This happened to my daughter. I got a notification that she'd changed her profile picture and it was changed to text that looked Arabic to me. Between the time I said something to my wife about it and my wife pulling up Facebook on her phone, the account was locked and disappeared.

HERE'S THE SOLUTION:

Purchase an Oculus device. Do not open it. It's a Facebook product and requires a Facebook account to use it. Oculus tech support has humans and inside channels to resurrect Facebook accounts that have been left in limbo by the dumb Facebook automated support.

Once you get your account back, return the Oculus device for a refund.

You have to act fairly quickly because the suspended Facebook accounts are permanently deleted and become completely unrecoverable after around 30 days.

This is most concrete example of "if it's stupid but works, it's not stupid"

its stupid you have to take the circuitous route at all, which is what people mean by saying its stupid

As an extra layer of safety, buy the device on a credit card - in the UK you get Section 75 protection which is by law entitles you to a refund for defective/faulty/not as described products - similar to card networks' protections except it's the law and will succeed even in cases where a typical card dispute would fail.

So you’re saying if we really want out of the service get your account suspended instead of just never logging in again?

This is genius. It even feels kinda hacky.

I'm no genius. Just good search engine skills. Geek dad jumped in an started looking for answers and found reports where others had done this.

Thanks, Dad!

That's MacGyver tier stuff right there! Did you by any chance have internal info on FB's support structure and which buttons to press or just a stroke of genius ?

After the usual government ID requests were satisfied and the automated e-mails started saying "we're done here," I just googled it and found a few anecdotal cases where someone had gone the Oculus route. It worked for my daughter. She had a really tough time returning the Oculus. She's a slightly more than casual gamer, but she's also a poor grad student.

So… this will be a useless answer for most and incredibly helpful for a few.

The best solution is to know, or befriend, someone who works at Facebook (you’re in the right forum to meet people).

The short: FB has an internal team dedicated to helping friends of employees fix account issues and they work very quickly.

I know, and have personally used, this service a few times and it’s super useful. (Sadly I don’t work for the company so I’m not helpful here.)

So if you know a FB/Meta employee, contact them about the “oops” team.

If you don’t know anyone, there’s a chance someone here could help (it is extra work for them and they’re putting their reputation on the line so think about how you can show/prove you’re a good actor.)

I’m going to guess that this isn’t helpful to your situation right now but perhaps you can use this info to find someone who can help. Good luck!

To me the most interesting part about this is the fact they know their platform causes enough issues without sufficient means of remedy as to need a dedicated team for their own people. If they had to eat their own dogfood instead, things would get fixed.

> If they had to eat their own dogfood instead, things would get fixed.

I assume they are using their own product. At FAANG size, these bad cases are probably just noise at best if you only look at the big picture. A hundred people losing access to their facebook account every week week is nothing if you have billions of users. So I guess it just doesn't happen to employees enough to appear to be a problem. And if it does, it's so easy to fix since you are facebook, that it doesn't even occur to most that this might be a very different experience for normal people. Sadly, a few employees caring and and maybe even occasionally raising their voice about this internally isn't enough. It's great they volunteer to help out, but as GP says, it doesn't scale and only works as long as it's a secret trick for people who know someone...

I've lost my YouTube account I used in college in another stupid fashion that should be easy to recover (or rather, verify that it's mine) if someone with half a brain looked at the issue, but we all know how easy it is to talk to a human at Google if you have problems with a non-payed account there, so I didn't even bother trying. Cousin of mine doesn't remember the email account she used when she registered her Minecraft account (9 years ago, at age 13). I payed for that account. I still have the PayPal Transaction ID, exact date of purchase, Account Name and UUID. They should be able to verify the account wasn't logged into for years. Nope, not enough. Well at least you could actually talk to a human there...

"Eating your own dogfood" in this context is clearly referring to employees and friends of employees going through exactly the same processes to get their accounts fixed and restored as unconnected users would.

I did this recently for a neighbor whose account was hacked. I was able to sit down with her in person and go through the steps and fill out the form with her, and it was resolved in a day. It felt nice to be able to help someone so directly given how indirect my work usually is. It makes me think that a job in customer support would probably be pleasant if you could consistently fix people's problems (which probably does not describe most customer support jobs). I'd do it again with someone in person, but I don't really feel comfortable doing it over the internet... you really are supposed to be vouching for this person.

The impression I got from training is: "DO NOT EVER TRY TO FIX PROBLEMS ON YOUR OWN. DO NOT EVER ACCESS A SYSTEM ON BEHALF OF FRIENDS OR FAMILY. YOU WILL BE FIRED. And if you ever get anxious and consider breaking those rules, you don't have to because there's an internal system to help you resolve these issues."

(I started posting this in my own name, but I don't like telling people "no" and I'm worried this invites requests...)

Smart to use a throwaway. And I personally know someone who violated the “don’t access systems” rule. They were very well liked and they were very quickly fired.

I was wondering what the purpose of the oops team was beyond making employees’ lives a little easier. Makes sense that they would set it up as a way to avoid having devs trying to fix friend’s/family member’s problems and risk private info/PII running amok

a friend of mine is a security guard at Facebook and I asked her if she knew how to unlock my years-ago hacked account and she told me tons of people ask her the same thing and that there's nothing that can be done about it. perhaps it's different if it's a developer instead?

A physical security guard (as opposed to someone in Facebook security)?

I wouldn't expect a security guard to know much besides physical security protocols. They wouldn't be privy to anything around user accounts.

yes, but I thought she'd know someone who'd know someone or something like that. I was just slightly amused that I wasn't the first person to ask.

Since this thread is hot, I'd like to add a similar request as well: My mom has her FB account suspended 2 years ago for unknown reason, in fact we never really got a "suspended account" status. We just couldn't login, 2FA doesn't work (SMS message never came), then her account profile disappeared and become "Facebook user".

We started the process of unblocking the account by uploading Government ID, but after we uploaded the photos (her photos, passport's photo, her with passport etc... ), FB just stopped responding to us altogether.

The account has something close to 10 years of photo, without any backup, so any help would really really be appreciated. My email is human@nhanho.me

Edit: At the time, someone was trying to impersonating her. We found a new account copying her profile pictures and "About" section that was created on the same day. Somehow the impostor was also able to logged her out of her account and turned it into a weird state where you can't login.

Fun tidbit: in an attempt to remove 2FA so that we can login, I signed up a new account and associated her phone number with the new account in hope of removing it from the previous account. The method did infact remove the number, then we got a 2FA form on her account with a grand total of ZERO choice (an empty selection list on the popup). Note that her facebook profile was disabled to me before I try this, so I don't think this was the reason for the suspension.

And another thing that I still couldn't explain to this day: on the day of her losing access to the account, she received a garbage SMS which looks like Chinese, but it wasn't -- I asked a Chinese speaker, they said it read garbage. After copying it and changing encoding (from/to UTF-8/UTF-16 something, I can't remember the detail), turned out it was a 2FA sms text from FB. I have no idea how her phone turned it into garbage text.

If you have a desktop device, you should check whether there is a browser hijacker or a different form of malware, that would not be surprising. On Windows you can use one of the following On Demand Scanners. They are all free and don't change anything about your system configuratiom (portable)

- HitmanPro

https://www.sophos.com/en-us/products/free-tools/hitmanpro

- Kaspersky VRT

https://www.kaspersky.de/downloads/thank-you/free-virus-remo...

- Norton PowerEraser

https://support.norton.com/sp/static/external/tools/npe.html

- ADWCleaner

https://malwarebytes.com/adwcleaner/

- Emsisoft Emergency Kit (this one will prompt you to pick a folder which it copies the files to, nothing is installed)

https://www.emsisoft.com/en/home/emergencykit/

First to get this out of the way: I fully sympathize and hope some hn user with privileges at facebook can escalate this to the appropriate people to quickly get it resolved. This isn’t the first post of this kind. What is new however is, that non-techies are signing up for hn accounts to get things resolved. I don’t blame CrzyLngPwd for advising her to post here, I probably would be giving the same advice if a relative was involved. People working at FAANG‘s don’t log in to hn to fix their companies processes by performing ad-hoc tech support and they shouldn’t have to. We should all (whether FAANG or not) lobby management within our organizations to ensure that proper appeals processes are in place. It is in the interest of the employees as well as the company. Because while it was fine to have no appeals available when „The Internet“ was a fun hobby for a select few, it is decidedly not fine, when millions of livelihoods depend on the whims of automated appeals processes. You can bet your RSUs that governments will step-in sooner or later and institute tedious (and perhaps inappropriate) procedures set in (regulatory) stone, if the industry doesn’t manage to self regulate in an effective way. You don’t know when it’s coming, maybe the golf buddy of an influential Senator gets banned on Facebook without any recourse or the Wife of a Member of the European Parliament loses access to her Google Account and we might see this issue regulated out of existence. I‘d much rather the industry takes initiative now and solves this Problem on it‘s own. It costs some money but it’s not Rocket Science | Brain Surgery.

In Germany any website is required to have a contact e-mail with a human at the other side.

I used to see this as an example of German overregulation, but I changed my mind when I could use it to recover my account at a big social network. In any other nation I would have lost my account for good.

I hope you find help here. I am also interested to know how a non techie Mom fou d HN in the first place :-)

My Dad (who uses HN) recommended it :)

I was wondering that too, but the problem does resonate with me, because something similar happened to me as well and I’m reasonably technical :)

My Facebook account was protected with 2FA and wasn’t compromised — no shady posts etc. In fact I don’t use Facebook much at all, only logging in occasionally because a local sports group uses it to coordinate.

It was, however, flagged and access denied. The way out was to provide government-issued ID to Facebook to get it unlocked. I suspect it was reported as “not a real person” for some reason. I did spend some time wondering if it was even worthwhile keeping my Facebook account — even after they unlocked the account I’m not sure.

Anyway - it’s just a cautionary tale, don’t get too attached to anything on a site you don’t control.

Yeah sometimes I dread the day gmail blocks access for some reason and I never hear back. Pretty much everything is connected to one's primary email address.

That's my personal nightmare. There's way too much stuff still connected to my Gmail account.

How long did it take them to process your ID and give you access back?

Access was restored when I checked the next day.

Hacked account --> hacker news

I bet is just google doing google things :)

I assume that the hacker in HN was associated with account hacking. Or their significant other is active on here

Six days ago would be a day after their account was hacked. Most likely a son/daughter or techie friend recommended it.

That's correct.

I'm her techie father.

She is distraught and beside herself about this and I was hopeful that someone with influence might see it and help her as I have so often seen people regaining various accounts after appealing to the hive mind of HN :-)

My Dad recommended I use HN (he uses it) so I created an account at the end of last week. And then I created a post today after working out what to say!

If you do get back in don't forget to go to Settings > Your Facebook Data and get a copy of all your data out in case this happens again.

While you're at it look at your other services such as your Google account and save your data out of them using their "Takeout" service as well.

Facebook is not the only service that locks accounts with no appeal, human contact or legitimate reasons.

A loophole folks have found to get "human support" from Facebook/Meta is to purchase an Oculus Quest. [1] I hope this helps!

[1] https://www.theverge.com/2021/8/4/22609603/facebook-account-...

If you only do the bear minimum such as opening the box to get the support phone number you may even be able to get the account unlocked without taking any of the seals off or opening the packaging too much so you'd be able to resell it as near new and get most of your money back.

If they only need a phone number, isn't this number post somewhere on the internet by another person who bought an oculus?

I'm not sure they do, they might also ask for a serial number. I'm assuming you can't get too far in the setup process without a working Facebook account so you shouldn't need to go too far into the setup to access that support.

* bare minimum

Crazy how we're gaming the system just to find humans in the system, haha.

Life hack

Just a hunch, but did you have Facebook installed on an Android device? There's a nasty malware going around infecting older versions of Android (that don't receive security updates). It takes over your Facebook account, posts malicious links and spam to all your friends. Phone is sluggish as hell, but works.

Check if any of your friends have received malicious messages and links from your Facebook account.

The malware even manages to disable Google Play Protect. It's detected by Malwarebytes, but it returns after a restart.

No, not installed on an Android device.

Any random apps promising "vouchers" or "coupon codes" installed on your phone? Do you have an Android device?

https://blog.zimperium.com/flytrap-android-malware-compromis...

EDIT: I hope you get your account back. Maybe if you're able to pinpoint that some malware took over your account, facebook support would be more sympathetic? I sure hope they have some process in place for accounts that fall prey to these malicious apps.

I don't have an Android device at all.

Unfortunately I do not have an answer for you, but I do have some suggestions for you.

> I had 2FA enabled so I have no idea how someone managed to access my account. I am not a techie.

What kind of 2FA had you set up? If it's text messaging, this is trivial to bypass, however, if it was TOTP using an authenticator method then this seems suspicious. Please double check your email isn't compromised. My guess is they may have reset the 2FA method either via text messages or via email. Also follow the advise in the other comments regarding backdoors and/or extensions/addons that hijack your browser.

> I sent my ID to FB and have not heard anything more. I feel scared that I have sent my ID to someone that has somehow hacked my account, used my bank card, and now knows more about me than before.

Some years ago when I had to do this, it was a manual process, and so it took a few days, which may be the reason why you haven't heard anything back. Double check where you sent your ID. For example, if you sent it by email, check who you sent it to, if you uploaded it on a website, check that the website you uploaded it to is indeed facebook.com etc (also, check that it isn't an iframe by right-clicking on the see if there is any options about frames or iframes). Having said that, the process could have changed and it may be that it is automated now.

Lastly, and this may be far fetched, but try emailing Mark Zuckerberg's office at zuck@fb.com and zuckerberg@fb.com (send it to both addresses). These CEO emails often get directed to a team that can deal with things. Though, I'm not sure if this is the same with Facebook considering you're not a customer.

I wish you the best and hope you regain access. If/when you do regain access, I suggest you download a copy of your information[0]. This way you won't lose all those precious memories in the future if you happen to lose access again.

[0] https://www.facebook.com/help/212802592074644

Why (or how) is it trivial to bypass text messaging 2FA ?

The problem is that mobile providers, unlike tech companies, prioritize customer service over security. Thus they have human customer service agents instead of heartless robots, and the human agents will, with the tiniest bit of social engineering, allow your phone number to be taken over or ported by a scammer.

sms can also be intercepted by folks who knows what they doing in the approximate location as the cell phone user. Cell phone/sms is NOT secure.

It is susceptible to sim swapping (probably not hte case here). I think there is also a method for mirroring the 2FA code, as well as intercepting the message (i don't know how easy it is though).

Sim swap attacks are the main way, becoming more common every day

SIM swapping https://en.wikipedia.org/wiki/SIM_swap_scam

Since you used pounds as the currency I will assume you are in the UK, if so the GDPR applies and you might be in luck in terms of recovering your data.

If you see an option to download your data on the "account suspended" page, use it, or try to access the feature directly: https://www.facebook.com/help/212802592074644

That should at least give you an export of all the media uploaded by the account.

If you can't, it might be worth getting in touch with the ICO or a pro-privacy non-profit such as Open Rights Group (https://www.openrightsgroup.org) or NOYB (https://noyb.eu/en) and ask for advice on how to do a subject access request to manually get your data back, and on top of that why not request a manual review of your account suspension (the GDPR mandates that a data subject has the right to request a review of any automated decision).

Seconded on NOYB. These guys are amazing!

They punch way above their weight in protecting citizens and suing bad actors [0] (actual lawyers)

Did you know NOYB stands for "none-of-your-business"?

[0] https://techcrunch.com/2021/11/22/facebooks-lead-eu-privacy-...

Thank you. I'll take a look at these!

In my experience, Facebook ignores GDPR requires coming from the UK… not that you can really submit one if your account is suspended. The more reports the ICO gets, the bigger the chance that they'll do something about it.

I know the UK has a similar law to GDPR/is currently keeping GDPR on the books - but the actual GDPR only applies to the EU/EEC? (so not Britain after brexit?)

The ICO still enforces it. (In theory.)

“In theory” is the keyword. The ICO is beyond useless from my experience.

I'm just going to say it. There isn't a lot you can do.

Not to be harsh but Facebook doesn't care that you're a mom, have two or ten daughters, what you've used it for, etc. This is a well known issue with tech giants, and because they give away their services for free in exchange for advertisements, you don't have a lot of recourse when trying to get other parties to help you on this.

> I am so upset because I have so many memories on the account with my Grandma and Grandad (both deceased), photos and videos of my two young daughters growing up, as well as many others.

Very big mistake. Facebook is not a government or public-owned entity, they are a private company. This doesn't help you get anything back, but in the future NEVER have the only copy of anything important on a single service. You should have a computer or USB drive (you can get them for iPhones) and store your important photos and pictures on it. At the very least make sure your important photos, pictures, etc. are on another non-Facebook service like Google Drive.

There's a lot of talk about what Facebook should do and other sympathizing/emotionalizing on this thread, but none of that is going to make Facebook do anything different.

- Factory reset your home router and update the password on it to a secure one. Get your ISP or a tech-savvy friend to help you with this.

- Work with someone tech-savvy to save the data on your home PC if you use one and reinstall the operating system. If your PC had any malware spying on you this will take care of it.

- It wouldn't be too bad to treat this like an identity theft situation. Update every password to every account you use - email, banks, etc. It's a good time to go through any online services you use and disable/delete accounts you don't use.

- Prepare for the possibility you may not get access to this account again. If someone else you know has access to your profile you should be able to download pictures and videos from that account from a computer.

- If work requires you to have a Facebook account, the only thing you can really do is try to make another one. Do this from a work computer if you can.

- If you primarily used Facebook to talk with family, try to get everyone on an alternate platform, such as Whatsapp or Telegram. I would also start collecting more direct methods of contact such as phone numbers and email addresses and make sure your phone contacts are up to date. Facebook can't take these away from you.

> alternate platform, such as Whatsapp

Doesn't FB/Meta own WhatsApp?

Oh yeah. If you get banned on Facebook do you get banned on Whatsapp too now? I'm not 100% sure how they are combined.

My condolences. Hope you get the account back. After that, please do not use facebook as custodian for you photos, post and data. Please remember FB is NOT be trusted with anything.

Agree. It's like life's experiences are trying to send a message: if the service can't be relied upon, you should not make it such a critical piece of your lifestyle.

(Sorry to be that cynic.)

This makes me so angry. Nobody imposes a duty to care on Facebook (and others), so they don't. Using an online service is like walking on ice, but most people think it is solid ground.

I hope you get some resolution.

Thank you.

Maybe you should add contact info (email) to your profile? Who knows if then a person who is able to help reaches out to you.

Do you mean on here?

Yes, you can put an email address in the "about" field of your HN profile:

https://news.ycombinator.com/user?id=lsjfd

This will be public, so consider creating an email just for this purpose.

When I was at fb they had an internal email address called oops where you could forward issues like these. So maybe you can ask a friendly employee if that's still the case, and if they can help.

Why not you?

How could she know someone at Facebook? Why would you think this is helpful advice?

You surely behave like an ex-FB employee

No need to be rude. From what I recall, the Oops system originally allowed any employee to request action on behalf of anyone, but they changed the policy not too long ago that you can only request help for people you know personally and are vouching for. The team behind it simply does not have the resources to help everyone, which yes, absolutely sucks for people impacted (I'm in a similar boat with a longtime Google account).

A relative's account was hijacked. Her name was replaced with another name, but the photos and friends list etc remained. I reported it, and FB deleted it. She created a new FB account.

The moral of the story is to backup Facebook, and never rely on it for anything that you don't mind using.

How did you first find out that your account was suspended? Did you provide your bank card to Facebook to verify your account? What are the verbatim messages you have received from Facebook?

I opened FB and it said my account was suspended for violating community guidelines, and was given the option to "Disagree".

I disagreed and was prompted to upload a photo of my ID, which I did.

That was all on Mon 13th Dec. Since then whenever I log into my FB account, it says:

"...you disagreed with the decision ON 13 DECEMBER 2021 It usually takes us just over a day to review your information. Your account is not visible to people on Facebook and you can't use it."

And whenever I log out of my FB account, it says:

"This account will be disabled in X days Are you sure that you want to log out? You only have X days left to request a review. After that, your account will be permanently disabled."

Even though I've already disagreed with the decision and asked for a review. There's no other option for me to choose another review.

The reason I ask is because Facebook phishing attacks are common. I am confused how an attacker was able to steal money from you when you have two-factor authentication enabled. In any case, if your account ends up being disabled there will be a link to download your information. Good luck.

Thank you. I know, I am confused (and VERY concerned!) by the fact I had 2FA and they managed to get into my account and somehow stole money out of my bank account! It's made me very suspicious now of so much!

Sometimes the "download your information" option is there, but when I click on it just says an error.

Could you confirm if the purchase was made through Facebook Marketplace, or if they got your card details and somehow made the purchase elsewhere?

My question above assumes that the purchase was on Marketplace.

I really don't know, but it was definitely on FB. The transaction on my bank statement was "FACEBK" followed by a reference with numbers and letters.

I did search for what it might be and it seemed from other people's experiences it might be some kind of FB advertising? Certainly nothing to do with me! I was really upset and so relieved that my bank helped me sort it out.

I will just add that my FB account was suspended on 13th Dec and on 15th Dec I saw £200 'pending' out of my bank account with the "FACEBK" ref thing which I reported it to my bank straight away that night. Sadly on the morning of 16th Dec it went out of my account, but my bank sorted it for me very swiftly later that day.

To my mind the fraud people probably poisoned your account in the hope that you would be locked out of FB and wouldn't notice the transaction.

Did you discover the £200 purchase separately?

(I'm speculating that the deliberate upload of prohibited material was to get you locked out of your account so you couldn't reverse the purchase from inside FB).

Interesting, could the purchase have been made through Facebook marketplace?

yet another reason to move off of Facebook entirely; and to have a backup of everything.

Hey everyone, just piggybacking on this thread with an Instagram problem - maybe someone has a suggestion or a similar issue.

My account has been deactivated suddenly and I lost a lot of information that I had on Instagram - private messages, pictures and people that I followed.

I've been trying to recover it for months. I suspect that Facebook most probably is still keeping this data, I just can't get access to it. While this has been a wonderfully liberating event, I'd like to get access to my data.

Does anyone know where to request data (I'm in Europe so GDPR) even if the account is deactivated and I cannot login? If the only way to do this is to know someone at Facebook it's a bit silly.

> I am not a techie

What’s a techie?

Since when is this a Facebook support line? This account was created 6 days ago with the specific intention of getting Facebook support.

Assuming questions like this don't swamp everything else my reply is:

a) It's sometimes justs nice to help people

b) This question will probably prompt some interesting discussions about topics that are core to HN.

I'm not disagreeing, but trying to turn this forum into a support line is a little selfish. Complete with the "aww but I'm a mommy" and "I talk to dead people" and oh hey maybe one of you hacker types might work at Facebook per chance? please.

You know who doesn't get help from HN for Facebook problems? EVERYONE ELSE

I'm always hopeful of pleasant resolutions to problems and always turn to search engines first - which for my job often comes up with stackoverflow content :-)

My hope is that IF this post leads to a helpful resolution then others searching for the same will find it here.

Or perhaps by educating our fellow techies we might, collectively, raise the bar so that others in the future don't fall foul of such problems.

I don't know how long you've been on the Internet, but if this post leads to a helpful resolution and gets indexed, that's precisely how we end up with a bunch of neophytes asking us how to get their <anything> working again. I get wanting to be kind and empathic and all that, but think about how this impacts the platform. There are better, more appropriate platforms for this, this is not it.

You sound kind of bitter.

Just because we can't help everybody doesn't mean we shouldn't help anybody. This person posted, it gained traction which means the community here is interested.

Think about what this place would be if more people would use it like OP does. Why help OP and not <random person who posted for help but never got answers>? Why not help everyone who asks for help? This isn't Stack Overflow.

It would probably be better if there was a posted article on “How to reclaim your online account if a soulless social media company you foolishly trusted arbitrarily and capriciously deletes said account” and the discussion ensued from that.

In lieu of such a article, this is a way people would address issues on tech forums back in the days of Usenet, BBSs…back in the days we elders sometime long for. Seems charming in a way…the neighbor knocking on the back door asking for a cup of sugar. Do agree it could get out of hand, but why don’t we wait until the moderators start complaining?

Can I hear the distant sound of Marley's Ghost rattling his chains?

Merry Xmas. :-)

> Think about what this place would be if more people would use it like OP does.

I don't really think much would change. Most submissions don't get much attention and I doubt that's going to change. Feel free to not vote for Ask HN submissions like this. I voted for this one because I was curious what the community would come up with and I'm not disappointed.

> Why not help everyone who asks for help?

If that's what you want to do, then do it. Patrol /newest and act quickly because most of the requests for help are going to pop up and scroll away within an hour or so.

> You know who doesn't get help from HN for Facebook problems? EVERYONE ELSE

Yeah, most people go to twitter.

Probably your computer have an backdoor. So hackers steals your cookies to avoid 2FA and upload them on some other computer (different IP).

It's not your fault! 2FA just doesn't works as most users expect.

Few months ago this was discussed here: https://news.ycombinator.com/item?id=28745097

Try to explain that was hacked account.