Instagram – Page 3

Law enforcement doesn’t want to be “customer service” reps for Meta any more

facebook, Instagram, Meta, Policy, syndication / Kelly Newman / March 7, 2024

No help —

“Dramatic and persistent spike” in account takeovers is “substantial drain” on resources.

Dell Cameron, wired.com – Mar 7, 2024 2: 28 pm UTC

Enlarge / Meta has a verified program for users of Facebook and Instagram.

Getty Images | Chesnot

Forty-one state attorneys general penned a letter to Meta’s top attorney on Wednesday saying complaints are skyrocketing across the United States about Facebook and Instagram user accounts being stolen and declaring “immediate action” necessary to mitigate the rolling threat.

The coalition of top law enforcement officials, spearheaded by New York Attorney General Letitia James, says the “dramatic and persistent spike” in complaints concerning account takeovers amounts to a “substantial drain” on governmental resources, as many stolen accounts are also tied to financial crimes—some of which allegedly profits Meta directly.

“We have received a number of complaints of threat actors fraudulently charging thousands of dollars to stored credit cards,” says the letter addressed to Meta’s chief legal officer, Jennifer Newstead. “Furthermore, we have received reports of threat actors buying advertisements to run on Meta.”

“We refuse to operate as the customer service representatives of your company,” the officials add. “Proper investment in response and mitigation is mandatory.”

In addition to New York, the letter is signed by attorneys general from Alabama, Alaska, Arizona, California, Colorado, Connecticut, Delaware, Florida, Georgia, Hawaii, Illinois, Iowa, Kentucky, Louisiana, Maryland, Massachusetts, Michigan, Minnesota, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, North Carolina, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, South Dakota, Tennessee, Utah, Vermont, Virginia, Washington, West Virginia, Wisconsin, Wyoming, and the District of Columbia.

“Scammers use every platform available to them and constantly adapt to evade enforcement. We invest heavily in our trained enforcement and review teams and have specialized detection tools to identify compromised accounts and other fraudulent activity,” Meta says in a statement provided by spokesperson Erin McPike. “We regularly share tips and tools people can use to protect themselves, provide a means to report potential violations, work with law enforcement, and take legal action.”

Account takeovers can occur as a result of phishing as well as other more sophisticated and targeted techniques. Once an attacker gains access to an account, the owner can be easily locked out by changing passwords and contact information. Private messages and personal information are left up for grabs for a variety of nefarious purposes, from impersonation and fraud to pushing misinformation.

“It’s basically a case of identity theft and Facebook is doing nothing about it,” said one user whose complaint was cited in the letter to Meta’s Newstead.

The state officials said the accounts that were stolen to run ads on Facebook often run afoul of its rules while doing so, leading them to be permanently suspended, punishing the victims—often small business owners—twice over.

“Having your social media account taken over by a scammer can feel like having someone sneak into your home and change all of the locks,” New York’s James said in a statement. “Social media is how millions of Americans connect with family, friends, and people throughout their communities and the world. To have Meta fail to properly protect users from scammers trying to hijack accounts and lock rightful owners out is unacceptable.”

Other complaints forwarded to Newstead show hacking victims expressing frustration over Meta’s lack of response. In many cases, users report no action being taken by the company. Some say the company encourages users to report such problems but never responds, leaving them unable to salvage their accounts or the businesses they built around them.

After being hacked and defrauded of $500, one user complained that their ability to communicate with their own customer base had been “completely disrupted,” and that Meta had never responded to the report they filed, though the user had followed the instructions the company provided them to obtain help.

“I can’t get any help from Meta. There is no one to talk to and meanwhile all my personal pictures are being used. My contacts are receiving false information from the hacker,” one user wrote.

Wrote another: “This is my business account, which is important to me and my life. I have invested my life, time, money and soul in this account. All attempts to contact and get a response from the Meta company, including Instagram and Facebook, were crowned with complete failure, since the company categorically does not respond to letters.”

Figures provided by James’ office in New York show a tenfold increase in complaints between 2019 and 2023—from 73 complaints to more than 780 last year. In January alone, more than 128 complaints were received, James’ office says. Other states saw similar spikes in complaints during that period, according to the letter, with Pennsylvania recording a 270 percent increase, a 330 percent jump in North Carolina, and a 740 percent surge in Vermont.

The letter notes that, while the officials cannot be “certain of any connection,” the drastic increase in complaints occurred “around the same time” as layoffs at Meta affecting roughly 11,000 employees in November 2022, around 13 percent of its staff at the time.

This story originally appeared on wired.com.

Law enforcement doesn’t want to be “customer service” reps for Meta any more Read More »

Meta relents to EU, allows unlinking of Facebook and Instagram accounts

anti-competition, anticompetitive behavior, Antitrust law, Digital Markets Act, dma, EU, European Union, facebook, gdpr, General Data Protection Regulation, Instagram, Meta, online advertising, Online Privacy, Policy / Kelly Newman / January 22, 2024

Meta will allow some Facebook and Instagram users to unlink their accounts as part of the platform’s efforts to comply with the European Union’s Digital Markets Act (DMA) ahead of enforcement starting March 1.

In a blog, Meta’s competition and regulatory director, Tim Lamb, wrote that Instagram and Facebook users in the EU, the European Economic Area, and Switzerland would be notified in the “next few weeks” about “more choices about how they can use” Meta’s services and features, including new opportunities to limit data-sharing across apps and services.

Most significantly, users can choose to either keep their accounts linked or “manage their Instagram and Facebook accounts separately so that their information is no longer used across accounts.” Up to this point, linking user accounts had provided Meta with more data to more effectively target ads to more users. The perk of accessing data on Instagram’s widening younger user base, TechCrunch noted, was arguably the $1 billion selling point explaining why Facebook acquired Instagram in 2012.

Also announced today, users protected by the DMA will soon be able to separate their Facebook Messenger, Marketplace, and Gaming accounts. However, doing so will limit some social features available in some of the standalone apps.

While Messenger users choosing to disconnect the chat service from their Facebook accounts will still “be able to use Messenger’s core service offering such as private messaging and chat, voice and video calling,” Marketplace users making that same choice will have to email sellers and buyers, rather than using Facebook’s messenger service. And unlinked Gaming app users will only be able to play single-player games, severing their access to social gaming otherwise supported by linking the Gaming service to their Facebook social networks.

While Meta may have had choices other than depriving users unlinking accounts of some features, Meta didn’t really have a choice in allowing newly announced options to unlink accounts. The DMA specifically requires that very large platforms designated as “gatekeepers” give users the “specific choice” of opting out of sharing personal data across a platform’s different core services or across any separate services that the gatekeepers manage.

Without gaining “specific” consent, gatekeepers will no longer be allowed to “combine personal data from the relevant core platform service with personal data from any further core platform services” or “cross-use personal data from the relevant core platform service in other services provided separately by the gatekeeper,” the DMA says. The “specific” requirement is designed to block platforms from securing consent at sign-up, then hoovering up as much personal data as possible as new services are added in an endless pursuit of advertising growth.

As defined under the General Data Protection Regulation, the EU requiring “specific” consent stops platforms from gaining user consent for broadly defined data processing by instead establishing “the need for granularity,” so that platforms always seek consent for each “specific” data “processing purpose.”

“This is an important ‘safeguard against the gradual widening or blurring of purposes for which data is processed, after a data subject has agreed to the initial collection of the data,’” the European Data Protection Supervisor explained in public comments describing “commercial surveillance and data security practices that harm consumers” provided at the request of the FTC in 2022.

According to Meta’s help page, once users opt out of sharing data between apps and services, Meta will “stop combining your info across these accounts” within 15 days “after you’ve removed them.” However, all “previously combined info would remain combined.”

Meta relents to EU, allows unlinking of Facebook and Instagram accounts Read More »

Meta verification proved useless—and my family is still locked out of Instagram

account verification, Instagram, Meta, meta verified, Policy / Kelly Newman / January 15, 2024

Enlarge / Meta has a verified program for users of Facebook and Instagram.

Getty Images | Chesnot

The trouble began three days before Christmas. When my sister-in-law Amy tried to log in to her Instagram account shortly before midnight, she was notified that an unauthorized user had tried to access her account. Instagram suggested that she change her password. Wanting to protect the security on her account—an important tool for her successful photography business—Amy did so.

She then tried to log in with her new password but first needed to enter a code to confirm her identity. The code had just been sent to the phone number on her account—a phone number once belonging to her ex-husband but now disconnected.

This was going to be a problem.

Fashion photography and new phones

Amy started her business by posting photos of her two daughters on Instagram, which is how brands like Walmart and Stella McCartney Kids found her. Over time, she expanded her following on Instagram and even used the service’s messaging capability to find and hire models for fashion shoots.

In August 2021, someone successfully hacked into her Facebook account, and as part of the recovery process, Meta recommended that Amy attach a new phone number to her account. So she changed her “recovery” phone number from her personal number to her husband’s number. The two of them were happily married, so this seemed like an easy decision. And because Meta owns Instagram as well, the change affected that service, too. Fast forward two years, and Amy was filing for divorce. As part of that process, Amy removed her husband from their phone service plan. He got a new plan and a new number—and the old number was disconnected.

In all of the turmoil, Amy didn’t remember that she had used her now ex-husband’s phone number for her Meta account recovery until—you guessed it—she received that note in the middle of the night, just days before Christmas.

Getting verified is the answer?

After a mostly sleepless night, Amy woke up on December 23 and scoured Instagram’s and Facebook’s various help pages. There was simply no way to get around the need to access the recovery phone number.

Amy tried calling and texting her ex-husband’s number, asking its new owner for help. But the number had not yet been re-assigned and likely wouldn’t be for months. So Amy spent some quality time on the phone waiting to talk to T-Mobile. Could she buy a new phone and get the old number assigned to it? No chance.

The reality is that Instagram offers little customer support for most users. There is no number to call and no real online support. If you find a telephone number online, it is almost certainly a scam.

But there is one way to get some help: pay up. The “Meta Verified” program costs $14.99 per month and includes “account support” as one of its benefits. So on Christmas Day, Amy pulled out her credit card and got herself verified.

It happened super fast, even on the holiday. Within 30 minutes of submitting her information—a process that involves a copy of a driver’s license—Amy got her verified checkmark. She promptly contacted Meta’s support team, and they said someone would soon reach out with an email link to get her back into her account.

Was this going to be a Christmas miracle?

Meta verification proved useless—and my family is still locked out of Instagram Read More »