did he ever say if he found out HOW his account specifically was compromised? There is a lot of discussion here about how SMS is a weak link. But I dont get it. The example of one respondent providedd is koiphish. This is just a MITM attack. Doesnt https protect against this? If a MITM DID worrk, does that mean someone forged/stole facebook's certificate?