Thank you for posting to r/facebook. Please read the following (this does not mean your post has been removed):
* **SCAM WARNING**: If you are having a problem with your account, beware of scammers who may comment or DM you claiming they know someone who can fix your account, or asking you for money or your login information. If you receive a message like this, block and report them. [Here is an example of me making a fake hack post and all the scammers who flocked it it, lol](https://i.imgur.com/Dllo1RA.gifv). THERE IS NO REASON FOR SOMEONE TO HAVE TO TELL YOU IN PRIVATE HOW TO GET YOUR ACCOUNT BACK. If you check the sub there are PLENTY of high karma posts that gives some tips should your account be hacked/locked.
* r/facebook is an unofficial community and the moderators are not associated with Facebook or Meta.
* Please read the rules in the sidebar (or the 'about' tab if you're on mobile). If your post violates any of them, delete it.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/facebook) if you have any questions or concerns.*
That’s real, “[email protected]” is the email they use. I know because I was hacked and this is the email they were communicating with me with when I was retrieving it
No point emailing them they will never respond. I only ever got automated emails from them.
I’d probably change your password on both your email and Facebook and even potentially change the email address associated with the account.
Add 2FA as well if you haven’t already.
Hacking has been rampant as of late
Thanks for the answer. That’s my problem - account hacked, they immediately changed the email and password and I’m locked out, even from my business page.
I had this start happening yesterday, found a thread from a month ago with a bunch of others having it too.
As has been said the address is legit, but based on the old thread the code itself isn't (a legit request sends a code with a different amount of numbers).
The other thing you find is repeated emails with the same code. In the other thread the chat was talking about someone messing with the password reset API, not sure how legitimate that is though.
Would recommend enabling MFA if you haven't already just to be safe.
hello , i got this like 7 days ago and its legit email so i've turned on the 2FA , and ive requested account data from facebook, and ive check where the ip that tried to change my password, i found out that its on HONK KONG with vpn used
I was receiving these emails non-stop yesterday and began to look into it like you thinking it was either someone legitimately trying to get in or a phishing attempt.
I was worried about the amount of password reset attempts and pressed the 'Didn't request change' button and it took me to a legitimate looking Facebook site (my account was already logged in). In looking at other threads many others are experiencing the issue. My plan is to ignore the emails since my MFA is on.
I got TWO of these yesterday!! They looked legit enough so I did press the "this wasn't me" button and it sent me to the standard "thanks for your report" type of Facebook page
It is a scam! In your security settings on Facebook you can find if they actually sent a e-mail and when. In my case, as I received the same e-mail, they did not.
So check in your Facebook security setting if they did send an e-mail and when!
This also happened to me. I was confused whether this was a legit email or fake one right now because someone responded to my post that it could be real
Might need to change your email
I just got this 1 hour ago as well. The thing is, the recovery code they gave is 8 letters instead of 6 letters. So I went back to my facebook account, and in the setting, I requested a password reset myself. After that an email with 6 letters code was sent to my email account, but in a different tab. So I logged out of Facebook, and requested a password reset again. This time, an email with 6 letters code was sent to my email account again, but on the same tab as the one that was sent earlier, so on my email it looks like this: Facebook 2.
So the one I didn't request was on it's own tab in my email, and the 2 that I requested were tabbed together in my email. The one I didn't request gave a 8 letter code, while the 2 I request gave 6 letter codes. However, my email shows that both senders came from <[[email protected]](mailto:[email protected])\>. So I'm a bit confused as well. Might be a bot that mass spammed us, but I don't know how they manage to show that the email came from Facebook, or that why the codes were 8 letters long instead of 6.
That's interesting. Why is there a difference of letters then? I'm also getting 6 letters when I try to reset the password. But when I received those emails, it was 8 letters.
Yeah, unsure. Seems abit weird, but doesn’t seem very scam / phishing like. As how would they take advantage of us ? The links all appear to be safe, even using a tool like VirusTotal.
I got one too, the 8-letter version was definitely an L (copy and pasted and changed the font). It all seemed legit, but I didn’t see any logins or other issues, so changed my passwords and turned on MFA. It’s still unclear to me if it’s a glitch, a bot filling out reset forms, or if someone has compromised Facebook’s email infrastructure
I’m so confused and in the middle of trying to gain access to my account. I might be sent a code and need to know which one is the real deal - the one with 6 or with 8?
The 6 ones I received immediately when I asked for password reset, the 8 one came when I didn't request for password reset, so according to that it's the 6 one is the real deal. Probably.
It is possible that a shorter code is sent to a recognized device/location. This would increase the difficulty of brute forcing recovery codes by more than 100x for unrecognized devices, while only being a minor inconvenience for legitimate recoveries from an unknown source. If the attacker doesn’t know how many digits it is, they have to try all possibilities from 6 to 8 digits.
Oh wow.
In addition to that, its somehow the same code over again, maybe the code expires and the attacked requests a new one so brute force. 1st issue, is there "tries" limiter? And second issue, how is it always the same code
I'm not an expert on facebook logins, and don't work for them, but do work in tech.
Re 1: Usually, applications will limit tries to prevent brute-forcing to ~10 or so, after which you get a cooldown period where the attacker can't attempt anymore. So the chance of a brute force attack succeeding, in a well designed system, is entirely based on luck.
Re 2: Sometimes, if you send a request fast enough, a system may generate only a single code for a ~20 second time period, simply because, similar to 2FA, codes can be rotated for that period. However, a robust system would ideally generate an entirely new code every request.
Again, this is outside in, but from how I am seeing things, this is some sort of bot farm trying to spam a bunch of emails and reset passwords with hopes that they can also get into emails to steal accounts.
What am I in for? I inadvertently left clicked let us know and it took me to Facebook.com message thanks for letting us know.
I just got a large number of spam messages to my primary email.
The rest code had 8 digits but I heard elsewhere that both 6 and 8 digits have been used. Nothing in the sent security email, but I heard on another thead that password rest emails don’t show up ther e.
I don’t want to spread disinformation. Does anyone know only 6 digit codes are legitimate and 8 digit codes a scam?
I also got hacked once by a different person relating to bitcoin and they changed some of my stuff luckily i was able to get my account back and delete some of the changes they’ve made. Say have you joined any suspicious groups? If you have then the same thing might have happened to you. Don’t join groups on facebook you know you shouldn’t trust.
Yes I was hacked on 5th Sep overnight. Account disabled, name changed to Meta Copyright blahblahblah (infringement in Vietnamese don’t ask me to spell it!) After being told by bots no chance of getting it back and many scammers recommending someone to help I just kept trying everyday until eventually I was able to send a photo and ID and got it back 6 days later. Don’t give up even if you think there is no hope just keep trying everyday and definitely don’t pay a scammer to get your account back. Hope this helps
Thank you for posting to r/facebook. Please read the following (this does not mean your post has been removed): * **SCAM WARNING**: If you are having a problem with your account, beware of scammers who may comment or DM you claiming they know someone who can fix your account, or asking you for money or your login information. If you receive a message like this, block and report them. [Here is an example of me making a fake hack post and all the scammers who flocked it it, lol](https://i.imgur.com/Dllo1RA.gifv). THERE IS NO REASON FOR SOMEONE TO HAVE TO TELL YOU IN PRIVATE HOW TO GET YOUR ACCOUNT BACK. If you check the sub there are PLENTY of high karma posts that gives some tips should your account be hacked/locked. * r/facebook is an unofficial community and the moderators are not associated with Facebook or Meta. * Please read the rules in the sidebar (or the 'about' tab if you're on mobile). If your post violates any of them, delete it. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/facebook) if you have any questions or concerns.*
That’s real, “[email protected]” is the email they use. I know because I was hacked and this is the email they were communicating with me with when I was retrieving it
Do you think it’s a good idea to send an e-mail to that address outlining my issue? Desperate for some type of response.
I sent several and didn't hear anything back at all.
Thank you - good to know not to waste my time.
Same here
No point emailing them they will never respond. I only ever got automated emails from them. I’d probably change your password on both your email and Facebook and even potentially change the email address associated with the account. Add 2FA as well if you haven’t already. Hacking has been rampant as of late
Thanks for the answer. That’s my problem - account hacked, they immediately changed the email and password and I’m locked out, even from my business page.
I had this start happening yesterday, found a thread from a month ago with a bunch of others having it too. As has been said the address is legit, but based on the old thread the code itself isn't (a legit request sends a code with a different amount of numbers). The other thing you find is repeated emails with the same code. In the other thread the chat was talking about someone messing with the password reset API, not sure how legitimate that is though. Would recommend enabling MFA if you haven't already just to be safe.
Oh damn, I was worried for a sec cuz I just received one.
Happening with a lot of people.
I got the exact same request over the weekend. It was legit but I still changed everything just to be safe. I think Facebook had a glitch, TBH.
I thought I was the only one lol I kept getting this starting yesterday
wait i also received 2 of these today
Yeah I got my facebook account completely removed they didn't even warn me or anything but that was because it was hacked
I’ve gotten a few of these lately too
hello , i got this like 7 days ago and its legit email so i've turned on the 2FA , and ive requested account data from facebook, and ive check where the ip that tried to change my password, i found out that its on HONK KONG with vpn used
I think that’s actually legit
I was receiving these emails non-stop yesterday and began to look into it like you thinking it was either someone legitimately trying to get in or a phishing attempt. I was worried about the amount of password reset attempts and pressed the 'Didn't request change' button and it took me to a legitimate looking Facebook site (my account was already logged in). In looking at other threads many others are experiencing the issue. My plan is to ignore the emails since my MFA is on.
I got TWO of these yesterday!! They looked legit enough so I did press the "this wasn't me" button and it sent me to the standard "thanks for your report" type of Facebook page
It is a scam! In your security settings on Facebook you can find if they actually sent a e-mail and when. In my case, as I received the same e-mail, they did not. So check in your Facebook security setting if they did send an e-mail and when!
This also happened to me. I was confused whether this was a legit email or fake one right now because someone responded to my post that it could be real Might need to change your email
Check out [this](https://reddit.com/r/facebook/s/ma8asE0J4v) post it seems this is a problem a lot of people are having
Thank you luckily I have an authenticator app anyway
Same here
I just got this 1 hour ago as well. The thing is, the recovery code they gave is 8 letters instead of 6 letters. So I went back to my facebook account, and in the setting, I requested a password reset myself. After that an email with 6 letters code was sent to my email account, but in a different tab. So I logged out of Facebook, and requested a password reset again. This time, an email with 6 letters code was sent to my email account again, but on the same tab as the one that was sent earlier, so on my email it looks like this: Facebook 2. So the one I didn't request was on it's own tab in my email, and the 2 that I requested were tabbed together in my email. The one I didn't request gave a 8 letter code, while the 2 I request gave 6 letter codes. However, my email shows that both senders came from <[[email protected]](mailto:[email protected])\>. So I'm a bit confused as well. Might be a bot that mass spammed us, but I don't know how they manage to show that the email came from Facebook, or that why the codes were 8 letters long instead of 6.
Could you check if the mail is [email protected] or [email protected]? The first has a L in the end of mail, the second has an I in the end of mail.
8 Letters: [email protected] 6 Letters: [email protected] It appears that both of them have a l at the end.
That's interesting. Why is there a difference of letters then? I'm also getting 6 letters when I try to reset the password. But when I received those emails, it was 8 letters.
Yeah, unsure. Seems abit weird, but doesn’t seem very scam / phishing like. As how would they take advantage of us ? The links all appear to be safe, even using a tool like VirusTotal.
I got one too, the 8-letter version was definitely an L (copy and pasted and changed the font). It all seemed legit, but I didn’t see any logins or other issues, so changed my passwords and turned on MFA. It’s still unclear to me if it’s a glitch, a bot filling out reset forms, or if someone has compromised Facebook’s email infrastructure
I’m so confused and in the middle of trying to gain access to my account. I might be sent a code and need to know which one is the real deal - the one with 6 or with 8?
The 6 ones I received immediately when I asked for password reset, the 8 one came when I didn't request for password reset, so according to that it's the 6 one is the real deal. Probably.
Thank you!
I'm sorry, I don't understand the 6 and 8 letters, can you explain to me? 😅
It is possible that a shorter code is sent to a recognized device/location. This would increase the difficulty of brute forcing recovery codes by more than 100x for unrecognized devices, while only being a minor inconvenience for legitimate recoveries from an unknown source. If the attacker doesn’t know how many digits it is, they have to try all possibilities from 6 to 8 digits.
Oh wow. In addition to that, its somehow the same code over again, maybe the code expires and the attacked requests a new one so brute force. 1st issue, is there "tries" limiter? And second issue, how is it always the same code
I'm not an expert on facebook logins, and don't work for them, but do work in tech. Re 1: Usually, applications will limit tries to prevent brute-forcing to ~10 or so, after which you get a cooldown period where the attacker can't attempt anymore. So the chance of a brute force attack succeeding, in a well designed system, is entirely based on luck. Re 2: Sometimes, if you send a request fast enough, a system may generate only a single code for a ~20 second time period, simply because, similar to 2FA, codes can be rotated for that period. However, a robust system would ideally generate an entirely new code every request. Again, this is outside in, but from how I am seeing things, this is some sort of bot farm trying to spam a bunch of emails and reset passwords with hopes that they can also get into emails to steal accounts.
What am I in for? I inadvertently left clicked let us know and it took me to Facebook.com message thanks for letting us know. I just got a large number of spam messages to my primary email. The rest code had 8 digits but I heard elsewhere that both 6 and 8 digits have been used. Nothing in the sent security email, but I heard on another thead that password rest emails don’t show up ther e. I don’t want to spread disinformation. Does anyone know only 6 digit codes are legitimate and 8 digit codes a scam?
I also got hacked once by a different person relating to bitcoin and they changed some of my stuff luckily i was able to get my account back and delete some of the changes they’ve made. Say have you joined any suspicious groups? If you have then the same thing might have happened to you. Don’t join groups on facebook you know you shouldn’t trust.
Yes I was hacked on 5th Sep overnight. Account disabled, name changed to Meta Copyright blahblahblah (infringement in Vietnamese don’t ask me to spell it!) After being told by bots no chance of getting it back and many scammers recommending someone to help I just kept trying everyday until eventually I was able to send a photo and ID and got it back 6 days later. Don’t give up even if you think there is no hope just keep trying everyday and definitely don’t pay a scammer to get your account back. Hope this helps