With Facebook hacks, an ounce of prevention is worth a pound of cure

This browser does not support the video element.

Olympia, WA — The thieves broke in through the roof.

“I had my laptop stolen and when the criminals got it, they hacked in.”

Then they locked Dr. Mike Eekhoff out of his digital life.

“They changed pretty much all my passwords.”

And just like that the Olympia chiropractor’s personal and professional pages were suddenly held hostage.

“They were sending messages back to blackmail me and say ‘we’ll give it to you’ - I think it was for $500 bucks in bitcoin,” says Eekhoff.

Threats were followed by vile posts:

“MY WIFE AND I ARE HAVING [REDACTED] PROBLEMS. SHE IS A [REDACTED], AND I WILL NOT ACCEPT THAT BECAUSE I’M A LITTLE [REDACTED] MYSELF.”

“HI EVERYBODY...TODAY I DECIDED TO COME OUT OF THAT “CLOSET.” I CANT LIE ANYMORE, SO HERE IT GOES…..I AM A PERSON WHO IS SEXUALLY ATTRACTED TO CHILDREN.”

“And so then they wait another week and they go - hey still going to, you know, hold out here? And then of course some other pretty lewd comments about me, my family, my wife,” says Eekhoff.

i guess thats a -No-....?

hows your [REDACTED] life...? still begging your wife ?

well you had your chance…. you about to become famous….like new yorks governor

—  

Desperate for help, he says he got nowhere with Facebook.

“And yet there’s nothing we could do to stop it. After everything we’re doing. I mean I tried to contact Facebook directly,” says Eekhoff. “Every avenue I could exhaust.”

“Ugh, I hate that I see this.”

Joanna Small, who was a reporter for KIRO, is now the public information director for the Lynnwood Police Department. Hackers got to her page that she uses for community outreach.

“And it was all police. And all what I would call “anti-cop” videos on this page,” says Small. “It feels like a violation when it’s your name, your picture, and a message that you don’t support.”

Joanna reported the hack multiple times to Facebook.

“But the inability to actually reach someone who can just say I can fix this problem for you,” says Small, “has been beyond frustrating.”

Retired detective Jim Fuda, executive director of Crime Stoppers of the Puget Sound, had his page hacked.

Could you ever speak to a human during this entire recovery process? “Never.”

So Fuda drove to their Seattle offices for help.

“Six security guards in there. And one of them walked me back out. And a security guard tried to help me who was very kind. And said look, we get this every day,” says Fuda.

Janice Lawrence went through Facebook’s verification system after she was hacked. They asked for her ID.

“I got a request telling me to resubmit the license and that my ID did not meet their requirements,” says Lawrence. “I did that, submitted my driver’s license again. And nothing.”

So she kept sending it in.

“Seven, eight times a day. Until I got to about 600,” says Lawrence.

Why is it so darn hard to get your page back?

Christopher Budd, global senior communications manager for threats at Avast Software, has some insight.

“Support is a cost center. They don’t make money off of support. So historically tech companies tend to skimp a bit on the support side,” says Budd.

He says the scammers are likely piecing together usernames and passwords from previous data breaches and trying them out on Facebook.

That means those bad actors are just walking in through the front door. With the key.

“Exactly. Because if they’ve got your username and your password, look at it from Facebook’s perspective - Facebook’s system perspective,” says Budd. “It’s you, to them. They’ve got your username, they’ve got your password so it must be you.”

And when people call for help:

“Well, they can’t tell who the bad guy is, and who the right person is,” says Budd. “And this is compounded by the fact that people coming in saying ‘my account has been taken over’ - that’s a tactic that attackers use as well.”

So how do you protect yourself?

It’s old wisdom: change your passwords often.

Some newer advice: use a password manager.

Christopher recommends LastPass and 1Password.

“I use one. We have hundreds of log-ins, that’s the only way you’re going to be able to have unique log-ins for every site,” says Budd.

He also recommends using a multi-factor authentication app. Google and Microsoft Authenticators are his picks. The apps act as a second line of defense by generating a code that you’ll have to input before logging in.

You can also get codes sent to you by text, but using an app is more secure - if you lose your phone, or your phone gets hacked.

You can enable those features on Facebook here.

Facebook also has a feature to alert you when an unrecognized device accesses your account.

“You do those things and you’re going to be really well protected,” says Budd.

What’s in it for the hackers?

You may ask - why break into a Facebook profile? It can be lucrative.

As in Dr. Eekhoff’s case, hackers could try to extort their victims. He says the person in control of his account also put up a fake fundraiser. Janice Lawrence says the person who took over her account hit up her friends list for money over messenger.

“Another thing people are doing is getting on there so they can suck down as much data from profiles as they can, and turn around and sell it or use it for other things,” says Budd.

Getting back online

We contacted Facebook about Jim Fuda, Joanna Small, and Janice Lawrence’s cases.

Facebook responded, saying in part:

“As soon as we became aware of the issue, we took steps to fix it. We know we have more to do, and their frustration is understandable”.

Soon after, all three regained control of their pages.

“You know, I understand hacking happens. It happens to everybody. Maybe they can’t control that,” says Small. “But it was very frustrating that it took reaching out to Jesse Jones, to KIRO 7 to get anybody to pay attention and to help me.”

Dr. Eekhoff filed a complaint with the State Attorney General’s Office, and he got his page back.

Bottom line - don’t make it easy for the scammers. Because it’s tough to get your online life back from Facebook.

“I just don’t want it to happen to somebody else. Because it’s just such a waste of time and it’s unnecessary,” says Eekhoff.

We still haven’t found a phone number for Facebook where a real person answers.

The company directs users to its help center. And if you get hacked, they say to visit this link to fix it.