Dozens of State AGs Call on Meta to Take ‘Immediate Action’ After ‘Dramatic Increase’ in Account Takeovers

Compromised accounts allow the threat actor to access the user’s personal or business information, private messages, and contacts.
Dozens of State AGs Call on Meta to Take ‘Immediate Action’ After ‘Dramatic Increase’ in Account Takeovers
A smartphone and a computer screen displaying the logos of the social network Facebook and its parent company Meta on Jan. 12, 2023. Lionel Bonaventure/AFP via Getty Images
Jana J. Pruet
Updated:
0:00

Forty-one state attorneys general signed a letter demanding that Meta take “immediate action” to address the “dramatic increase” in account takeovers and lockouts on its social media platforms.

The letter, addressed to Jennifer Newstead, Meta’s chief legal officer, states that the attorney general offices have received an alarming number of complaints from Facebook and Instagram account holders whose accounts have been compromised by “threat actors,” adding that it has also put a “substantial drain on our office resources.”

“Consumers are reporting their utter panic when they first realize they have been locked out of their accounts,” the letter reads. “Users spend years building their personal and professional lives on your platforms, posting intimate thoughts, and sharing personal details, locations, and photos of family and friends. To have it taken away from them through no fault of their own can be traumatizing.”

The letter acknowledged that “account takeovers are not a new phenomenon” and that it affects all social media platforms and other types of online accounts.

“However, the frequency and persistence of account takeovers on Meta-owned platforms puts it in a league of its own,” the letter stated.

Compromised accounts allow the threat actor to access the user’s personal or business information, private messages, and contacts. There is also a significant financial risk of harm for those who use the platform for their business.

“There is a significant risk of financial harm to both the affected user and other individuals on the platform,” the attorneys general wrote. “Many use Facebook as a hub for their business to engage in consumer transactions through Facebook Marketplace; some users even have credit cards tied to their accounts. We have received a number of complaints of threat actors fraudulently charging thousands of dollars to stored credit cards.”

The letter said that the number of complaints to the New York Attorney General’s office “rose more than tenfold” between 2019 and 2023, with 73 and 783 complaints, respectively.

“In January 2024 alone, the office received 128 complaints,” according to the letter.

Other states showed similar increases, noting that there was a significant spike at about the time that Meta laid off about 11,000 employees in the “security and privacy and integrity sector” in November 2022.

In Vermont, complaints spiked by 740 percent from 2022 to 2023, and in North Carolina, complaints jumped by 330 percent over the same period, according to the letter.

“Such statistics are extremely troubling,” the letter continued.

It also provided several examples of complaint letters from users whose accounts were “hacked and taken over,” and they have been unable to reach Meta for help despite numerous attempts.

“My Facebook account and my email account were hacked and taken over,” one user wrote, according to the letter. “The person changed the email on my Facebook and deleted my phone number. ... I have reported this to Facebook in every way possible and many of my friends have reported it as a fake account. Nothing has been done by Facebook and they claim it doesn’t go against their standards. ... It’s basically a case of identity theft and Facebook is doing nothing about it.”

Another user wrote: “My Instagram business account was blocked. ... I have invested my life, time, money, and soul in this account. All attempts to contact and get a response from the Meta company, including Instagram and Facebook, were crowned with complete failure since the company categorically does not respond to letters. There is also no answer to the forms provided in their help center.”

The attorneys general said they would like to discuss their concerns with Meta and also requested that the company “take immediate action and substantially increase its investment in account takeover mitigation tactics, as well as responding to users whose accounts were taken over. ... We refuse to operate as the customer service representatives of your company.”

A pedestrian walks in front of a Meta sign at Facebook headquarters in Menlo Park, Calif., on Oct. 28, 2021. (Justin Sullivan/Getty Images)
A pedestrian walks in front of a Meta sign at Facebook headquarters in Menlo Park, Calif., on Oct. 28, 2021. Justin Sullivan/Getty Images

Meta’s Response

Meta told The Epoch Times that its enforcement and review teams are well-trained to detect compromised accounts.
“Scammers use every platform available to them and constantly adapt to evade enforcement,” a Meta spokesperson said in an emailed statement.
“We invest heavily in our trained enforcement and review teams and have specialized detection tools to identify compromised accounts and other fraudulent activity.”

The company also said it offers “tips and tools” on its website and platforms to help users protect their accounts from hackers.

“We regularly share tips and tools people can use to protect themselves, provide a means to report potential violations, work with law enforcement, and take legal action,” the spokesperson wrote. 
Jana J. Pruet
Jana J. Pruet
Author
Jana J. Pruet is an award-winning investigative journalist. She covers news in Texas with a focus on politics, energy, and crime. She has reported for many media outlets over the years, including Reuters, The Dallas Morning News, and TheBlaze, among others. She has a journalism degree from Southern Methodist University. Send your story ideas to: [email protected]
Related Topics