Come Watson — there is trouble afoot!
I have just learned the hard lesson that hackers can steal your Facebook pages right out from under you.
I manage a number of Facebook Business Pages (formerly termed ‘fan pages’). As of about a week and a half ago, three of these pages somehow got hacked. Somewhere in this this timeframe, the hackers have been able to assert themselves as administrators of these pages. Even worse, on two out of these three pages, the hackers have been able to delete me from the list of administrators of those pages. Read that again, and give it a moment to sink in…
Got it? Now here’s the kicker — so far Facebook seems unwilling to try to rectify the situation.
With the recent page redesign, it took several days before I realized that I had been hacked. I thought I was just caught in some transitional SNAFU. No such luck.
After realizing I’d been hacked, it took several days of concerted effort to try to contact a human within Facebook. After making contact, their reply seems to be a decided unwillingness to assist in the problem.
Now for the sordid tale…
About a week and a half back, the following seemingly innocuous drivel was posted to three of my pages:
I thought it was kinda insipid. However, not wishing to sadden a foreign fan, who perhaps had some emotional investment, I just left it be. Incidentally, google translates this as Albanian for Give the fans a little like ksaj site because it is a good site sh. Whatever the heck that is supposed to mean.
Later that day, a Usual Suspects ‘Group’ (as opposed to Usual Suspects Business Page, which we have been discussing up to this point) sprung into existence. Curiously, anything posted on the new Group also appeared on our Page, and anything posted on our Page appeared on this new Group. Weird. This factored directly into my assumption that FB was just hosed again, as they were in the midst of re-designing the facilities in the Business Pages.
A couple days later, I went to create a FB Event for a gig the Usual Suspects had coming up, on the Usual Suspects Page. I found that I was unable to do so. Further, I discerned that the reason I could not create an event was due to the fact that I was no longer an administrator for this page. Still thinking it to be a temporary SNAFU related to the Page facility redesign, I shrugged it off.
Eventually, on the 24th of February, the above spam reappeared. A friend of mine pointed out that it appeared nearly simultaneously on three pages I created, and (until I was cast off) administered:
http://www.facebook.com/usualDashSuspectsDotNet – The Usual Suspects
http://www.facebook.com/NovaDashKDotNet – Nova-K
http://www.facebook.com/LeeThomasBand – The Lee Thomas Band
These posts must be annoying at least some of our fans. So I decided to delete them from these pages. It was at this point that I discovered, to my horror, that I had lost administrative privileges to both Usual Suspects and Nova-K.
Interestingly, I still had privileges to Lee Thomas Band (I theorize below as to why this may have escaped the fate of the other pages). This led me to viewing the page as administrator, and viewing the administrators for this page. I noted then that administrative privileges had been granted to 5 people I had never heard of:
- Ervin Gjurra
- Argent Metallaj
- Da Rk THunder
- Taulant Kocillari
- Don Kevii Unic
I revoked the administrative privileges of these five. I then started trying to report these people. Unfortunately, FB has no means of reporting that they have hacked my account. The nearest I could find was:
- Report User > Fake Profile > Impersonating > Joe Bear
as it seemed the closest match.
I spent some time perusing the profiles of these hackers. Interestingly, ‘Taulant’ lists ‘Argent’ as one of his/her over a dozen siblings – may this denote a hacker family?
How did this happen?
I wish I knew. Here is what I think I can deduce. I don’t know how, but it seems clear that one of these five hackers was able somehow to hack my personal profile. Upon doing so, they granted themselves, and their friends, administrative privileges to three of my Business Pages. Why only three, when there are several more they could have hacked? I have no idea. After getting in, they deleted my personal profile’s administrator status for two of these three Biz Pages.
In the case of the third page, I retained my administrator privileges. Did they try to cast me off here too? I don’t know. However, at the time of the attack, I had an active FB Ad running for this page. Perhaps administrators cannot be cast out while running Ads for the page in question?
When I marhall the mental energy, I’ll generate a new post outlining the (rather unhelpful) communication I have so far had with humans at Facebook about this issue. Word of warning- so far, it ain’t pretty.