Facebook Hack

Nobody ever thinks it will happen to them. But it’s happened to many people, and I don’t want it to happen to you. I’m talking about social media account hacking and the trickle down effect it can have when your account gets hacked.

I’m going to focus on Facebook today, because Facebook has many different levels that can be affected. If you are on Facebook, then you probably have a personal Facebook profile. This is the account you login to and post photos of your kids, your dog, share your status updates, etc.

If you have a business, then you may have created a business page. A business page is a public profile for your business. It has information about your business, like your hours, phone number, etc. and you can post photos and updates and news about your business there. Your followers “like” your business rather than become a “friend.” As an example, check out the Sumy Designs FB business page.

When you create your business page, you do it from within your personal account, even though your personal profile and business page are separate things. You manage them from within one login. I can login to Facebook and upload a photo of my dog and then post a special on my business page.

But wait, there’s more!

If you have a business and you want to run ads, you may also have a Facebook business account. The business account is separate from a business page, but it can own the business page. Are you confused yet? I am!

And! A business account can own multiple business pages. So say you have a business that has four locations, and each location has its own business page, that business account can own more than one page. And the business account can advertise for all four pages.

A business account can also manage a page that it doesn’t own, for example a marketing agency that does marketing for your business may be a manager or administrator of your business page. In fact, of many business pages.

And all three of these, your personal account, your business page, and your business account, are managed from one central login.

It kind of works, but it’s really complicated.

Ok, so now you know all the different kind of Facebook accounts, let’s talk about how to keep them safe. Of course, use a strong password Seriously, use a strong password. Then, also turn on two-factor authentication. I have a love hate relationship with two-factor authentication as someone who routinely needs access to accounts that don’t belong to me, but the truth is, it works as a hacking deterrent.

Because if someone hacks your personal account, they now have access to your business page if you have one. And if you also have a business account, they now have access so that too.

And if they change your phone number or email address, and then change your password, you can no longer do any kind of verification to regain access. And it’s really, really hard to regain access once these things have been changed. It’s hard to find a human at Facebook to help you.

So imagine a person has hacked your personal account, and the next thing they do is remove all the other admins of your Facebook page, so you and none of your other employees or business managers can access your page.

Losing access to your account is hard.

Plenty of people say, “Well, I hated Facebook anyway, so I don’t care.” But if someone has access to your account, they can do things in your name. Think about how many other services you may use your Facebook account to login to. There are probably more than you think. If your account gets hijacked, that person now has access to all of those accounts too. For example, if you use your FB account to order Door Dash, then the hacker can now order Door Dash and charge it to you!

But it gets even more insidious. If you have a business page, they can do things that damage your reputation as a business. They can post inappropriate status updates, profanity, or other things on your page that are unbecoming to your business.

If you have a business account, they can run ads in your account and bill it to you if you have a card on file. And maybe not even ads for your own business!

And if you don’t have a business account, they can create one and start doing very odd things.

A bizarre example

I do a lot of work with clients that involves helping them with their Facebook pages, and so I’m listed as an admin or manager on many different business pages. And recently I started getting notifications that one the business pages I am an admin on had products added. Pet products.

The business page is for a social services agency. They do not sell pet food. So I immediately contacted them to see if that was something they were doing (maybe a fundraiser I was not aware of) and they didn’t know anything about it.

Then the orders started rolling in. They received 29 orders in a matter of hours.

I had to unpublish this Facebook page to make the orders stop, and then it took many days of dealing with Facebook to figure out where the hack was, whose account was hacked, and how to clean up the e-commerce that was running on a business page that didn’t sell products. It was exhausting.

And this isn’t the only client Facebook hack I’ve helped people deal with recently.

Prevention is better than a cure

It’s really, really hard to fix these problems once you are hacked, the best defense is to prevent it in the first place. There are some steps you can take to secure your accounts today.

Use a hard password

Your password should be unique to your social account, and each social account should have a different password. Never use the same password you use for other accounts. Use a password manager to help you manage your passwords and keep your accounts safe.

Turn on two-factor authentication

Yes, it’s a pain to have to use Google authenticator or text verification each time you login from a new device. But it’s less of a pain than having to get your account unhacked. Think it won’t happen to you? It happens all the time.

For your business page

Add several administrators to your business page, that way if your personal account is compromised, other people still have access to the business page. If you are the only person on your business page, and your account gets hacked, you may lose access to your business page and it could be forever.

I also recommend that if you have a business account, you claim your business page within that business account, especially if you have other admins on your page. This way, if someone else’s Facebook account gets hacked, someone who is an admin on your page, they can’t claim ownership of the page in a separate business account.

I know it’s convoluted and complicated. And I hope you never have to deal with it. But losing access to your account can end up with some very bad outcomes.

If you do get hacked, you can visit Facebook’s page for hacked accounts to start the ball rolling to get access restored. You may need to jump through hoops and provide identity documents to prove you own the account. And even that doesn’t guarantee you’ll get it back.

Seriously, use strong passwords.

Posted in , | Tagged with
Amy Masson, Web Developer

Amy Masson

Amy is the co-owner, developer, and website strategist for Sumy Designs. She's been making websites with WordPress since 2006 and is passionate about making sure websites are as functional as they are beautiful.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.