Meta — the owner of Facebook, Instagram, WhatsApp and other services — is under pressure from Arizona’s Kris Mayes and 40 other attorneys general to overhaul its account security after an notable increase in user accounts being hijacked.
When the Facebook and Instagram accounts of users are stolen, the original owner is often locked out because the scammer will change the password and recovery email.
From that point, the hijacker has access to everything in a user’s account, ranging from sensitive personal information and family photos to messages with other users.
They often use hijacked accounts to pose as a trusted friend or family member requesting money or other services — or even post things that would hurt the original user's reputation.
“Meta reported $63 billion in profit last year alone. A company of this size should be more than able to fund IT security and customer service operations that can appropriately support and protect its user base,” said Mayes.
The bipartisan effort from Mayes and the other attorneys general outlines some procedures that Meta can take, such as increasing staffing to handle account takeover complaints.
The attorneys general have also said that Meta needs to develop new ways for its users to protect themselves.
“We invest heavily in our trained enforcement and review teams and have specialized detection tools to identify compromised accounts and other fraudulent activity,” Meta said in a statement.
Tips to protect online accounts
A strong password using special characters makes it more difficult for scammers to guess a user's password and gain access, according to the Arizona Department of Economic Security.
Two-factor authentication (2FA for short) ensures that any time someone logs into an account, another of the owner's devices will notify them and prevent someone else from logging in unless the user approves it.
Watch out for phishing attempts in plain sight. A popular technique for scammers — particularly on platforms like Facebook and Instagram — is to post text that says, “I bet NOBODY remembers the name of their first-grade teacher!” These posts are bait for people to give out answers to popular security questions, which are often asked when a user tries to reset their password.