Whether you want to admit it or not, Facebook has become an integral part of many lives.
It's a way to connect with family and friends, or for businesses to thrive and reach new customers. But frustration is growing for many Facebook users who say they were shut out of their accounts after hackers hijacked their login information and changed their passwords.
Many cyber security analysts say these types of social media account takeovers are happening more often these days, based in part due to the value associated with social media account information sold over the dark web.
Social media credentials, by some accounts, are more valuable than social security numbers and other personal identifiable information, experts say.
Feeling out of the loop? We'll catch you up on the Chicago news you need to know. Sign up for the weekly Chicago Catch-Up newsletter here.
For the users who lose their accounts, starting a new page isn't an easy fix after having so much of their lives tied to their social handle.
"Facebook is good for networking, building relationships and maintaining relationships," said life coach Koren Utley, adding that her page helped connect her to many in her community who rely on her. "I’m a trusted voice in my community, I am a trusted business owner."
Utley said her profile was also a keeper of her most meaningful memories.
"My mom passed away two years ago," Utley shared. "And so I have a lot of memories, pictures of my mom on Facebook."
You might imagine her anxiety when this month, Utley said she was locked out of her profile, which was also used for her "Bold and Brilliant" life coaching business.
Utley's account was taken over by hackers, and it happened in a matter of minutes, she says. It all started with a Direct Message in her Facebook Messenger inbox.
"Someone from my church reached out to me and she said, 'Hey Koren.' Very simple message,” Utley explains. “And I said, 'Hey, how are you?' And within 60 seconds, my page was hacked."
Utley is adamant: She did not click on any links, or share any account information with the person. She said that all she did was respond to the Direct Message, and that was all it took.
Come to find out, Utley said, the "old friend from church" who had reached out also had their Facebook account hacked just days before, causing a domino effect from one profile to another.
"I just never thought that it would happen to me," Utley said now, looking back on the whole ordeal. "I thought my page was secure. That just didn’t happen."
Utley is not alone. NBC 5 Responds has heard from many Facebook users in just the last month who said they were locked out of their profiles.
Libertyville school teacher Tracy Aleckson contacted NBC 5 after her account of 12 years was hacked into this past month.
"Honestly, I literally cried," Aleckson said. "I was so incredibly frustrated."
Adding insult to injury, Aleckson said the hackers, posing as her, shared material that went against Facebook’s "standards on child sexual exploitation." She only knew about this because she received an email, notifying her that the account was suspended.
For Utley and Aleckson, they both said in the days following the hacks, they couldn’t reach anyone at Facebook, now called Meta, for help.
"You have this billion dollar company and you have no way to contact them,” Aleckson said.
"I’ve had hundreds of people try to reach out to them to report the page," Utley explained. "And they all have gotten back the same message: There’s nothing they can do."
After NBC 5 Responds contacted Facebook about both Utley's and Aleckson's profiles, Utley was able to get her account back. Aleckson is still trying to get her account back.
The social media giant would not comment on what may have happened, or the situation that Utley detailed about hackers accessing her account through a Direct Message.
Experts we talked to in the cybersecurity field said they had not heard of this specific iteration of fraud, but admit that hackers are constantly evolving tactics.
Those same experts had heard of hackers sending images through messages that may contain malware that can take control of a person’s device, but in Utley's case, she said there were no images shared prior to her account hack.
Still, the issue of "social media account takeovers" has gone rampant in many forms in the last few years.
"It’s just really exploded in the last 24 months," said Eva Velasquez with the Identity Theft Resource Center, adding that the center has seen first hand a dramatic increase in cases.
“We've talked to thousands of people over the last two years that are having this experience,” Velasquez said. “Victims who have had their social media accounts – Facebook, Instagram, among others – taken over.”
A common trend has emerged, Eva said, of hackers taking advantage of a user’s followers on their profiles, just like what happened in Utley's case.
“Bad actors have discovered that they are much more successful when an individual feels like they're talking to a friend,” Eva said. “And so taking over these accounts can lead to this chain of victimization.”
Protecting Your Social Media Account From Attacks
Many of the ways NBC 5 found to protect your social media accounts are preventative measures to take before anything like this takes place.
It all centers around good digital hygiene.
Strengthen Your Password
The Identity Theft Resource Center recommends using a strong and unique password, up to 12 characters or longer.
“Don't use a password that you've used on any other accounts,” Velasquez said. “It can be a passphrase or something that you'll easily remember.”
Also, setting up a two-factor authentication for profile changes, like passwords, can alert you to an account invasion, and prevent hackers from getting in.
Back Up Your Photos and Information
Another important point to consider is storing your information in more than one place.
Having photos and other information you may need saved somewhere other than your account may help in the event something happens to your profile.
“Do a health check of your social media accounts,” Velasquez said. “Make sure that you don't have data, photographs, contacts and things stored only [on your social media account] so that if the worst does happen, you have backups.”
For the really meaningful photos, videos and important information, it’s also recommended to store those back-ups separate from your device.
“If you only have your photos stored on Facebook, get a thumb drive, get a hard drive, store them somewhere else, so that you have a copy if something happens to that account,” Velasquez recommends. “It will definitely make it less traumatic if you aren't able to get the account back.”
Are You Eligible For ‘Facebook Protect’?
Some Facebook users are eligible for what’s called Facebook Protect, an enhanced security feature that the company rolled out this past March.
Facebook Protect adds more security to a user’s account, including two-factor authentication and extra screenings by staff for hacking threats.
This feature is not available for all users. The company’s website said it is a “security program for groups of people that are more likely to be targeted by malicious hackers, such as human rights defenders, journalists, and government officials."
It’s unclear whether Facebook plans to roll out the feature more widely.
To learn more about Facebook Protect and whether you’re eligible to use it, click here.
If Your Account Is Already Hacked, What Can You Do?
Many Facebook users that contacted NBC 5 for help said their attempts to get through to Facebook for assistance after their accounts were hacked into were futile.
This has been noticed too by cybersecurity experts.
“They don't have dedicated customer service. You cannot actually speak to a person,” Velasquez said. “That's fine when everything is going well. But when there is fraud or a significant dispute, that creates a real problem.”
Users are encouraged by the company to visit this webpage to try and get their account back.
If your profile is a business account, or is used for your business, be sure to emphasize that when reaching out to Facebook for help. This can expedite a response on Facebook’s end.
More helpful information from Facebook can be found here.
Free Helpful Resources
Experts also say users shouldn’t feel embarrassed or ashamed if this happens to them.
“We really want to encourage people not to be embarrassed or ashamed, not to think they should know or understand these things and to get help if they need it,” Velasquez said. “This is a really complicated space and not everyone can know everything about it.”
To learn more about the Identity Theft Resource Center, including how to access its many free services and guidance, click here or call 1-888-400-5530