Social5

Our Meta Case # 715910603207321

Our Facebook Business Manager ID 483071231841794 

Link to chat with Meta  https://business.facebook.com/business/help/support/get-help

ORIGINAL NOTES:

On Monday 10/23 Director of Advertising, Kristen Giffin, discovered unusual activity on our Facebook Business Manager and Facebook advertising accounts. It appeared as if our Business Manager was hacked, and the hacker accessed our accounts manager and started running bogus ads using our accounts and the associated credit cards. It appeared access was gained through employee Will Bessette’s personal account*. In rapid succession relevant team members were notified (Me, Will, Lorinda, and Faiza at Pluribus), Will confirmed that his personal account was breached, we removed him from the business manager entirely, shut all advertising down, opened a ticket with Meta (note: there is no way to call Facebook), and Faiza contacted the credit card companies. No customer pages were compromised.

We all worked on various aspects of navigating the situation throughout the week including communicating with key customers as needed, brainstorming alternate advertising solutions for urgent needs, following up on the credit card charges, and pinging Meta requesting updates. We also reviewed security measures as a team internally.

On Friday 10/27 I received a call from Juliana at Meta who:

Acknowledged that the breach occurred and how it happened and confirmed that the business manager was safe to use. She also said their finance team was working on the reimbursements for charges but that she did not have a timeline. However, multiple ad accounts were still shut down for non-payment and required a new credit card. She said that the ONLY way to reactivate the disabled accounts would be to add a new card, pay any bogus charges, and submit a request to Facebook referencing the case # for reimbursement. This sounded ridiculous to me since it’s thousands of dollars in bogus charges. She said the other option was to just leave them turned off and only use unaffected accounts. She did not think leaving the disabled accounts off would be an issue but said if it ever does come up with Meta we can reference the case #. I have some concern that at some point Meta could disable the business manager because of pending bogus charges. But paying for tens of thousands of bogus ads and trying to get reimbursed is even worse and Juliana assured me that the breach is on record and as long as we reference the number it should be fine.

Next steps:

Kristen is rebuilding all ads accounts and in doing that will consolidate accounts to negate the need for a whitelisted credit card. She is working with Faiza on which card(s) to use. Her team and I will pitch in to help get the transition completed and ads up and running again.

Faiza has the info she needs to create a ticket to follow up on reimbursement as needed.  

*How it happened:

A malicious message was sent to a high value Social5 customer (Ehrenstein|Sager) appearing to be from Facebook. Account manager Will Bessette clicked a link in the message which granted the hacker access. Will’s personal accounts were compromised, and they accessed our business manager through his access (note: Will was using 2 factor authentication, changed password immediately, reported the breach, etc).

FEB 2024 UPDATE:

Faiza heard from the credit card company that they required written acknowledgment of the breach from Meta. Turns out it isn't possible to just look up a case # anywhere on Facebook. So the team started working to tracking down written confirmation but with difficulty. 

On 2/29/24 Kirsten Giffin dedicated the entire day to the task of connecting with a human support person and finally got through. Steven at Meta promised to send written confirmation of the security breach on our business management account within 30 minutes. We are still waiting for that. 

Will Bessette combed through all chats and communication from his exchanges with Meta at the time of the breach and located two possible emails for security &/or support at Meta. I sent an email to each via Freshdesk. Ticket numbers are below.
https://support.social5.com/a/tickets/262750 to [email protected]

https://support.social5.com/a/tickets/262748 to [email protected]

MARCH 2024 UPDATE:

On 3/1/2024 Kristen Giffin successfully procured an email from Meta and forwarded it to Faiza. See attached.