How We Lost 4,000 Facebook Followers in 24 Hours: The Story of Our Facebook Hack

Screen Shot 2014-11-11 at 12.41.33 PM

“Hey Jules, So I was trying to verify our Facebook page, and during the process it kicked all of my email addresses off as an Admin. Can you make me an Admin again. It looks like someone else took it over.”

“Oh man, sure. I’ll call you back.”

That’s how it started–the longest 24 hours of my career as the Editor in Chief of the Phoblographer began with simply trying to get our page verified.


“I’m not an admin either.” stated Managing Editor Julius Motal to me as chills went up my spine, the adrenaline kicked in, and the stress began to take a hold of me on Sunday November 9th at 7pm NYC time.

During the process of verification, Facebook asks you to remove email addresses not associated with your account. And given that we used to test phones, I had my Yahoo, Phoblographer, Gmail and Outlook email addresses all synced. After selecting only the Gmail option, I headed onto the subway from a Union Square cafe to get back to my Williamsburg apartment. When I emerged, my email synced and told me that my Gmail account was removed. I tried to fix this via email and stating that I hadn’t de-selected the Gmail option. That got fixed very quickly and I changed my password multiple times to throw off anyone who had tried to hack me.

Clarifying this more for readers who asked: I have no idea how my Gmail address was removed. Try the verification process, you’ll that that is literally all there is to it.

The Phoblographer has been subject to a number of hacks in our years. We had a DDoS attack a while back. Then we had threats come in after we proved that an image was photoshopped. Then at one point I mandated to the staff that they need to change their passwords every month. When the threats went away, all was fine again. But this one was completely out of the blue. For once, someone didn’t try to target the site. Instead, they went after one of our biggest sources of traffic: our Facebook page. And it didn’t go after my account so much or my personal photo page, but instead more so with my website’s page. The hacker indeed tried to talk to friends of mine on my account while I was away though.

logo upscaled the phoblographer

We spent lots of time, effort, and work building our Facebook page. When I quit my day job three years ago to run the Phoblographer full time, we were only at 8,000 followers. Then we did a contest with BorrowLenses and rocketed up to 30,000. And from there, our strategy was to collaborate with other channels and let us feed off of one another. You know–because social marketing actually requires you to be social.

In one year, we went up to 100,000 Facebook followers. At the end of 2014, we will be at approximately 300,000–and all that without buying Facebook likes and trying to pay more money to reach more of the following that we built. It was organic, and though many social media mavens may question that validity of contests bringing in an audience, the contest entrants mostly stuck with us. We would get emails all the time saying that they entered for the contest and that they didn’t actually expect us to be a worthwhile site. It was awesome to read them and respond to each one.

And so when we were hacked, I thought to myself “All that work. All that work could probably be gone.” Then I started to take the steps to get our page back. There would be no way that I could let my own company lose a battle to a porn spammer.

I looked up a number for Facebook. Got to a customer service line, which we called many times. No luck. In fact, we never even talked to a person.

I reported the problem in four different ways. Still no luck.

I used my network to figure out what we could do. A couple of folks sent emails for us.

Then I finally started going to our other channels and letting folks know that our Facebook page had been hacked. Many people had the idea from the start, but I was incredibly surprised to see in the comments on the hackers’ posts that most indeed thought that we were changing direction. At times, being an Editor in Chief can make you feel incredibly lonely. You do things that you need to to ensure that your company survives and that everyone’s paychecks can be paid. But when people genuinely think that you’ve lost your mind and have turned an established website into the Buzzfeed of porn, that hurts.

Screen Shot 2014-11-10 at 9.17.37 AM

After hours of trying, the emails started to come in telling us that we were hacked. I responded to each one. Tweets came in, and we responded too.

Then it hit me. I couldn’t do anything. The feeling of being powerless and helpless is a really terrible one, and I realized that I would just need to wait it out.

So with lots of stress on my mind and anxiety in my body, I went to sleep early and meditated to get ready to tackle the problem early on the next day. It worked, and I woke up extra early to see what had happened. We still didn’t get our page back.

On top of trying to get the page back, it was Monday morning. If you hate Monday mornings and consider your job to be tough, you don’t ever want to imagine what your higher ups are going through. On top coordinating content production, answering emails, marketing initiatives for the site during the holiday season, and finishing a steady stream of news, I needed to deal with getting control of our Facebook page back.

A couple of friends offered to put us in touch with folks at Facebook or to send messages. By the end of the ordeal, we must have pinged at least eight people at Facebook. While that doesn’t sound like a lot, you should realize that actually getting through to a person at a place like that is incredibly tough to do. The same goes for Amazon and a couple of other very large companies. Imagine trying to get through to a customer service rep for your Cable company or AOL (if you remember those problems from long ago) and multiply that by at least 100x.

It’s disgusting that a company that controls so much of the social media world wouldn’t want user to talk to them and that they wouldn’t want to fix their problems. That is, unless you’re in advertising. But as a small company, we don’t have the money to spend on getting more interactions and page views. So we need to do it through an organic means.

Hours and hours passed and still no response from Facebook. Then we were told to ask our readers to report the page as spam then to state that we were hacked, and that if enough people do that that we could get our page back.

And again, the waiting game continued.

A reader emailed us to let us know that his wife worked at a call center for Facebook, and that she could probably elevate the immediacy of our problem. Emails were sent again. And the waiting game continued yet again.

Readers of ours had seen our call to help us get our page back and commented on every post with a link to it in hopes that others would do the same and help us get the page back. When we finally did get page back, I saw that the hacker had banned these people. At the end of the 24 hours, there were over 230 people banned by this hacker.

But 230 out of 275K is really small potatoes. Those voices though didn’t seem totally silenced. More and more people reported the page.

At 5:30pm, I was wrapping up emails, writing, scheduling and editing. Then I started chatting with a Public Relations rep that I’m very close with about the situation. It was tough to talk to a colleague about it, but I’ve always had the policy that I should always be honest. Honesty creates so many less problems for you in the future.

To clear my mind for an hour, I decided to play video games then get back into it. 5:30PM still means that the West Coast of the US is still awake and working at full speed since they are three hours behind. But at 7pm, Julius called me to let me know that he was an admin again. I finished my game, then went back to it. I had been given admin status again, so had Julius and we had control of our page again.

Screen Shot 2014-11-11 at 1.22.52 PM

So I set about to clear the spam posts, and to let everyone know that we were back. Folks seemed happy. And to prove that we really were back, I commented from my personal account. Then it was about talking to our readers in the comments, chatting with folks on our wall, and messaging everyone who was angry about what happened. It was a lot of work.

Then a buddy of mine told me that he couldn’t comment. After going to the ban list, I saw that the hacker tried to silence many people who tried to help us. So I needed to go in and unban lots of people.

And after 24 hours, things were back to normal. We shared stories, talked to readers, etc. It was wild–and such a liberating feeling to be able to interact with our readers all over again.

But at the end of it all, I was amazed by one single big issue: during that 24 hour period we had lost approximately 4,000 people. That means that 4,000 people thought that it was time to abandon us at a really tough stage. No, of course we didn’t change to a porn site. It baffled me that people chose to not even go to our website to check what had happened. Human curiosity is only natural.

A reader told me to think of it more as culling the herd. But in the time that we were hacked, we dropped behind in the social media world.

What amazes me even more is the overall lack of response from the Facebook security team. Mr. Zuckerberg isn’t much older than I am, but did he not remember that customer service comes first? We surely have spent money with Facebook before, but we don’t have Coca-Cola’s money.

With our page back in our control though, we’ve tightened security all over. And it’s nice to be back. But we encourage everyone to be really careful about the verification process and beg Facebook for a more responsive security team and customer service reps. I know more and more people that have started to turn their back on the platform and companies are even starting to do so too. But that’s no reason to not care about your users.

Most of all though, we want to thank our readers. Because it’s been proven that without many of you, we probably wouldn’t have our page back.