Searchlight, one of the three weekly newspapers published in St. Vincent and the Grenadines, has described as “callous” the response of Meta, owners of Facebook and Instagram, after hackers took over the publication’s Facebook page in January.
“The company has reported the breach to Meta using all available means, to no avail,” a press release from the publication quoted its editor, Corletha Ollivierre as saying.
Hackers have taken over Searchlight’s Facebook page, which the company spent over a decade curating, to the point that it has amassed 73,000 followers.
The company complained of the same inaction on the part of Meta that triggered a March 5 letter by 41 attorneys general in the United States to the social media giant.
In the letter, the National Association of Attorneys General pointed out to Meta that while account takeovers are not a new phenomenon, “… the frequency and persistence of account takeovers on Meta-owned platforms puts it in a league of its own”.
They said that in 2019, the New York Attorney General’s office received 73 account takeover complaints on Meta platforms.
“That number rose more than tenfold to 783 complaints by the end of 2023. In January 2024 alone, the office received 128 complaints.”
Meanwhile, in Vermont, it increased by 740% from 2022 to 2023, in North Carolina, 330% from 2022 to 2023, in Illinois, by 256% increase from 2022 to 2023, and in Pennsylvania, 270% from 2022 to 2023.
“Such statistics are extremely troubling. The substantial increase in complaints tells us that threat actors are winning the war and running rampant on Meta,” the attorneys general said.
‘untold reputational damage’
Searchlight said that not even the Royal St Vincent and the Grenadines Police Force had been able to get the attention of Meta.
The newspaper said that it first noticed unusual activity on its Facebook page on Jan. 31, when all its administrators were logged out, and then denied access to the page.
“There was no further activity on the page until March 6, when posts of a sexually provocative nature began appearing on the page and in its Facebook stories,” the publication said.
“In the meantime, untold reputational damage is being done to our brand,” Ollivierre said.
“Our company was founded in 1995 by a small group of Vincentians and it is frustrating to look on at the destruction of our hard work over the last 28 years and not be able to do anything,” the press release further quoted Ollivierre as saying.
“Meta has told us that their records do not show that we set up this page or that we are administrators. We find that strange, because we verified our ownership of the page with Meta a few years ago, so they know who we are. They have documents that attest to Interactive Media Limited’s ownership of the page.
“Also, a five-minute inspection of our website (searchlight.vc) or other social media platforms: Instagram – @searchlight_svg or X (Twitter) – @SearchlightSVG would show that the hacked page has all our branding and the same content as our other platforms prior to January 31, 2024.
“I find their inaction shows a callous disregard and utter disrespect for a media organization that has been doing business with them since 2011,” Ollivierre said.
Searchlight noted that law enforcement authorities in the United States have decried this “abandonment of hacking victims” by Meta.
In their letter, the attorneys general called on Meta to take immediate action “and substantially increase its investment in account takeover mitigation tactics, as well as responding to users whose accounts were taken over”.
The attorneys general said this is “crucial” not just to protect Meta users, “but to reduce the unnecessary resource burden being placed on our offices to handle these large numbers of user complaints.
“We refuse to operate as the customer service representatives of your company. Proper investment in response and mitigation is mandatory.”
They said their offices had experienced “a dramatic and persistent spike in complaints in recent years concerning account takeovers that is not only alarming for our constituents but also a substantial drain on our office resources.”
‘significant risk of financial harm’
The attorneys general said that in account takeover, threat actors compromise Facebook and Instagram user accounts and change passwords so that the rightful owner cannot access the account.
“Once threat actors gain access, they can usurp personal information, read private messages, scam contacts, post publicly, and take other nefarious actions.”
They said that consumers were reporting “their utter panic when they first realize they have been effectively locked out of their accounts”.
The attorneys general noted that users spend years building their personal and professional lives on Meta’s platforms, “posting intimate thoughts, and sharing personal details, locations, and photos of family and friends.
“To have it taken away from them through no fault of their own can be traumatizing,” they wrote, adding that the connections that users made and friendships that they forged become threatened.
“Even more alarming, there is a significant risk of financial harm to both the affected user and other individuals on the platform,” the attorneys general said.
They noted that many people use Facebook as a hub for their businesses or to engage in consumer transactions through Facebook Marketplace and some users even have credit cards tied to their accounts.
“We have received a number of complaints of threat actors fraudulently charging thousands of dollars to stored credit cards. Furthermore, we have received reports of threat actors buying advertisements to run on Meta.
“In some cases, the ads violate your terms leading to user accounts getting banned. Finally, there are reports of threat actors posing as trusted friends and offering products for sale, or posing as a friend in need, seeking money from their ‘friends’,” the attorneys general wrote.