Forty-one attorneys general wrote a letter Speaking to Meta’s top lawyer on Wednesday, he said complaints in the United States about the theft of Facebook and Instagram user accounts are skyrocketing, and that “immediate action” is needed to mitigate the evolving threat.
The coalition of top law enforcement officials, led by New York Attorney General Letitia James, says the “dramatic and sustained spike” in account takeover complaints amounts to a “substantial drain” on government resources, as many stolen accounts are also linked to financial crimes – some of which reportedly directly benefit Meta.
“We have received a number of complaints about threat actors fraudulently charging thousands of dollars to stored credit cards,” says the letter addressed to Meta’s chief legal officer, Jennifer Newstead. “Additionally, we have received reports of threat actors purchasing ads to run on Meta.”
“We decline to act as customer service representatives of your company,” the officials added. “A good investment in response and mitigation is mandatory.”
In addition to New York, the letter was signed by attorneys general from Alabama, Alaska, Arizona, California, Colorado, Connecticut, Delaware, Florida, Georgia, Hawaii, Illinois, Iowa, Kentucky, Louisiana, Maryland, Massachusetts, Michigan, Minnesota, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, North Carolina, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, South Dakota, Tennessee, Utah, Vermont, Virginia, Washington, West Virginia, Wisconsin, Wyoming, and the District of Columbia.
“Scammers use every platform available to them and are constantly adapting to evade enforcement. We invest heavily in our trained enforcement and assessment teams and have specialized detection tools to identify compromised accounts and other fraudulent activity,” Meta said in a statement from spokesperson Erin McPike. “We regularly share tips and tools that people can use to protect themselves, provide a way to report potential violations, cooperate with law enforcement authorities and take legal action.”
Account takeovers can occur as a result of phishing and other more advanced and targeted techniques. Once an attacker gains access to an account, the owner can easily be locked out by changing passwords and contact information. Private messages and personal information are ripe for the taking for all kinds of nefarious purposes, from impersonation and fraud to spreading misinformation.
“It’s basically a case of identity theft and Facebook is doing nothing about it,” said one user whose complaint was cited in the letter to Meta’s Newstead.
State officials said the accounts stolen to serve ads on Facebook often violate the rules, causing them to be permanently suspended and the victims — often small business owners — to be punished twice.
“Having your social media account taken over by a scammer can feel like someone sneaking into your house and changing all the locks,” New York-based James said in a statement. “Social media is how millions of Americans connect with family, friends and people in their communities and around the world. It is unacceptable that Meta is failing to properly protect users from scammers who attempt to hijack accounts and lock out legitimate owners.”