Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Facebook IT

Meta Abandons Hacking Victims, Draining Law Enforcement Resources, Officials Say (wired.com) 58

41 state attorneys general penned a letter to Meta's top attorney on Wednesday saying complaints are skyrocketing across the United States about Facebook and Instagram user accounts being stolen, and declaring "immediate action" necessary to mitigate the rolling threat. Wired: The coalition of top law enforcement officials, spearheaded by New York attorney general Letitia James, says the "dramatic and persistent spike" in complaints concerning account takeovers amounts to a "substantial drain" on governmental resources, as many stolen accounts are also tied to financial crimes -- some of which allegedly profits Meta directly.

"We have received a number of complaints of threat actors fraudulently charging thousands of dollars to stored credit cards," says the letter addressed to Meta's chief legal officer, Jennifer Newstead. "Furthermore, we have received reports of threat actors buying advertisements to run on Meta." "We refuse to operate as the customer service representatives of your company," the officials add. "Proper investment in response and mitigation is mandatory."


This discussion has been archived. No new comments can be posted.

Meta Abandons Hacking Victims, Draining Law Enforcement Resources, Officials Say

Comments Filter:
  • by Big Hairy Gorilla ( 9839972 ) on Wednesday March 06, 2024 @03:37PM (#64295394)
    Asking for a friend.
  • by JustAnotherOldGuy ( 4145623 ) on Wednesday March 06, 2024 @03:40PM (#64295404) Journal

    My 100% effective method of preventing my account from being stolen is to not have a facebook/meta account.

    • My 100% effective method of preventing my account from being stolen is to not have a facebook/meta account.

      If you sign up with a junk e-mail address that is only used on Facebook and nowhere else, you're pretty much off the grid as far as hackers are concerned. I'd also say it's probably a good idea to never give Zuck your credit card info, but that's mostly just because of Meta being scummy in general and likely to end up billing you for something you accidentally clicked on.

      I wouldn't be entirely surprised if some of this "hacking" is really just kids getting into their parents' Facebook accounts (because the

      • Yup, exactly this. I have at least half a dozen email accounts, including a domain name not associated with my family's personal domain, and several layers of password security. Things like banking and shopping are tied to an email address that's not used at all on social media and use arduously complicated passwords unique to each site; social media sites that require personal ID verification get a different email address and a much simpler (bare minimum to meet the security requirements) password that's r
    • Cool, how long haven’t you owned a tv for?

    • That didn't work for me; someone merely made a Facebook account in my name instead. As it turns out they don't scrutinize that very carefully either.

  • by drafalski ( 232178 ) on Wednesday March 06, 2024 @03:45PM (#64295422)

    My sister had her account stolen. Some bot logged in at 4AM her time, changed the password and removed her "trusted friends" or whatever they call the people that can vouch for you to retrieve the account. It changed the account e-mail address and mobile phone number.

    So she woke up, locked out and with an e-mail about suspicious activity. There was a link to click to report the activity as fraud and retrieve the account. However Facebook would not sent a password reset link to her address or phone - only the current accounts owned by the bot. So what was the point of detecting and reporting the suspicious activity if they will not let you use the accounts from before the suspicious activity? Not even the e-mail address they sent the suspicious e-mail report to?

    They allow bots to immediately disable all of the protections you an set up. No customer service is reachable. The bot spammed her contacts with messages for some scam. Friends reporting her account as stolen did nothing.

    A few months later they did get back to her and restored her account access; I guess the scammer was done with it?

    • by TwistedGreen ( 80055 ) on Wednesday March 06, 2024 @03:53PM (#64295454)

      Customer service is working as intended. Remember, with Facebook, the real customers are the advertisers. Regular users are the product.

      • Customer service is working as intended. Remember, with Facebook, the real customers are the advertisers. Regular users are the product.

        Funny enough last time I sold a product to a customer the product supplier was reachable by the phone, as was the distributor, as was I to them.

        The "you're the product" is a dumb low-IQ take on this. Meta has an interest in keeping their customers and their products happy, otherwise what would they sell?

        • by zlives ( 2009072 )

          their product is "dumb low-IQ" users
          no reason to do better if they keep falling for it.

        • The "you're the product" is a dumb low-IQ take on this. Meta has an interest in keeping their customers and their products happy

          Good lord, where did you get that idea?

          Meta can abuse customers however they like, and they keep coming back.

          As long as that is true why should they bother to make anyone happy?

          Not to mention the whole point of social media is to make people unhappy anyway. Unhappy people consume more product to fill the void.

          Hope that helps you understand the current market dynamics.

          • Meta can abuse customers however they like, and they keep coming back.

            Customer's or products? Keep your wording consistent.

            But the reality is we're discussing a very story right now where customers *can't* come back. That's where I get the idea, it's literally in the title of the story.

            • Customer's or products?

              They are the same picture.

              But the reality is we're discussing a very story right now where customers *can't* come back.

              Sounds like you were not aware that users do eventually get accounts back (months later), or simply make new accounts.

              You should try reading more I guess? Or even thinking a tiny bit? Nah, you do you!

        • They have an interest in keeping its production line moving. Facebook dealing with users is more akin to quality control. Just think of it as sending a technician to unclog a stuck chicken soup nozzle.

          However if you were an advertiser, I bet you'll be able to get ahold of someone in a hurry if you have a problem.

      • That's not really informative. Her being off Facebook for a few months and not viewing ads or doing other stuff facebook would like to track is not a benefit to them. Nor is the harassment of her connections by a scammer and the slight reputational harm.

        They've just likely calculated that the effort to address isn't worth those impacted users.

        Though I'm not sure how much effort allowing the previous e-mail account, which they sent the detected suspicious activity alert to, to be used for recovery could real

        • by TwistedGreen ( 80055 ) on Wednesday March 06, 2024 @10:22PM (#64296316)

          In Facebook's eyes, you are livestock. A certain percentage of the livestock is expected to be damaged during handling. Maybe there's a hole in the fence and a fox got in, damaging some of the livestock. They'll eventually send a farmhand to patch the hole and clean up the mess. However the top priority is to get the product to the buyer on time.

          I guarantee this is the mentality of Facebook's management. Sure, they have an interest in making sure the platform feels "safe" so as not to scare the livestock, but ultimately a few minor problems isn't going to prompt any significant response until it starts affecting their bottom line.

    • by CaptainDork ( 3678879 ) on Wednesday March 06, 2024 @04:16PM (#64295544)

      I suspect your sister fell for a phishing link in an email. "Hi! This is Facebook and your account has been compromised. Please click on the phishing link below so we can get your credentials."

      • by kellin ( 28417 )

        This is what I was thinking. I get stupid message through messenger from obvious fake accounts trying to tell me my business page is going to be shut down if I dont do something, or violates some guideline or some other nonsense, but its clearly a fake. Its so obvious, yet people aren't smart enough to realize it.

      • Re: (Score:2, Interesting)

        by Anonymous Coward

        It doesn't need to be from email. There are *active* exploits (and have been for years) where you will get an unsolicited message *on facebook*, usually from a compromised account of someone on your friends list, and clicking that link stealthily hijacks your browser, which they then use your logged in facebook account to do their dirty work (including taking over said account). If the user has the awareness to notice what happened, trying to use facebook's system to try and get it back just has the bot tha

    • by CAIMLAS ( 41445 )

      I'd not be surprised if they're selling this as a feature to their valued advertisers.

  • Cesspool (Score:4, Interesting)

    by Ol Olsoc ( 1175323 ) on Wednesday March 06, 2024 @03:46PM (#64295426)
    As a person that would rather not be on Facebook, but has to be, I have done some research.

    The entire place is now a clearing house for hacking people. After hundred's of "suggested for you" posts have been added in the past few months, I would say most of them are the bad guys in action.

    My VPN yells at me when I click on them. And the sites they try to take you to appear to have nothing to do with whatever the suggestion was.

    Overrun by the bad guys. And many people I know are pwned - you know it when you get multiple friend requests from the same person.

    My analysis is twofold. When you close suggested groups or pages, Facebook is supplying the bad guys with data that tells them your orientation political or otherwise. And if you get pwned, more the merrier. Is this a run up from state actors as we approach the 2024 general election? I haven't made a deeper dive, but will. But it is not unreasonable to say tyhat the same thing that happened in 2016 and 2020 is on repeat cycle, and FB is a rather smelly cesspool.

    • It's like being in a minefield where almost all the ground is mined. Almost anything you do is likely to have a bad result, whether it's taking a step or clicking a link. Sooner or later, *boom*.

      • It's like being in a minefield where almost all the ground is mined. Almost anything you do is likely to have a bad result, whether it's taking a step or clicking a link. Sooner or later, *boom*.

        And how! I know if I didn't have to be there, I wouldn't. I think I'm going to set up a sacrificial computer.

        • I think I'm going to set up a sacrificial computer.

          I seriously doubt any of the malware you'll encounter is sophisticated enough to break out of a VM. At any rate, unless Meta puts you on their payroll, I'd let someone else security audit their sponsored content.

    • Comment removed based on user account deletion
  • No way (Score:4, Interesting)

    by JustAnotherOldGuy ( 4145623 ) on Wednesday March 06, 2024 @03:50PM (#64295444) Journal

    I can't believe that a company like Meta would ignore and abandon their users just to avoid spending millions of dollars.

  • They all need to just die, close the entire domain
  • Credit cards? (Score:5, Insightful)

    by ddtmm ( 549094 ) on Wednesday March 06, 2024 @03:53PM (#64295452)
    Who saves their credit card info on Facebook??
    • ... credit card info on Facebook??

      Exactly! How mentally defective must someone be, giving credit-card details to an abusive partner like Facebook? Treating a social network like one's wallet, is looking for misery.

      Crime-prevention is actually helping the criminals: As this proves, tracing the money is another vector for criminals to steal identity and money: Getting twice the benefit by phishing one idiot.

      • by mjwx ( 966435 )

        ... credit card info on Facebook??

        Exactly! How mentally defective must someone be, giving credit-card details to an abusive partner like Facebook? Treating a social network like one's wallet, is looking for misery.

        Crime-prevention is actually helping the criminals: As this proves, tracing the money is another vector for criminals to steal identity and money: Getting twice the benefit by phishing one idiot.

        A surprising number of people are just that stupid. They'll save their credit card anywhere because "it saves them time" and they genuinely think that it wont happen to them, the whole "what can the bad guys possibly do with my details" mentality of ignorant users which plagues cyber security. Add to that a mistaken belief that the bank is their friend and will help them out and some people are positively dangerous with a credit card.

  • hacked Facebook accounts are going to be a hot property. That and crypto scams with a side of pig butchering.
    • This time around I think they've (Meta) "fixed" that problem by filling your feed with so much promoted garbage that you rarely see anything posted by your friends. All the obnoxious political memes are now drowned out by obnoxious ads. I guess that's a case of be careful what you wish for.

  • What do you expect that thing you get "for free" turns around and makes YOU into the product?

    The only thing Meta should be concerned about is their product leaving the platform. If you haven't already left, it's unlikely someone else's problem will cause you to leave.

  • It's worse than that (Score:4, Interesting)

    by MpVpRb ( 1423381 ) on Wednesday March 06, 2024 @04:14PM (#64295536)

    On facebook, scammers impersonate reputable artists and scam customers. The scammers are reported, and nothing happens. Their account stays up. Vigilante groups then spring up to warn people.
    I often see ads where a scammer scrapes the video from a legit site selling a $10K tool and offers it for $39.95. It seems that whenever I report the scam, the stupid robot classifies me as "engaged" and sends me more
    Facebook appears to have no quality control whatsoever

  • Zuck fucks users hard
    Makes oodles of easy cash
    Users love his cock

  • You need to know who you are in Meta's food chain. If you're a user, you're value is in the info they collect about you, nothing else about you matters to them. Those that matter to Meta, have corporate accounts on a much more secure system.
  • If your account is valuable to you then use a secure password. It isn't that hard. People are losing their accounts due to reusing passwords. You aren't Facebooks customer. They owe you nothing.

    As for 2FA - Almost all second factor authentication is less than worthless. SMS as a second factor should be banned. NIST explicitly calls it out in their shared secret best practices. The reason it is worse than useless is because almost places allow you to use the second factor to reset the first. So if
  • Meta provides service to advertisers, who would not care if the ad is shown to scammers or real users, so moving accounts around with law enforcement help seems perfectly logical business strategy to customize the ad-experience.

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...