It’s been nine months since Cairns real estate agent Stuart Carr’s life was turned upside down.

It all started with an ominous email from Meta’s Facebook in May last year. Someone had attempted to log in to his account from Oregon in the United States.

Worried, Mr Carr tried all the steps Facebook suggested. He followed the links to reset his password, with no luck.

Cairns real estate agent Stuart Carr has been trying to regain control of his Facebook accounts for nine months. (Supplied)

He even sent Facebook a copy of his driver’s licence and other ID to prove who he was, again to no avail.

“Everything I did, I would think I was getting somewhere, but I ended up hitting a brick wall,” Mr Carr said.

After two days Facebook decided Mr Carr’s account was compromised and deleted it.

But not before the hackers had gone on a massive spending spree with his credit card details.

Over 48 hours, the hackers racked up $3150 worth of charges – all spent on Facebook ads.

The hackers racked up a $3000 bill in Facebook ads.
The hackers racked up a $3000 bill in Facebook ads. (Supplied)

The money was eventually refunded through his bank, but Mr Carr was infuriated that Facebook’s security processes did nothing to stop the suspicious transactions.

“Facebook ads have to be approved before they go live so why didn’t the alarm bells go off at Facebook when, in a short amount of time, my account had the email and phone number changed from an IP address somewhere in the United States and then thousands racked up in ads,” Mr Carr said.

The charges, however, turned out to be the least of his worries.

Over the next few months, Mr Carr would slowly realise the enormity of his predicament.

It wasn’t just his personal Facebook account he had lost.

He was the sole admin of the Facebook page for his commercial real estate business – and having been booted off Facebook he could no longer access it.

The notification Stuart Carr received from Facebook, saying someone in the US had changed his password.
The notification Stuart Carr received from Facebook, saying someone in the US had changed his password. (Supplied)

Over the past eight years, Mr Carr grew his business, which specialises in the use of drone footage and customised videos to sell properties, off the back of Facebook.

It was the way new customers found him. He advertised his services and found buyers for the properties he was selling.

Mr Carr said his profits were down 50 percent since the Facebook hack and he was now at a point where he was considering shutting his business down.

At the time he was hacked, the real estate agent was running two community Facebook groups, one for the local dog park and another for a mountain bike riding club. These too are lying dormant.

The social cost of being suddenly disconnected from friends and family was also “huge”, Mr Carr said.

“It’s affected my personal life a lot because I’m from Melbourne. I’ve got a good network of friends up here in Cairns but I communicate and stay in touch with friends and family over Facebook.

“It’s like someone’s just come along and wiped out your life in a big way. All of it has taken a massive personal toll.”

Mr Carr said a short time after his account was hacked, he noticed a security alert on his iPhone from Apple, which said his Facebook and email passwords were included in a data leak.

“I suspect is how the hackers got in and took over my account,” he said.

Meta’s Facebook has 2.9 billion users worldwide, with hackers a growing and often nightmarish problem for victims.

A spokesperson for Meta declined to comment on how many accounts are hacked per year.

Hackers often gain access to Facebook accounts through weak passwords used on other sites, such as email accounts, or phishing scams, online security expert Troy Hunt said.

“It is often a weak password, lack of two-factor authentication, a phishing attack or a combination of all of the above,” Mr Hunt said.

Even users with strong passwords and two factor authentication set up on their accounts were vulnerable to phishing attacks, Mr Hunt said.

Using a digital password manager was a good option to boost security, because it allowed people to use a lot of random passwords without the headache of trying to remember them, Mr Hunt said.

“The joy of that is if I do have an account compromised … it’s only in that one place,” he said.

Unfortunately, it usually took things going wrong before people realised they needed to take online security, Mr Hunt said.

“After the fact, people will do anything to avoid the problem but, by then, it’s too late.”

After contacted Meta a spokesperson said it was investigating Mr Carr’s case.

“We’re committed to safeguarding the integrity of our services, and work hard to protect our community from hackers, fake accounts and other inauthentic behaviour,” the spokesperson said.

“Online phishing techniques are not unique to Meta, however we’re making significant investments in technology to protect the security of people’s accounts.”

“We strongly encourage people to strengthen their online security by turning on app-based two-factor authentication, never share their password or account details and turn on alerts for unrecognised logins.”