When Your Facebook Or Other Online Account Gets Hacked, Who’s Responsible For The Losses?

Recently, the CEO of a very successful marketing firm had their Facebook account hacked. In just a weekend, the hackers ran over $250,000 worth of ads for their online gambling site using the account. They also removed the rightful owner as the admin. This caused the firm’s entire Facebook account to be shut down.

They are uninsured for this type of fraud. They were shocked to discover that Facebook was NOT responsible for replacing the funds. Their bank and credit card company were not responsible either. Facebook’s “resolution” was that there was no fraud committed on their account. The hacker used their legitimate login credentials. Facebook is not responsible for ensuring you keep your own personal credentials safe and confidential. Further, they didn’t have the specific type of cybercrime or fraud insurance needed. As a result, they’re eating 100% of the costs.

They are not only out $250K, but they also have to start over. They need to build their audiences on Facebook again, which took years to build. This entire fiasco is going to easily cost them half a million dollars when it’s all totaled.

In another incident, another firm logged into their account to find all of their ads were paused. Initially, they thought it was a glitch on Facebook. Then they realized someone had hacked into their account and paused all of their legitimate ads. This hacker set up 20 new ads. These were linked to their weight-loss spam site. The budget for these ads was $143,000 per day. It amounted to $2.8 million total.

Due to their spending limits, the hackers wouldn’t have charged $2.8 million; however, due to the high budgets set, Facebook’s algorithms started running the ads fast and furious. As they were pausing campaigns, the hackers were enabling them again in real time. After a frantic “Whac-A-Mole” game, they discovered the account that was compromised and removed it.

The compromised account was a legitimate user of the account who had THEIR account hacked. Because of this, Facebook wouldn’t replace the lost funds, and their account got shut down, with all campaigns deleted. Fortunately, these guys caught the hack early. They acted fast, limiting their damages to roughly $4,000. However, their account was unable to run ads for 2 weeks. This caused them to lose revenue. They estimate their total damages to be somewhere in the $40,000 to $50,000 range.

When many people hear these true stories, they adamantly believe others should take responsibility. The name of the companies is withheld to protect their privacy. “It wasn’t OUR fault!” they say. The simple reality is this. If you allow your Facebook account to be hacked, it is due to weak or reused passwords. This is your fault. It is entirely your responsibility. A hacker compromises your account because of your negligence. This is also true if you have no multifactor authentication (MFA) turned on. It is also true if you have improper e-mail security. Your devices can also be infected with malware due to inadequate cybersecurity.

Facebook is just one of the cloud applications many businesses use that can be hacked. Any business running any type of cloud application can be hacked with the right credentials. This includes those that adamantly verify they are secure. Facebook’s security did not cause their account to be compromised – it was the failure of one employee.

The BEST way to handle this is to NOT get hacked in the first place. Here’s what you need to do to protect yourself:

• Share this article to make sure your staff is aware of these types of scams. Cybercriminals’ #1 advantage is still hubris. Businesses and most people in general insist that “nobody would want to hack me.” As a result, they aren’t extremely cautious with cyber protections.
  
• Make sure you create strong, unique passwords for EACH application you and your team log into. Use a good password management tool such as PassPortal to manage this. It must be used diligently to work effectively. For example, don’t allow employees to store passwords in Chrome and bypass the password management system.
  
• Minimize the number of people logging into any account. If someone needs access, give them that access and then remove them as a user ASAP immediately after. The more users you have on a cloud application, the greater the chances are of a breach.
  
• Make sure all devices that touch your network are secure. Keylogger malware can live on a device to steal all of your data and credentials.

If you want to ensure your organization is truly secure, click here to request a free Cyber Security Risk Assessment. This assessment will show just how protected your organization is against known predators. If you haven’t had an independent third party conduct this audit in the last 6 months, you’re due.

It’s completely free and confidential, without obligation. Voice scams are just the latest in a tsunami of threats aimed at small business owners. The most susceptible individuals are those who never verify security measures. They fail to ensure their current IT company is doing what it should. Claim your complimentary Risk Assessment today.