This is a plea for action.

A friend came to me asking for help. This friend’s Facebook account has been hacked. The hackers are now asking for money using the compromised account. This is particularly effective since this is an account that lots of people have interacted with for quite a while. So, friends and relatives are responding to requests for money. Since this is a “known” account, the request has more import. The hackers are benefitting since people are sending money.

This is not a famous person. This person is not “rich”. There isn’t really anything extraordinary (that others would know, the person is a really, really good person). There aren’t any keys that would say that this person is a high-value target.

Looking into fixing this is complex. The hackers have since added MFA (Multi-Factor Authentication) to the account. Thus, working through the Facebook recovery process is unsuccessful (since MFA is on, the hackers get the code to recover).

We’ve walked through all the steps, and now await a response from Facebook. Luckily, access to the email account used to set up the Facebook account. However, we are now at the step where the only way to recover the account may be to upload a copy of identification (driver’s license, passport, etc.). So now, the friend is faced with the decision of giving Facebook even more information (copy of legal documents) or losing the account. The friend has sent an email stating that there is a violation of privacy terms, so we’re hoping that will prompt action.

I haven’t used Facebook or Instagram in quite a while. So, I decided to follow my own advice and check to see if I had MFA turned on. Guess what? I did not. I do now.

So that’s the plea. Check your accounts to make sure that you have MFA (2-step authentication) turned on. Check those old accounts that you don’t really use. Do a full audit of all accounts. Don’t wait until it’s too late.