On April 27, Bailey Mazziotti’s mother texted her to ask if she’d intended to change her Facebook profile photo.
When she checked, Mazziotti found that someone had hacked her personal account on Facebook, switching her photo for a picture of a man holding an ISIS flag. The hacker had changed her password, locking her out of her account.
Facebook had responded almost immediately, locking her out of her business pages as well.
Her Instagram account, with about a thousand followers, was also locked — Facebook owns Instagram.
Mazziotti soon got an email from Facebook saying that her accounts had been disabled.
“They sent me a link to verify my identity, so I did that,” she said. “I got an automated email back saying that it had been reviewed and they determined I had violated their community standards and my account is permanently disabled.”
For Mazziotti, her online business is her sole source of support.
A single mom with two kids, she’s spent eight years building Bailey’s Knits, which sells handmade blankets, baskets and other props to photographers who specialize in baby pictures.
While Mazziotti sells through her website, baileysknits.com, she relies on her Facebook business page — with 22,000 followers — and an associated Facebook business group to find and communicate with customers.
Since Facebook blocked her access to her page, those crucial marketing channels are gone.
Mazziotti has been unable to reach a human being at Facebook to resolve the issue. She’s had to resort to a lawsuit to try and get through to the social media giant.
Meanwhile, she’s been losing an estimated $1,000 a day in sales.
When she discovered the hack, Mazziotti took all the steps Facebook recommends in its help center and tried numerous times to reach someone who could resolve the situation.
“I tried to respond to the email,” she said. “I tried to go through business support. There’s a live chat option you can go through. The result of that has been to tell me that’s not their department and they cannot help me.”
She also tried to appeal the decision through another Facebook link.
“It just tells me that the board reviewed it and the decision cannot be reversed,” she said.
Mazziotti believes the hacker got to her account through her email address. She created a new account using a different email address, “but it’s like starting from scratch,” she said.
After a week, her new business page had only about 50 followers. She’s lost touch with the 22,000 followers on her original page.
“The only thing that I can do is try to email my old customers and tell them what’s going on,” she says. “I sent out a newsletter, but that only has probably 1,000 people who are subscribed.
“There’s been hackers that have tried to hack my account before, but I’ve always been able to get it back. I’ve never heard of Facebook just totally disabling an account.”
After numerous unsuccessful attempts to get a personal response from Facebook, Mazziotti turned to Anthony Garcia, a Denver attorney who specializes in commercial litigation.
On April 30, Garcia filed a lawsuit on Mazziotti’s behalf in El Paso County Court, seeking an injunction requiring Facebook to reinstate her personal page so she can regain access to her business page or to provide her with direct access to the business page.
She’s also seeking damages and recovery of her attorney’s fees, which already exceed $3,000.
Garcia says papers were served May 4 on Facebook’s registered agent in Lakewood.
If the case goes forward, it likely will have to be transferred to California.
“But the main goal here is just to get someone at Facebook to respond to us,” Garcia said.
“I mean, this could be quite easily resolved with a phone call, I think. … But Facebook has absolutely no way for consumers to contact it.”
Mazziotti says she isn’t interested in suing Facebook for her lost income.
“I would just like someone from Facebook to reach out to me and help me reactivate my account,” she said.
AT FACEBOOK’S MERCY
Facebook has dedicated account managers and customer support “if you are spending a lot of money on advertising,” said Jesse Marble, CEO of Magneti, a marketing and brand development agency with offices in Denver and Colorado Springs.
“Humans do work at Facebook, but they are reserved for pages that are lucrative to Facebook,” Marble said. “For the vast majority of businesses, you are subject to the whims of their digital bureaucracy.”
Facebook has been trying to do a lot of curation, moderation and fact-checking on pages to protect users.
“To look at all that manually is tough,” Marble said, “so they’re trying to find ways to use technology and AI to make that possible. … If you see an image that’s inappropriate, you can report that image; that’s happening millions of times a day.”
Increased use of the platform during the COVID-19 pandemic has made it even more likely that decisions like the one to shut down Mazziotti’s page will be made by an algorithm.
Facebook announced in a March 19 update on its website that it was sending content reviewers home and relying “more on our automated systems to detect and remove violating content and disable accounts. As a result, we expect to make more mistakes, and reviews will take longer than normal. …
“Normally when we remove content, we offer the person who posted it the option to request that we review the content again if they think we made a mistake. Now, given our reduced workforce, we’ll give people the option to tell us that they disagree with our decision and we’ll monitor that feedback to improve our accuracy, but we likely won’t review content a second time.”
SECURING SOCIAL MEDIA
Marble says that, while his digital marketing company doesn’t have specific expertise in cybersecurity, it recently helped a client recover from a Facebook hack and has developed best practices.
It’s an arduous process, as Mazziotti discovered.
The best defense is securing your account as much as possible, Marble said. More security does mean more work, which is why people often don’t take recommended security precautions.
“Facebook hackers typically access business pages through personal profiles,” he said. “We think of hackers as people who have access to an email and try to guess passwords, but they usually hack via software that finds weaknesses and vulnerabilities in profile security such as passwords and apps.”
Marble and other experts recommend these security measures to strengthen profiles and make it more difficult for accounts to be hacked:
Turn on two-factor authentication. With this process enabled, Facebook will email or text you a PIN you must enter, along with your username and email address, to access your account.
“If you don’t have this, it’s absolutely worth turning on,” Marble said.
Enable it by going to Settings > Security and Login.
Choose a strong, unique password — one that is difficult to guess. A general rule is the longer the password, the harder it is to crack.
You can test the strength of your password with a tool like HowSecureIsMyPassword.net, which will tell you how long it would take a hacker to crack your password.
A simple phrase like “I love my kids!” would take a computer 82 billion years to crack, according to the app.
With a strong password, “you are a long way toward making sure hackers are not interested in your account,” Marble said.
Understand what applications have access to your profile. Hundreds of apps, ranging from games to other sites such as Twitter, can be accessed through Facebook, once you agree to terms including access to your profile.
“You need to understand what applications you have given Facebook access to, such as Spotify connected to your account,” Marble said. “If that tool gets hacked, they have a back door into your account.”
You can view apps and manage permissions by going to Settings > Apps and Websites. Click on each app to see and adjust or remove the permissions granted to the app.
Remove any permissions you don’t actively recognize, Marble suggested, or just delete them all and re-enable the ones you need going forward.
Change your personal profile privacy settings to hide your email from your profile. Facebook recommends setting the highest security and privacy settings on your personal account.
Enable the trusted friends setting. In Settings > Security and Login, go to Choose 3 to 5 friends to contact if you get locked out and name those friends. These trusted contacts can send a code and URL from Facebook to help you log back in.
Diversify your marketing channels. “Diversifying how you talk to potential customers tends to be worth the cost and effort,” Marble said.
Learn more on what hackers have been up to during the COVID-19 pandemic: