It was a Sunday morning when 27-year-old Jess received a message from a friend named Olivia.
They weren’t close, necessarily. But they had bumped into each other the night before, so it wasn’t entirely unusual that Olivia’s name might pop up on her phone.
“Hey question :)”, Olivia wrote on Facebook messenger.
“Having phone trouble :( can I send you a quick text and have you tell me a number from it? Sorry not many people on to ask.”
It was a bit weird, Jess said in retrospect. But at the time, “I didn’t think twice about what she was asking,” Jess told Mamamia.
“Of course I wanted to help a friend out. I willingly sent her my phone number, agreeing to send her a screenshot of the codes I was sent,” she said.
For those who might not be familiar, if you find yourself locked out of Facebook for whatever reason, sometimes you can elect to have a code sent to your phone in order to verify your identity. The same applies for Gmail, MyGov, and most other password protected accounts.
Most of us have probably done it unconsciously a dozen times this year.
But when Jess sent the screenshots to Olivia, strange things began to happen.
Jess received an email from Facebook alerting her to the fact they'd received a request to reset her Facebook password.
Had something gone wrong, she wondered? Confused, she messaged Olivia back and asked what was going on. Olivia replied almost immediately, with a vague reason that somewhat made sense.
By this point, it was getting late. Jess had other things on her mind. She'd sort it out in the morning.
The next morning, however, it was too late.
While scrolling through Instagram, she saw a post from Olivia. She'd had her Facebook account hacked, she told her followers. "Don't respond to any weird messages," she said.
Jess' response was simply: "Shit".
The messages from Olivia's account kept coming. Whoever the hacker was desperately wanted to Skype.
Skype can be used in a myriad of ways by hackers. One possibility is that by getting Jess on Skype, they could access her screen, thereby infiltrating all her private accounts.
And then came the pictures.
"I opened my Facebook messenger to see my account, literally in that moment, sending very private photos and videos of myself to my friends hacked account. I almost dropped my phone in horror as one by one these images that were so incredibly private were being sent to God knows who. I was in so much shock, I didn't know what to do."
The sexually explicit material had been sent to a former boyfriend years ago. She had completely forgotten it even existed.
Terrified by what this person might do, Jess went to the police station.
"They were stumped by it all," she said. While they investigated, Jess was going to have to wait.
Once the person on the other end had retrieved the most private material from Jess' account, they followed up with a message.
"Nice pics and vids. If you don't want me to send to all your 2,559 Facebook friends I need you to Skype me in the next few minutes."
"Not much time until these go viral," they continued.
"4 mins then all 2559 friends receive."
"Nothing you can do to stop except [sic] skype... 3 minutes left."
And then. Silence.
The material, as far as Jess knew, wasn't sent.
That's when the person logged Jess out of her own account, and she couldn't get back in.
"They had full control of my Facebook and I was absolutely terrified," Jess said.
"For the next few days they used my account to hack other girls and also torment them. They got into hideous sexist conversations and would post racist white supremacist stuff that was so disgusting it makes me sick to think about. They photoshopped photos of my friends and added Nazi symbols to them and would post it on their walls."
The advice Jess got was to access every account she had and change her passwords, as well as ensuring she applied two-factor authentication on every account.
Two-factor authentication is an additional layer of security, which means that if anyone tries to log in to your personal accounts from a new device, they will have to type in a password and a six-digit verification code sent to your phone.
It should make your accounts (virtually) unhackable.
Once Jess' banking and email became impenetrable, the person responsible for the hacking no longer had any use for her. They moved on.
Some of Jess' friends were not so lucky.
One had her nude photos sent around to all her work colleagues and friends. Another had most of her money stolen. At the time of publication, friends of Jess' were still being hacked, and the police have so far been unable to identify the perpetrator.
"As much as they like to screw with you and torment you, their endgame is money," Jess said.
"I found out from others that they had managed to steal money from them as they use your Facebook and email to get in to your Uber accounts which holds your card details and then from there they have full control. They use your nudes that they find in your Facebook messenger as blackmail to get you to Skype them and then I think somehow, they can hack you further through Skype."
Although Jess' photos and videos haven't been sent, she "feels sick" that one day she might "see naked photos of myself plastered across the Internet."
Posted or not, a stranger, responsible for criminal activity, is now in possession of her naked photographs.
"The system is flawed," Jess said.
"We tried everything to regain access to our pages or contact Facebook. It took days before I finally got back in.
"My advice would be to put two-factor authentication on absolutely everything. Facebook, Instagram, Uber, email, etc. This is super important and if you do this you should be unhackable. Secondly, make sure you know who you’re talking to online. Don’t give your number out or send any codes.
"And thirdly, try not to send private photos of yourself that could be used against you via any social media platform. Especially Facebook messenger. If you have previously, delete them all. They'll come back to haunt you. These photos of me were sent privately to an ex boyfriend four years ago... The hackers somehow dug them up and did the same to many other girls. People may be quick to judge me on this, but this experience has shown me how common it really is and that most people have sent a nude or two in their life."
While Jess considers it all "pretty stupid of her" – that's not how it looks. We'd all likely have done the same thing, with no sense of the implications.
This might be a story about vigilance, and the importance of security measures like two-factor authentication, but it’s also about the shortcomings of authorities to deal with cyber crimes. Jess was stuck, with no legal recourse. Her perpetrator, most likely, will get away with it.
Investigators, it seems, can’t keep up with the evolving nature of crime, in a world where everything can be stolen, with a few clicks of a button.
Your money. Your identity. And moments that were intended to be private.
Top Comments
Why anyone would ever think it a smart idea to send or upload nudie pics is beyond my comprehension. In a world where cyber crime, hacking or just old fashioned revenge is strife, there is no 100% guaranteed safe guard from the above scenario.
The scammer initiated the 2 factor password recovery to get in in the first place.
Facebook has an option when you log in from a computer where you can download all your data. This is what they would have used to get the photos. Once they had hey password.
If you have any concern then download your own data and look though the photos to see if there is anything you would want to remove.
Once you take anything down your done want them download the full profile again to confirm.
Exactly! Two-step authentication isn't worth a hill of beans if you provide your phone number and the authentication code to someone!