Small businesses say Facebook is enabling hackers to take over accounts

Small businesses say Facebook is enabling hackers to take over accounts

Small businesses say Facebook is enabling hackers to take over accounts

Sheela Lalani is one of many small business owners who rely on social platforms to generate additional holiday income. Her Instagram store of one-of-a-kind, artisanal children’s clothing—adorably modeled by smiling children frolicking in her dresses—has attracted nearly 13,000 followers. She recently rolled out her Christmas collection when suddenly any hopes of promoting her new clothes to followers were abruptly dashed when Meta deleted her Instagram account. They also disabled her personal Facebook account, Facebook business page and her most recent Instagram store profile.

Lalani was horrified, but then the situation got worse. Despite the disabled accounts, the PayPal account she linked to her social media pages to buy ads to promote her businesses was charged $900. She immediately contacted PayPal to dispute the charge—and is still waiting for a refund—but she also knew that getting PayPal to intervene wouldn’t solve the larger problem. Someone had purchased Facebook or Instagram ads using her PayPal account, and she felt she had no way to report this behavior to Meta and stop any future payments because Meta had disabled all of her accounts.

“This is so unfair to business owners and seems criminal,” Lalani told Ars.

What happened to Lalani has happened to seemingly dozens of individuals and small business owners who complain on the subreddit, r/facebookdisabledme. A hacker gains access to a Meta account, then adds their account to the business owner’s ad account before removing the original account owner. At that point, the hacker has completely taken over the ad account. The hacker then moves quickly to knock the original user off Meta before they notice the ad account has been commandeered. To do this, the hacker posts inappropriate content such as pornography, which quickly prompts Meta content moderators to disable the original account. When an account is disabled, small business owners told Ars they’re “in an impossible position,” just like Lalani was. Many business owners told Ars that any attempts to appeal Meta’s decisions are repeatedly rejected.

See also  UK-based Hack The Box secures €51m for its 'gamified' cybersecurity training and upskilling platform

“Complaints to Facebook have essentially gone unheard,” Darel Parker, a commercial photographer who also lost access to his business accounts, told Ars.

Parker collects complaints on the subreddit. He also launched a website to keep track of developments with accounts disabled by Meta for being hacked. Last week, he said he lost access to several Instagram and Facebook accounts, as well as two dozen other business accounts that he manages as part of his business. He said that in addition to some users struggling to get refunds after hackers take over their ad accounts, business owners suffer emotional distress, loss of reputation and subsequent loss of revenue.

When Parker’s accounts were disabled, he contacted Facebook via email, through the support portal, and tagged Facebook and Meta on Twitter, but like many others in the subreddit, he received no response. So he tried to go over Meta’s head and contact officials, including the FBI Internet Crime Complaint Center and the California Attorney General.

Other Redditors have posted success stories from contacting the Attorney General, and pasting letters they received in response. In those cases, the attorney general told Facebook users, “We will write to the company you have a complaint about and ask for a response from them regarding your concerns.” But even those Redditors who are successful report that going this route usually takes a month before accounts are restored. One Redditor suggested that contacting the Attorney General only helped half the time.

A Meta spokesperson told Ars that the best way to notify Meta of problems with hacked accounts is via and

See also  33 years later, there's finally a capture card for recording Game Boy games

“We have invested significant resources in detecting and preventing this type of fraud and helping everyone who has been affected regain access to their accounts,” a Meta spokesperson told Ars. “While many of the improvements we’ve made are hard to see – because they’ve prevented people from having problems in the first place – we know that fraudsters are always trying to get around our security measures. We know that experiencing any kind of business interruption can be frustrating, especially at such a critical time of year. We regularly improve our methods to combat these scams and have built teams dedicated to improving the support we can offer to people and businesses.”

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *