An Undiscovered Facebook Bug Made Me Think I Was Hacked
My legs were sticking to the vinyl back seat of a NYC cab when I received the email on a Thursday this July. I was running late to an afternoon dentist appointment, and sending messages on Facebook Messenger. Most of the conversations were for a story I was reporting about a Facebook group for sexual assault survivors, which had been overtaken by abusers.
At the time, I was messaging with one of the abusers—who was using a fake profile—hoping to find out how they weaponized the group for harassment. In the middle of our exchange, I received an email from Facebook, which said, “We wanted to let you know that your mobile number was removed from your account. Because of this, we’ve turned off two-factor authentication on your account to make sure you don’t get locked out when using an unrecognized computer or mobile device to log in.”
I hadn't removed my phone number; I immediately assumed I had been hacked, especially given the story I was reporting. Like hundreds of millions of people around the world, my Facebook account contains the record of a decade of my life. But in this case, my messages also contained stories of harassment by the same person I believed had breached my account.