Since my Facebook was hacked last week, I’ve spent a lot of time looking into other people’s stories of being hacked, whether or not their accounts were recovered, and what happened to them. There is a subreddit dedicated to Redditors supporting each other and sharing tips about what happened to them and which solutions were effective. A court filing website, People Clerk, is often recommended as a method to serve letters of intent to Meta Platforms. Since some people have reported success with this method, I gave it a whirl and I’m waiting to hear back. I may be able to sue Meta Platforms in small claims court to recover the money lost in the transaction PayPal deemed “valid.”
One method that is no longer effective? Contacting the office of the California State Attorney General with a consumer complaint against Facebook. In the past, writing to the office has produced hit-or-miss results, until late 2023, when the office began responding to complaints about Meta with a form letter indicating that they are no longer responsible for helping consumers deal with Facebook problems:
Thank you for contacting the Office of the California Attorney General regarding the loss of access to your Meta social media account.
We regret that we cannot provide you with direct assistance in restoring access to your account. Our office is prohibited by law from representing individual consumers in legal matters. We do, within the limits of our resources, bring lawsuits for violations of California law in cases of statewide significance, but we do so as a law enforcement agency, representing the people of the state, rather than on behalf of individual Californians.
We are aware of social media posts stating that Attorney General’s offices can intercede on your behalf with Meta and compel them to reinstate a disabled account, recover a hacked account, or restore access to a lost account. These posts are not authorized by any government agency and do not accurately reflect the role of attorneys general in the handling of consumer complaints.
Which is really an interesting position, considering a) actual identity theft is occuring, b) people are losing all their god damn money, and c) Rob Bonta signed a letter to Meta in March directly addressing these hacks and thefts, which actually profit Meta Platforms. These complaints do not represent “individual consumers,” but a rapidly growing group of victims.
The hackers who stole my money paid it back into Facebook ads. They got into my bank accounts, but Facebook held the door for them and took a cut. If only there was some kind of office, maybe at a state level, that could investigate and prosecute theft perpetrated by businesses registered in that state. But hey, Rob Bonta signed a letter, right?
I’m a nice person. But fuck with my money, and I become intensely persistent. My autism-fueled obsession with fairness and justice wouldn’t let this slide. I put my ability to hyperfocus to work. I scoured Bonta’s past campaign contributions for evidence of Mark Zuckerberg, his wife, the organizations through which they make their political contributions, Meta Platforms, Facebook, and came up with nothing. There doesn’t seem to be a financial or political benefit to letting Meta operate a system of self-enrichment through cyber crime. So, why hasn’t the AG taken action? This is certainly within the purview of the office. Why did it take the initiative of the New York State Attorney General to address this, when Meta Platforms is, I cannot stress this enough, a company registered to do business in the state of California and which is actively engaging in cybercrime?
I wrote a letter of my own to Michigan State Attorney General Dana Nessel (but I’ve redacted specific details here for privacy):
On March 14, 2024, I became the victim of a widespread security flaw on Meta Platform’s Facebook social media service and lost a considerable amount of money. Despite 2factor authentication, my account was accessed and disabled by hackers, with no recourse to appeal. There is no way to contact a Meta representative personally to resolve this issue, as experience by many people in the same situation.
Because I ran business ads on the platform and utilized Facebook marketplace in the past, my financial information was linked to my Facebook account, but I had no way to protect that information once Meta locked me out. I believed that my account had been disabled, and therefore the information was just gone. Having fraud alerts set up on my credit union accounts also put my mind at ease.
Overnight between March 16 and 17, multiple payments were withdrawn from my business account by Meta Platforms. These transactions were labeled as being used by their ad service. Overnight, four separate charges for [redacted] were made to Meta, as well as a [redacted] charge. Other charges were made on the 15th, for [redacted]. On the 14th, Charges were made for [redacted].
In addition to the charges to my business account, they were also able to access my personal account, and charged [redacted], which finally triggered my credit union’s fraud alert. Another charge was made to my Paypal account for [redacted].
In total, I was robbed of [redacted] Neither my credit union, [redacted], nor Meta Platforms, flagged the suspicious activity until it was far too late to prevent it. An initial email to Meta Platforms received no response.
I am a very small business owner (the approximately [redacted] taken from my business account was the only money my company had). My family relies on my income to survive. We are not rich people. This is a devastating blow. Until and unless the fraudulent charges are removed and refunded, we cannot pay our bills, rent, or feed our children. I have taken steps to secure my bank and paypal accounts (as much as I can, considering I found the fraud on a Sunday.) I have reported the fraudulent transactions to [redacted]’s cardholder services, and to Paypal. In addition, I have filed a report online to the Federal Bureau of Investigation’s IC3 division, and will be filing a report with my local township police department to cover my bases.
I’m enraged at the lack of care taken by Meta Platforms to secure the data of their users, and their flagrant disregard for those who use their services. There is no way to contact Meta in these cases. They do not seem to be required to operate any kind of fraud department to deal with these cases, and, while I have CCed the California State Attorney General, other victims of this crime have been informed that the AG’s office will not longer act on complaints made about Meta. It seems that at this point, Meta Platforms is an enormous publicly traded entity operating without sufficient oversight and without regard for the safety of the data they collect.
The resolutions I’m seeking are as follows:
-The immediate restoration of funds to my accounts.
-An apology from Meta Platforms and the restoration of my original business and personal accounts so that I may retrieve my data and block this from happening in the future. As long as I don’t have access to the account and hackers do, there is no way for me to remove my banking information from their service.
-A warning from the State Attorney General’s Office to be issued to Michigan residents about the use of any of their banking information through any Meta Platforms service, such as Facebook, Facebook Marketplace, Instagram, Threads, et. al., as even a cursory internet search will uncover that this issue is widespread across the United States and receiving no attention whatsoever. Consumers deserve to know, so that they can protect themselves.
-An investigation into the insufficient fraud alert system utilized by [redacted], a financial institution operating out of and registered within the State of Michigan. And an apology from [redacted], because I’m petty and angry.
I am thankful for any and all responses and help I receive. Residents of Michigan–and the United States at large–should be warned of the dangers of using Meta Platforms to carry out any business or personal transactions. They are assured by Meta that their data is secure, but they’re either unaware of these issues (due to inaccessible “customer service”) or they simply believe they can lie to consumers and get away with it.
I CCed this letter to my state and federal representatives and senators. Monday, I received a reply from the Director of Constituent Relations at the office of Representative Rachelle Smit,
Michigan House District 43. After my surgery tomorrow and however much recovery time I need before I can deal with all of this, I’ll update with who has and has not responded. If something goes dramatically wrong and I die, please continue to tell everyone how shitty Meta is.
I also CCed this to local media, as a common thread in all the stories I’ve read online is that people simply do not understand how lax the security is at Meta and how much money they’re making from allowing these hacks to happen. I truly believe that this is not a bug, but a feature. Meta Platforms knows it profits them to allow criminals to steal from their users. There is no financial incentive for them to stop this widespread issue, and government offices pretend they are powerless.
Perhaps that’s because Meta Platforms spent more than $19,000,000 annually on political lobbying.
Please, continue to spread the word to your friends and family to disengage their banking information from all Meta Platforms services. Most people only learn of the danger once it happens to them.
So sorry this happened to you. Nice work on researching and getting the word out. I really learned something here – not just about Facebook but also all the ways and people you can inform and request assistance from. Excellent letter to the AG. I hope you get some resolution soon from someone! Sending good vibes on your surgery
That is so frustrating. My husband’s instagram account was hacked and taken over as well doing the same thing as yours, it seems. Luckily, no financial information was tied to it but it was his business account so we lost connection to some of our customers and they used the account to push crypto shit so we looked like scammers. We got to a point where we sent photo proof that the account was his but then heard nothing. We never got the account back and gave up on instagram. The fact that they don’t have a department in place that helps users get their accounts back is infuriating. These social media platforms need to be hit with all of the regulations.
I realized tonight that you were no longer on FB. I couldn’t imagine that you would have unfriended and blocked me after all these years, so I figured something happened to your account and came to your blog to see if you wrote about it. I’m so sorry you’re going through this and it’s so frustrating that Meta isn’t doing anything to help victims of these scammers. I hope this gets straightened out soon and I’ll be able to see you on FB again. I was really upset that I couldn’t see your posts! The last post I remember was of your dog Coraline looking sad at the neighbor’s kids playing, like she wanted to go play with them.
Jenny, have you considered filing a complaint with the FTC? You can report at https://reportfraud.ftc.gov/. The FTC handles US consumer protection complaints, including data security, and they have the ability to pursue violations of Meta’s previous consent orders with the FTC, which have additional protections (like requiring sufficient information security practices).
I don’t know how much it would benefit you individually. The FTC has the power to settle claims and provide consumers with “redress” (like a refund but specific to the FTC), but they don’t always do it. But if the goal is to scorch the earth against Meta and bring every power to bear against their absolutely shitty practices, it could help.
I’m so sorry this happened to you.
Considering how often friends and relatives get their Facebook accounts hacked, I guess I’m not *really* surprised by Meta having such lax security. I mean, I suspect some of them are not exercising basic data protection and scam recognition techniques, but truly, hacking and scams CAN happen to anyone. They’re not all as obvious and ham-fisted as the archetypal “Nigerian prince” scam.
I have never used Facebook ads or sold anything on Marketplace so I don’t think my payment info would be stored anywhere? A cursory glance through my settings didn’t turn up anything I would need to remove, so damn I hope I’m at least safe from *that.*
Ugh. Anyway, I really, REALLY hope you can get your money back, even if you have to raise hell to do it. I support the politicians and executives responsible for this gross of lack of oversight receiving a bit of hell.
I quit Facebook…wow, over a decade ago because it was detrimental to my mental health. (Seriously.) I’m still on Instagram/Threads (so I can post flowers), but I never gave them my financial information. It’s absolutely infuriating that this is going on, and that Meta is cashing in on fraud like that. May there be vengeance!