Meta Keeps Booting Small Biz Owners For Being Hacked On Facebook

Meta keeps booting small-business owners for being hacked on Facebook

Sheela Lalani is one of many small-business owners who depend on social platforms to generate extra holiday revenue. Her Instagram shop with unique, artisan-made children’s clothing—adorably modeled by smiling kids who joyfully twirl in her dresses—has attracted nearly 13,000 followers. She recently rolled out her holiday collection, when suddenly Meta deleted her Instagram account, and any hope she had of promoting her new clothing to followers was dashed. They also disabled her personal Facebook account, her Facebook business page, and her newest Instagram boutique shop profile.

Lalani was dismayed, but then the situation got worse. Despite the disabled accounts, the PayPal account she linked to her social media pages to buy ads to promote her businesses got hit with a $900 charge. She immediately reached out to PayPal to dispute the charge—and is still waiting for a refund—but she also knew that getting PayPal to intervene wouldn’t fix the larger problem. Someone had bought Facebook or Instagram ads with her PayPal account, and she felt she had no way of reporting this behavior to Meta and stopping any future payments because Meta had disabled all of her accounts. [Update: A PayPal spokesperson told Ars that they’ve assisted Lalani with getting her refund.]

“This is so unfair for business owners and seems criminal,” Lalani told Ars.

What happened to Lalani has happened to seemingly dozens of individuals and small-business owners, as evidenced by their complaints on the subreddit, r/facebookdisabledme. A hacker gains access to a Meta account, then adds their account to the business owner’s ad account before removing the original account owner. At that point, the hacker has taken over the ad account completely. Then, the hacker moves quickly to knock the original user off Meta before they notice the ad account has been commandeered. To do this, the hacker posts inappropriate content like pornography, which quickly prompts Meta content moderators to disable the original account. Once an account is disabled, small-business owners told Ars, they are “in an impossible position,” just as Lalani was. Many business owners told Ars that any attempts to appeal Meta’s decisions are repeatedly rejected.

“Complaints to Facebook have gone essentially unheard,” Darel Parker, who works in network engineering and systems management and also lost access to his business accounts, told Ars.

Parker is compiling complaints on the subreddit. He also launched a website to keep track of developments with accounts disabled by Meta for being hacked. Last week, he said he lost access to several Instagram and Facebook accounts, as well as to two dozen other business accounts that he manages as part of his business. He said that in addition to some users struggling to get refunds after hackers commandeer their ad accounts, business owners suffer emotional distress, reputational loss, and subsequent income loss.

When Parker’s accounts were disabled, he reached out to Facebook by email through its support portal and tagged Facebook and Meta on Twitter, but like many others in the subreddit, he received no response. So, he tried to go above Meta’s head, contacting officials, including the FBI Internet Crime Complaint Center and California’s attorney general.

Other Redditors have posted success stories from contacting the attorney general and pasting letters they got in response. In those cases, the attorney general told Facebook users, “We will write to the company that you have a complaint against and request a response from them regarding your concerns.” But even those Redditors who are successful report that going this route typically takes a month before accounts get reinstated. One Redditor suggested that contacting the attorney general only helped half the time.

A Meta spokesperson told Ars that the best way to notify Meta of issues with hacked accounts is via facebook.com/hacked and instagram.com/hacked.

“We’ve invested significant resources into detecting and preventing these kinds of scams and helping anyone who’s been impacted regain access to their accounts,” Meta’s spokesperson told Ars. “While many of the improvements we’ve made are difficult to see—because they’ve prevented people from having issues in the first place—we know that scammers are always trying to get around our security measures. We know it can be frustrating to experience any type of business disruption, especially at such a critical time of the year. We regularly improve our methods for combating these scams and have built teams dedicated to improving the support we can offer to people and businesses.”

READ MORE HERE