Meta Abandons Hacking Victims, Draining Law Enforcement Resources, Officials Say (wired.com) 58
41 state attorneys general penned a letter to Meta's top attorney on Wednesday saying complaints are skyrocketing across the United States about Facebook and Instagram user accounts being stolen, and declaring "immediate action" necessary to mitigate the rolling threat. Wired: The coalition of top law enforcement officials, spearheaded by New York attorney general Letitia James, says the "dramatic and persistent spike" in complaints concerning account takeovers amounts to a "substantial drain" on governmental resources, as many stolen accounts are also tied to financial crimes -- some of which allegedly profits Meta directly.
"We have received a number of complaints of threat actors fraudulently charging thousands of dollars to stored credit cards," says the letter addressed to Meta's chief legal officer, Jennifer Newstead. "Furthermore, we have received reports of threat actors buying advertisements to run on Meta." "We refuse to operate as the customer service representatives of your company," the officials add. "Proper investment in response and mitigation is mandatory."
"We have received a number of complaints of threat actors fraudulently charging thousands of dollars to stored credit cards," says the letter addressed to Meta's chief legal officer, Jennifer Newstead. "Furthermore, we have received reports of threat actors buying advertisements to run on Meta." "We refuse to operate as the customer service representatives of your company," the officials add. "Proper investment in response and mitigation is mandatory."
how do you steal a facebook account? (Score:3)
Re:how do you steal a facebook account? (Score:4, Insightful)
Reused passwords from previous leaks and SIM swap attacks [wikipedia.org] to get around SMS 2FA.
Re: (Score:3)
Credential stuffing, mostly. The tools are there to keep your account secure (MFA, etc) but most people don't bother. Facebook doesn't require them because the more difficult it is to log in, the fewer people are going to bother logging in next time their session expires.
Re: (Score:2)
Ask for the FAQ the helpful guys at https://www.fbi.gov/contact-us
100% method of prevention (Score:5, Insightful)
My 100% effective method of preventing my account from being stolen is to not have a facebook/meta account.
Re: (Score:2)
My 100% effective method of preventing my account from being stolen is to not have a facebook/meta account.
If you sign up with a junk e-mail address that is only used on Facebook and nowhere else, you're pretty much off the grid as far as hackers are concerned. I'd also say it's probably a good idea to never give Zuck your credit card info, but that's mostly just because of Meta being scummy in general and likely to end up billing you for something you accidentally clicked on.
I wouldn't be entirely surprised if some of this "hacking" is really just kids getting into their parents' Facebook accounts (because the
Re: (Score:3)
Re: (Score:1)
Cool, how long haven’t you owned a tv for?
Re: (Score:2)
Cool, how long haven’t you owned a tv for?
Since he'd been around the world and found that only stupid people are breeding.
Re: (Score:1)
*woosh* [youtu.be]
Re: (Score:2)
Thank you AC!
(Never thought I would say that...)
I couldn't recall where that phrase was from.
Re: (Score:2)
Oh man I wish I had mod points so I could throw you a +1 funny!
Re: (Score:2)
I'll definitely let you know as soon as I haven't owned one.
Re: (Score:2)
Last TV I bought was when I was a student.
Re: (Score:2)
That didn't work for me; someone merely made a Facebook account in my name instead. As it turns out they don't scrutinize that very carefully either.
They'll get back to you in a couple of months (Score:5, Informative)
My sister had her account stolen. Some bot logged in at 4AM her time, changed the password and removed her "trusted friends" or whatever they call the people that can vouch for you to retrieve the account. It changed the account e-mail address and mobile phone number.
So she woke up, locked out and with an e-mail about suspicious activity. There was a link to click to report the activity as fraud and retrieve the account. However Facebook would not sent a password reset link to her address or phone - only the current accounts owned by the bot. So what was the point of detecting and reporting the suspicious activity if they will not let you use the accounts from before the suspicious activity? Not even the e-mail address they sent the suspicious e-mail report to?
They allow bots to immediately disable all of the protections you an set up. No customer service is reachable. The bot spammed her contacts with messages for some scam. Friends reporting her account as stolen did nothing.
A few months later they did get back to her and restored her account access; I guess the scammer was done with it?
Re:They'll get back to you in a couple of months (Score:5, Informative)
Customer service is working as intended. Remember, with Facebook, the real customers are the advertisers. Regular users are the product.
Re: (Score:1)
Customer service is working as intended. Remember, with Facebook, the real customers are the advertisers. Regular users are the product.
Funny enough last time I sold a product to a customer the product supplier was reachable by the phone, as was the distributor, as was I to them.
The "you're the product" is a dumb low-IQ take on this. Meta has an interest in keeping their customers and their products happy, otherwise what would they sell?
Re: (Score:3)
their product is "dumb low-IQ" users
no reason to do better if they keep falling for it.
Where did you get that idea? (Score:3, Interesting)
The "you're the product" is a dumb low-IQ take on this. Meta has an interest in keeping their customers and their products happy
Good lord, where did you get that idea?
Meta can abuse customers however they like, and they keep coming back.
As long as that is true why should they bother to make anyone happy?
Not to mention the whole point of social media is to make people unhappy anyway. Unhappy people consume more product to fill the void.
Hope that helps you understand the current market dynamics.
Re: (Score:2)
Meta can abuse customers however they like, and they keep coming back.
Customer's or products? Keep your wording consistent.
But the reality is we're discussing a very story right now where customers *can't* come back. That's where I get the idea, it's literally in the title of the story.
Re: (Score:1)
Customer's or products?
They are the same picture.
But the reality is we're discussing a very story right now where customers *can't* come back.
Sounds like you were not aware that users do eventually get accounts back (months later), or simply make new accounts.
You should try reading more I guess? Or even thinking a tiny bit? Nah, you do you!
Re: (Score:2)
They have an interest in keeping its production line moving. Facebook dealing with users is more akin to quality control. Just think of it as sending a technician to unclog a stuck chicken soup nozzle.
However if you were an advertiser, I bet you'll be able to get ahold of someone in a hurry if you have a problem.
Re: (Score:2)
That's not really informative. Her being off Facebook for a few months and not viewing ads or doing other stuff facebook would like to track is not a benefit to them. Nor is the harassment of her connections by a scammer and the slight reputational harm.
They've just likely calculated that the effort to address isn't worth those impacted users.
Though I'm not sure how much effort allowing the previous e-mail account, which they sent the detected suspicious activity alert to, to be used for recovery could real
Re:They'll get back to you in a couple of months (Score:5, Insightful)
In Facebook's eyes, you are livestock. A certain percentage of the livestock is expected to be damaged during handling. Maybe there's a hole in the fence and a fox got in, damaging some of the livestock. They'll eventually send a farmhand to patch the hole and clean up the mess. However the top priority is to get the product to the buyer on time.
I guarantee this is the mentality of Facebook's management. Sure, they have an interest in making sure the platform feels "safe" so as not to scare the livestock, but ultimately a few minor problems isn't going to prompt any significant response until it starts affecting their bottom line.
Re:They'll get back to you in a couple of months (Score:4, Insightful)
I suspect your sister fell for a phishing link in an email. "Hi! This is Facebook and your account has been compromised. Please click on the phishing link below so we can get your credentials."
Re: (Score:3)
This is what I was thinking. I get stupid message through messenger from obvious fake accounts trying to tell me my business page is going to be shut down if I dont do something, or violates some guideline or some other nonsense, but its clearly a fake. Its so obvious, yet people aren't smart enough to realize it.
Re: (Score:2, Interesting)
It doesn't need to be from email. There are *active* exploits (and have been for years) where you will get an unsolicited message *on facebook*, usually from a compromised account of someone on your friends list, and clicking that link stealthily hijacks your browser, which they then use your logged in facebook account to do their dirty work (including taking over said account). If the user has the awareness to notice what happened, trying to use facebook's system to try and get it back just has the bot tha
Re: (Score:2)
I'd not be surprised if they're selling this as a feature to their valued advertisers.
Cesspool (Score:4, Interesting)
The entire place is now a clearing house for hacking people. After hundred's of "suggested for you" posts have been added in the past few months, I would say most of them are the bad guys in action.
My VPN yells at me when I click on them. And the sites they try to take you to appear to have nothing to do with whatever the suggestion was.
Overrun by the bad guys. And many people I know are pwned - you know it when you get multiple friend requests from the same person.
My analysis is twofold. When you close suggested groups or pages, Facebook is supplying the bad guys with data that tells them your orientation political or otherwise. And if you get pwned, more the merrier. Is this a run up from state actors as we approach the 2024 general election? I haven't made a deeper dive, but will. But it is not unreasonable to say tyhat the same thing that happened in 2016 and 2020 is on repeat cycle, and FB is a rather smelly cesspool.
Re: (Score:2)
It's like being in a minefield where almost all the ground is mined. Almost anything you do is likely to have a bad result, whether it's taking a step or clicking a link. Sooner or later, *boom*.
Re: (Score:3)
It's like being in a minefield where almost all the ground is mined. Almost anything you do is likely to have a bad result, whether it's taking a step or clicking a link. Sooner or later, *boom*.
And how! I know if I didn't have to be there, I wouldn't. I think I'm going to set up a sacrificial computer.
Re: (Score:2)
I think I'm going to set up a sacrificial computer.
I seriously doubt any of the malware you'll encounter is sophisticated enough to break out of a VM. At any rate, unless Meta puts you on their payroll, I'd let someone else security audit their sponsored content.
Re: (Score:2)
rather not be on Facebook, but has to be,
cant wait for your "Im leaving social media now" declaration
Re: (Score:2)
rather not be on Facebook, but has to be,
cant wait for your "Im leaving social media now" declaration
It's part of my job, homie.
Re: (Score:2)
but then you rejoin in a few weeks because really you cant stay away from it
No way (Score:4, Interesting)
I can't believe that a company like Meta would ignore and abandon their users just to avoid spending millions of dollars.
Meta, Facebook, Instagram, Threads (Score:2)
Credit cards? (Score:5, Insightful)
Re: (Score:2)
Exactly! How mentally defective must someone be, giving credit-card details to an abusive partner like Facebook? Treating a social network like one's wallet, is looking for misery.
Crime-prevention is actually helping the criminals: As this proves, tracing the money is another vector for criminals to steal identity and money: Getting twice the benefit by phishing one idiot.
Re: (Score:2)
Exactly! How mentally defective must someone be, giving credit-card details to an abusive partner like Facebook? Treating a social network like one's wallet, is looking for misery.
Crime-prevention is actually helping the criminals: As this proves, tracing the money is another vector for criminals to steal identity and money: Getting twice the benefit by phishing one idiot.
A surprising number of people are just that stupid. They'll save their credit card anywhere because "it saves them time" and they genuinely think that it wont happen to them, the whole "what can the bad guys possibly do with my details" mentality of ignorant users which plagues cyber security. Add to that a mistaken belief that the bank is their friend and will help them out and some people are positively dangerous with a credit card.
Election season baby (Score:2)
Re: (Score:2)
This time around I think they've (Meta) "fixed" that problem by filling your feed with so much promoted garbage that you rarely see anything posted by your friends. All the obnoxious political memes are now drowned out by obnoxious ads. I guess that's a case of be careful what you wish for.
You get what you pay for. (Score:2)
What do you expect that thing you get "for free" turns around and makes YOU into the product?
The only thing Meta should be concerned about is their product leaving the platform. If you haven't already left, it's unlikely someone else's problem will cause you to leave.
Re: (Score:2)
Actual police work is difficult and boring. Easier to just harass the general public.
Re: (Score:3)
Problem is that the perps are usually in Russia, Nigeria, or similar countries where ripping off Americans through the internet is a semi-legitimate business model. That greatly complicates enforcement matters.
Re: (Score:2)
Globalized things without hegemony might have a slight defect. You've identified it. Lobbing missiles over stolen account information doesn't seem like a commensurate response.
It's almost if national borders might be meaningful and a globalized internet is a weakness, rather than a positive.
Re: (Score:2)
Fundamentally it doesn't change anything if a crime is unsolvable. Crime is crime. It's law enforcement's job. This is the online account equivalent for an AG saying "it's her fault for the way she dressed". It's not a case of "being customer service". It's not customer service's job to have crimes reported to them.
It's worse than that (Score:4, Interesting)
On facebook, scammers impersonate reputable artists and scam customers. The scammers are reported, and nothing happens. Their account stays up. Vigilante groups then spring up to warn people.
I often see ads where a scammer scrapes the video from a legit site selling a $10K tool and offers it for $39.95. It seems that whenever I report the scam, the stupid robot classifies me as "engaged" and sends me more
Facebook appears to have no quality control whatsoever
Zuck haiku (Score:2)
Zuck fucks users hard
Makes oodles of easy cash
Users love his cock
Know who you are (Score:1)
Why is this Facebook's fault? (Score:2)
As for 2FA - Almost all second factor authentication is less than worthless. SMS as a second factor should be banned. NIST explicitly calls it out in their shared secret best practices. The reason it is worse than useless is because almost places allow you to use the second factor to reset the first. So if
Users are the product (Score:1)