TL;DR: Author reuses same password for most websites. Password was leaked. Attackers likely used password to try and login to his old FB account, causing it to reactivite. Facebook has protections which prevent attackers from accessing account based on stolen password alone (no doubt preventing further damage from attack). Author is annoyed by this.
Nice summary, but it downplays the issue. The author has no remedy other than sending a photo ID. Why is an account able to be reactivated using a password known to be compromised? Perhaps Facebook should require an ID _before_ reactivation if the password is compromised, instead of the other way around.
To preface my comment, I don't like the idea of providing government-issued ID either. I'd like to see their privacy policy regarding the storage of the ID and if they collect the info from it.
Having said that, I'm almost glad this measure is in place. Assuming the account was only deactivated and not completely destroyed (and let's be honest, they likely never completely destroy all data on a user) an attacker can very easily assume the identity of that user as well as invade the privacy of their friends who have an account but lock down info to only their connections.
What I'm trying to say is, showing ID seems extreme, but given the amount of power you gain by getting access to someone's Facebook account today, it doesn't seem entirely unreasonable.
Also I don't think he actually deleted his account but deactivated it and mistook that for account deletion. I've deleted my account on numerous occasions, once it's gone, it's gone from the end user perspective (whatever FB actually does on the back-end is not truly promised I assume).
