We’ve been in the thick of it when someone’s Facebook or Google* account is taken over. Whether the account takeover is a result of falling for a phishing attempt or a partner, or former partner, in a romantic relationship decides to take revenge for something, they lock out the victim’s account.
With those who’ve sought our guidance, the person who took over their account changed all the contact information needed for account recovery. This locks someone out of their own account and since things are now under the control of the threat actor, the recovery methods won’t work for you.
It’s the worst feeling having to tell people seeking our help that there’s nothing we can do for them except to provide links to Facebook or Google to fill out. But then they never hear anything from either company when they follow the official steps. *There is an exception with Google providing support and that is to be a paying customer of Google Workspace. How effective that paid support is, we cannot speak to it, so if anyone reading this ever needed support for a paid Google Workspace account, especially if an account take over happened, please contact us and let us know your experience.
What’s at stake if someone has their account taken over?
On the personal side of things, when it comes to Meta’s products (Facebook, Instagram, WhatsApp), you’ve lost access to all your photos and memories of those close to you in your life. You’ve also lost the ability to communicate with friends and family. On the flip-side, the bad actor has access to all of those photos and your information. If you’re a parent, how would you feel if some unknown person had access to your kids photos which you posted to your social media accounts? The threat actor that has control of your social media account could ruin your reputation among friends, family, and co-workers by making some very damaging posts. We’ve seen the threat actor publish fake charity events to raise funds. Those that are your friends and followers may donate to them, therefore being defrauded. The threat actor has access to tons of info about you and your family once they have control of your account. They could DM your friends and family asking for sensitive data or to send money. They could use the information they have access to for the purpose of committing identity theft. The point of all of this is there’s so much that could go wrong once you lose control of your account.
If you own a business, things become even more complicated. When your Meta accounts are taken over not only are your personal profiles at risk, but so are your business pages. The bad actor can decide to deactivate or delete your business page. With you not having access to anything, and if you solely rely on social media to generate revenue, there’s potential to lose hundreds, or thousands, of dollars a month. That also means you creating an entirely new personal account, a new business account, and having to start rebuilding your social media presence from scratch. This means more time and money you’re having to expend. Then there’s your reputation you have to rebuild, if it’s even possible.
On the Google side of things we’ve dealt with people who’s ex romantic partner intentionally took over their Google accounts and changed the account recovery information. We’ve witnessed businesses lose access to their Google account. That brings it’s own set of things to contend with, such as the bad actor having access to anything customer related in the inbox and the ability to reach out to your customers to defraud them while posing as you.
Your first line of defense against something like this is to be proactive. This means:
- Properly protecting your accounts. This includes good password hygiene and enabling two-factor authentication.
- Do not share login information with anyone.
- Be careful when engaging with anyone you don’t know online. They may send you instructions or malicious links/attachments/apps that allow them to take over your Meta or Google account.
These things to be aware of above are not exhaustive as far as protecting your stuff.
In the event you do experience an account take over for Meta services and Google, here are links to attempt to reclaim control. Your mileage may vary for success, but it’s worth trying regardless.
Try this guided help form by answering the questions that pertain to your situation
You can also go directly here to get started https://www.facebook.com/hacked
On a desktop or mobile web browser, visit the following Instagram support page https://www.instagram.com/hacked/ Select the option that applies to your situation and follow the prompts.
If you’re experiencing issues with WhatsApp, start with this guide on stolen accounts
If you have a Google account that’s been compromised and taken over, here is Google’s support guide to walk you through the process to attempt to regain control https://support.google.com/accounts/answer/6294825?hl=en
These are the official sources. DO NOT engage with anyone advertising services telling you they can get you back into your account. The only ones that can get you back in are Meta or Google. If you’re searching for ways to get control of your accounts back, you’re probably going to come across some YouTube videos of people telling you to install stuff. Don’t. It’s ill advised to install unknown/untrusted apps on your phone, tablet, or workstation.
There currently appears be no end in sight when it comes to lack of support for customers from Meta or Google. The Washington Post recently wrote an article on this issue about Facebook. If you get stuck behind a paywall, here’s an archived version.
There’s even a subreddit called Facebook Disabled Me that’s dedicated to people sharing their stories, tips, and calls for help to regain access to their accounts. We can’t vouch for any tips people share, so you’re taking matters into your own hands at this point. If you’d like to explore this subreddit here’s the link https://www.reddit.com/r/facebookdisabledme/
There is definitely growing frustration among account holders and this time it’s palpable. There needs to be change and accountability on Meta and Google’s end, along with other widely used platforms that offer no meaningful support to their user base. Is it a class action lawsuit? New consumer protection laws? A combo of both? We don’t know.
If you’d like to share your story of what happened when your Meta or Google accounts were taken over, share it with us in the contact form below. If you want help in a proactive manner for your personal or business accounts with Facebook, Instagram, Google, etc. also use the contact form to reach out.
While you’re here, sign up for our free cybersecurity and intelligence newsletter https://bsquaredintel.com/newsletter-signup/