COLUMBUS (WCMH) — When Doug Focht woke up on Jan. 24, he checked his phone, and had three emails from Facebook.

“The first one was that there was a log in attempt at like 5:55 in the morning from Columbus, Georgia,” Focht said.

The second email contained a verification code, because there was a request to change his password.

“And then the third email I got was that my password was changed,” Focht said. “I knew what it was.”

As Focht slept, hackers quietly took control of his account.

“I have to admit, my password was probably too easy,” Focht said.

But before his account was hacked, Focht enabled two-factor authentication, meaning someone trying to access his profile from a new device would have to provide his password and a verification code sent to his email or phone.

“The problem was, they would show an email address that was no longer mine,” Focht said. “They also changed the phone number to my account, so there was no way I could get a code sent to me. So, I’m locked out of my Facebook account, and I have no way to access it.”

Cyber security expert Andrew Keck said Focht did the right thing, using two-factor authentication, but added that his misstep was a simple password.

Keck said passwords need to be strong to prevent incidents like this.

“Cyber resiliency is really where we’re toughening our cyber footprint, making ourselves a smaller target,” Keck said.

I asked Keck if there’s any chance Focht could regain control of his account on his own.

“If they’ve gone in and changed your backup email, so you couldn’t go in and reset it, they changed some of those backend settings, and then you’re reaching out to Facebook, probably directly,” Keck said.

I reached out to Facebook directly, but have not heard back. And as of March 23, Focht said he still has not been able to access his account.

Right now, he has no plans to create a new profile, but said he immediately changed the passwords on all of his online profiles.