NBC Responds teams around the country constantly get complaints from viewers who believe their Facebook or Instagram accounts have been hacked and that they can’t get help regaining access.
Our teams reach out to Meta, which owns Facebook and Instagram, about consumers’ frustrations and our requests to the company for help are rarely answered.
“I think it’s outrageous that you can have one person for every million users. Either that shows you’re too big, or it shows you are not using enough of your money to help users,” said Scott Shapiro, the director of Yale’s Cybersecurity Lab.
He says there’s a mismatch at Meta between the billions of users and the number of people it employs to keep up with any user problems.
“These companies that provide these services, they have an obligation to protect their users. That’s who they’re making money from. And if they’re not going to do it themselves, then the states should make them do it,” said Shapiro.
We asked Meta about this and haven’t heard back.
In the meantime, Shapiro says if your social media hasn’t been hacked yet, it probably will be, unless you take certain steps.
“There are 3 billion users on Meta’s platform and so what is that, like a third if all humanity? It’s just a giant, giant target for people who want to hack into accounts and take information,” he said.
As most cybercrime is financially motivated, Shapiro says hackers don’t want to spend too much time getting into your account because it’s not worth that much to them.
“So, the best thing a consumer can do, is just make it a little bit harder for them because if you make it just a little bit harder for them, they’re not going to waste their time going to get you. It’s just simple economics,” he said.
He suggests using strong passwords, but he says don’t go so crazy that you forget them.
He says just make each password different than other accounts and update it if you’ve been part of a data breach.
And he urges users to be smart.
“Don’t use ‘password’ as your password. Have something that is not incredibly easy, guessable,” he said.
Shapiro also suggests people use two-factor authentication on any social media platform that has it.
What is that?
It’s a security system that requires two different forms of identification, like a password and a code sent to your cell phone to be entered to sign into your account.
“Even if you get tricked, and you hand over your credentials,” Shapiro said. “Unless they have the other factor like your cell phone, they aren’t going to be able to get in.”
But Shapiro says the key here is to make sure the contacts you list for that second form of identification, like your cell phone number and email, are current.
“No matter who you are, human beings can be tricked. You just have to accept that and plan for it,” said Shapiro.
So, back up any pictures or posts you want to save.
And if a hack happens, alert your contacts immediately.
For seven months and counting, Cindy Crusto’s social media contacts have been concerned and confused about Facebook posts from her hacked account.
“’Is this you, it doesn’t sound like you?,’” Crusto says her friends ask her. “I have to reassure people that I am safe and I’m OK.”
But the Yale associate dean is concerned about her safety and her friends getting tricked, after someone took control of her account, posting all sorts of tales.
The person has posted that she needs cash to get out of a bind, she’s moving and needs to get rid of items fast, and that she’s selling puppies too.
“Some people have actually sent money then the folks are then contacting me, and I have to say ‘No, it’s a scam. It’s not me. I would never ask you for money.’”
Crusto says she’s tried just about everything but is getting nowhere with Meta. And she’s not alone.
“They started posting about Bitcoin,” said Newtown teacher Joanne Antignani.
She says whoever got into her account is relentless and she’s nervous they’ll trick one of her older contacts into giving cash.
Plus, there are the memories she’s lost.
“I have a 19-year-old son, 14 years of his life posted. You know, then all of the, I had my name, my occupation, where I’ve worked before, my education, all that I had as private. I believe, I’m not positive, but it looks like it’s more public now,” Antignani said.
NBC CT Responds reached out to Meta about Crusto and Antignani multiple times, but never heard back.
Crusto has no clue how someone got into her account, and her concern has only increased since her Instagram was taken over recently too.
She says the bad actor reached out saying that she could pay them to get her account back, which she didn’t do.
“That’s really the scary part, I feel just frightened that someone can contact me, I don’t know what other information they have,” Crusto said.
Her recent reports to Meta haven’t helped and police told her these are almost impossible cases to crack.
“I don’t have any recourse at this point,” said Crusto.
Our NBC Responds teams are just as frustrated we can’t help.
So, we hope Shapiro’s tips help you prepare for and prevent a hack.