The increasing numbers of hacked Instagram and Facebook accounts has reached a breaking point, prompting the United States Attorneys General to issue an urgent call to Meta (formerly Facebook, Inc.) to get the situation under control.
In a letter sent to Meta’s Chief Legal Officer Jennifer Newstead on March 5, 2024, a coalition of 48 state attorneys general outlined the harrowing increase in complaints they’ve received from residents who have had their personal accounts maliciously taken over by bad actors and hackers.
The letter states that account takeovers, where a user’s account is compromised and the password changed to lock them out, have risen at an “alarming and persistent” rate in recent years across Facebook and Instagram. This leaves victims unable to access years’ worth of photos, messages, connections, and even monetary accounts and businesses hosted on the platforms.
“Consumers are reporting their utter panic when they first realize they have been effectively locked out of their accounts,” the letter states, describing the trauma of suddenly losing one’s cultivated online presence and relationships.
Beyond the emotional toll, the attorneys general emphasize the serious financial risks, fraud, and identity threats posed by account takeovers as hackers can make fraudulent charges, impersonate users, and wreak havoc on people’s lives and livelihoods.
The sheer volume of account takeover complaints has become an unnecessary drain on the offices’ resources as users desperately turn to them for assistance that Meta is not providing. Several examples of pleas for help from locked-out users are included in the letter.
The report provides alarming statistics on just how rapidly the account takeover problem has escalated across Facebook and Instagram. Multiple states cite incredible year-over-year increases in complaints received from residents who had their accounts maliciously hijacked.
In New York, the number of account takeover complaints skyrocketed from just 73 in 2019 to a staggering 783 by the end of 2023 – more than a tenfold increase in just four years. The situation shows no signs of improving, with 128 complaints already received in January 2024 alone.
Vermont, North Carolina, Illinois, and Pennsylvania all experienced even bigger percentage spikes from 2022 to 2023, with Vermont’s complaints jumping 740% in that one-year period.
The attorneys general directly tie this explosion of account hijackings to Meta’s own business decisions, noting the troubling timing coincides with when the company laid off around 11,000 employees in late 2022, including many from its security and integrity teams.
“The substantial increase in complaints tells us that threat actors are winning the war and running rampant on Meta,” the attorneys general warn.
They are demanding that Meta immediately increase its investment in tactics to prevent account takeovers and restore access to those already affected, refusing to continue serving as “customer service representatives” for the tech giant that has scaled back its integrity and security staffing.
The letter requests information from Meta on the number of takeovers, suspected causes, current safeguards, response procedures, and staffing related to account security. It establishes the attorneys generals’ intent to continue pressuring Meta to take substantive action to curb this escalating crisis ravaging the digital lives and rights of users.