Like hundreds, maybe thousands, of Facebook users in the group "Lily Collins Facebook Hack," Raleigh Laplant was locked out of his account by hackers.
People lost photos, memories, and contacts and had their Facebook names changed to "Lily Collins." How?
"I installed what I thought was a standalone ChatGPT program from Facebook that came through as an ad," Laplant said.
Laplant says the ads contain a virus that steals login information and mirrors Facebook cookies onto the hacker's computer.
"That in itself allows someone to log into your account, making it appear that you've used a registered device with Facebook and it's not required to use 2FA," Laplant said.
2FA is two-factor authentication. The extra security requires users to approve log-ins using their smartphones.
The ads are still posted on Facebook. Google removed a malicious ChatGPT extension from its Chrome store.
What's frustrating to Laplant and the other "Lily Collins" is trying to get help from Facebook.
"You can't get ahold of anybody. They've got 80,000 employees and you can't get hold of one person on Facebook. It doesn't make sense," Laplant said.
After weeks of trying, Laplant did reach someone with Facebook who acknowledged it's a significant breach, but there's no public comment on the problem from Facebook.
Facebook's policy forbids users to change the name on their accounts, so even after Raleigh and a few other users regained their accounts, they're still "Lily Collins" on Facebook. I reached out to Facebook last week and still haven't received a response.