every one of your FB friends and told them to unfriend, since this nut now has access to their information.

18

Also consider whether you might need to get a new credit card issued if you’ve saved your credit card any place (like Amazon). Some places will accept the last four digits of your credit card as part of their id verification process. I’m not saying she can use those four digits to run up your card, but she she may be able to use them to gain access to other accounts.

Mat Horan lost his digital life when hackers got the last four digits of his credit card and used them to change the password on his Apple ID. He wrote about it here.

19

All you need is the FB password and email PW. With that you can completely take over because any notice sent to your email as a warning is diverted to the new email.

I have had to verify my identity in the past on FB and there is no way she could have gotten through any of those challenges so I’m very curious what she has had to do. I was only with her for a few months and she didn’t meet more than 2 or 3 of my social contacts and she’d never be able to correctly identify pictures of my contacts. She certainly wouldn’t know my childhood street, or my mom’s maiden name or any other personal info commonly asked to prove identity.

So hypothetically, if they did not have any mechanisms for retrieving a hacked account, is this in any way a legal issue? Why or why not?

20

Did you report that your account was compromised or did you just try to reset your account’s password?

Click here on My Account Was Hacked
http://www.facebook.com/help/131719720300233/