Social media hacks: how do you avoid losing your valuable business social media accounts?
Social Media Hacks
Hackers are targeting small business owners’ social media accounts. Their goals are to spam and infect your customers and use your advertising dollars. The most common accounts hacked are Facebook and Instagram.
Unfortunately Facebook and Instagram are not being very helpful to business owners trying to regain access to their accounts. Once the account is hacked, Meta (the company that owns Facebook and Instagram) disables the account making it impossible for owners to contact them and then ignores them when owners manage to report the problem.
It’s best to secure those accounts now.
How do you secure your social media accounts?
Enable multi-factor authentication. What does that mean? You add another layer to the log in process. Instead of only needing a user name and password you have to enter another piece of information.
How is multi-factor authentication different from two-factor authentication? Two factor authentication example: to log into an account you need to add a code sent to your phone as a text message. Multi-factor authentication example: to log into an account you need to add a code from an authentication app (such as Microsoft Authenticator or Google Authenticator) or a hardware security key (Yubikey).
Yes, it’s complicated. And some social media companies make it very difficult to use multi-factor over two factor.
Add multi-factor to Facebook
Your business account is tied to your personal Facebook account. You need to add multi-factor to your personal account. Click on your picture and then click on Settings & Privacy. Click on Settings. Then click on Security and Login.
Now you’ll get some interesting settings. Facebook has a tutorial on reviewing your settings. You can also check which devices are logged in. If you don’t recognize the device, disconnect it.
Further down the page you can enable what Facebook calls two factor authentication.
In the Facebook Two-Factor authentication you have several options. Just getting a text message is not as secure as using an authentication app or hardware security key. Chose authentication app. Best to set up an authentication app on your phone before you start this. You can also set up backup methods to log into the account. You will need to scan the QR code with your phone authenticator app.
Instagram security
The only way you can enable multifactor authentication for Instagram is from your phone. Instagram makes it difficult to use an authentication app over less secure methods.
From Instagram on your phone, click on your profile picture in the lower right hand corner.
Then click on the three vertical bars in the upper right corner.
Now click on Security in Settings
In Security, check on the Login Activity for unauthorized use. Then go back to Two-Factor Authentication.
Chose Authentication App. If you are using an iPhone, Instagram will want to use Apple Passwords as an authentication method after this screen. Just don’t. I recommend sticking with the authentication app direct method so you have one less method to manage.
Click on use another method in really small print at the bottom
From there you can add Instagram as a new account in your authenticator app.
Meta responds to Facebook and Instagram Hacks
If your business Facebook and/or Instagram accounts has been hacked, Meta recommends you report it to facebook.com/hacked and instagram.com/hacked.
According to the Ars Technica article Meta blames the hack on hackers getting control of the users’ email accounts. This is despite numerous small owners reporting that is not how the accounts were hacked. Typically social media accounts are hacked by poor passwords, password reuse, and clicking on bad links. Securing the accounts with an extra layer is your best defense.
UPDATE December 2022
Instagram has updated their procedures for account hijacking. There are new options at Instagram Hacked to help you.
I suspect we’ll see more social media account hacks after the LastPass time bomb breach.