The Saga of the Breaking Muscle Facebook Page Hack (UPDATED) -

 

At around 4:30pm PST on Friday March 25, 2016 we discovered that our Facebook page, with over 409,000 followers, had been hacked. At 6.21am PST on March 26, 2016 we are still waiting for a response from Facebook support. We have contacted them through every channel we can find.

 

This experience has left us feeling all kinds of things: anger towards the hackers (real big, giant anger), Facebook for allowing them to continue to do this, and frustration at having no options to fix the problem. Despite the obviousness of the hack, Facebook has absolutely zero facilities to enable site owners like ourselves to resolve such a major problem. 

 

We have even been told that there is an open support ticket for our problem and that someone will address it shortly, but 12 hours later, we have nothing. In the meantime, the hacker has been posting a stream of obnoxious material from our page and we are powerless to stop it.

 

The fact that we have worked over five years to build our relationships on Facebook and there is no way to protect our friends and followers on Facebook is just mind boggling. There are a few things we would like to say:

 

  1. While we cannot tell how this happened until we resolve the issue, whenever that may be, we are truly sorry that it has happened and that our followers are now being subjected to the longest stream of booty posts in the history of social media. 
  2. If you want to keep up to date on what we are doing, please follow us either on TwitterInstagram or, better yet, subscribe to our newsletter. We'd like to think that we are not spammy and that we do a good job of respecting our audience. 
  3. From all the research we have done, there is a suggestion that there are serious problems with Facebook and it's ability to resolve these issues so, we will be looking into creating a new page and moving our followers there. Unfortunately, we have no time frame for any solution because of the lack of response from Facebook.

 

Please continue to bear with us. We cannot rely on Facebook for security and are not alone in feeling that way. There is a significant amount of fraud that just goes unaddressed for long periods of time and Facebook feels no pressure to be timely in its response or corrective.

 

Thank you for your patience and your support.

 

UPDATE. 12:10 pm PST. March 26, 2016. It is now nearly 20 hours since we reported the account hacked to the Hacked Account link on Facebook Support. So far, nothing has happened.

 

The malware link on Facebook's own app pages and domain remains live and may still be causing damage.

In addition, of the many, many people who have reported the feed to be spamming, producing inappropriate content, and potentially hacked, no one has any communications other than the posts are not doing anything that contrevenes the community standards of Facebook. 

 

UPDATE. 8:22 am PST. March 27, 2016. It looks like it is going to be a long haul with Facebook. The process by which the hacker gain accessed is evil, but clever. The hacker went through one of our Page's Admins personal Facebook accounts. However, the hacker only used the account to gain control of the Breaking Muscle Page, and not anything else. Therefore our Admin was able to secure their personal Facebook account despite everything.

 

Facebook has absolutely no mechanism for this type of hack that can resolve the issue. Everything is built around securing your personal account and the company doesn't see a hack of your personal account as that much of a priority. So, we are now in a position where we cannot get any timely access to Facebook because we are trying to resolve an issue with our page and Facebook keeps checking our personal accounts and "securing" those accounts.

 

In the meantime, the hacker has moved the page from its original URL, facebook.com/breakingmuscle, to one that makes it hidden from the automated systems of Facebook. 

 

We are in an endless loop with technical support.

 

Many, many thanks. We owe a great deal of thanks to everyone who has been reporting to Facebook but, unfortunately, you are finding out that your reports are in vain because Facebook has no real priority or human tech support to respond to a hack or security threat. It is an almost childlike approach to support, meaning that unless The Wall Street Journal gives us some coverage and the PR people at Facebook feel compelled to do something, nothing will happen quickly.

 

Therefore, for now, as we continue to fight Facebook, we will move forward. Please follow us on our new Facebook page until the matter is resolved. We will most likely end up moving all followers to this new page once we have regained control at some point in the space-time continuum.

Thanks, and we appreciate your patience and support.

 

FINAL UPDATE. 7:51 am PST. March 28, 2016. At roughly 3 pm PST on 3/27/16 with no warning or any sort of response from Facebook, our Admin rights were restored to our Facebook Page. The page was unpublished at that point. We then proceeded to the clean up phase which has take a great deal of time as we have been restoring users, and cleaning up the content. After nearly 47 hours and the support of a few thousand of our followers, who all contacted Facebook, the ordeal was over. At least, we hope so because it has left us with a really bad feeling about the flaws in Facebook's security and support.

 

If there is one piece of advice that we can give anyone else to avoid the same happening to them, it is this: whichever account is used to be an admin of your Facebook pages, it must be used solely for that purposes and there should never be more than one admin on any single account. In other words, use a Facebook account that has no friends, no connections or activity. There are just too many unknown variables that can compromise and individual's account on Facebook. And everything that is business related on Facebook ultimately ties into a personal account. It is a huge flaw in the system.

 

Our hackers knew that once they had hacked an administrator's personal account, as long as that account remained secure after the hack, and they had control of the business page, it would be days before they were dealt with. We were in an eternal loop with Facebook support where it was constantly asking us to get in contact with the page admin, our hacker, or resolve the issue. In some cases it can take weeks for people to get their pages back. 

 

And, unfortunately, there are no controls in place to verify Facebook apps. They can be used for malicious purposes. They are a Facebook URL and can seem legitimate. It's a lot of basic stuff that Facebook is just not paying any attention to because it probably feels like the only thing that is important is the personal user's account. Granted, they keep that pretty secure. But, with everything on Facebook being driven by small businesses, the support and infrastructure is woeful.

 

And that's all we have to say on the matter. We shall never speak of it again.