Sheela Lalani is one of many small business owners who rely on social platforms to generate additional holiday income. Her Instagram store of one-of-a-kind, artisan-made kids’ clothes—cutely modeled by smiling kids twirling happily in her dresses—has attracted nearly 13,000 followers. She recently rolled out her holiday collection, when suddenly any hope of promoting her new clothes to followers was abruptly dashed when Meta deleted her Instagram account. They also disabled her personal Facebook account, her Facebook business page, and her latest Instagram boutique profile.
Lalani was appalled, but then the situation got worse. Despite the disabled accounts, the PayPal account she linked to her social media pages to purchase ads to promote her businesses was charged $900. She immediately contacted PayPal to dispute the charge — and wait still on a refund — but she also knew that if PayPal intervened, the bigger problem wouldn’t be solved. Someone had purchased Facebook or Instagram ads using her PayPal account and she felt there was no way she could report this behavior to Meta and stop future payments because Meta had disabled all of her accounts.
“This is so unfair to business owners and seems criminal,” Lalani told Ars.
What happened to Lalani happened to what appears to be dozens of individuals and small business owners complaining on the subreddit, r/facebookdisabledme. A hacker gains access to a Meta account and then adds their account to the business owner’s ad account before deleting the original account owner. At that point, the hacker completely took over the ad account. Then the hacker moves quickly to knock off the original user from Meta before they notice that the ad account has been claimed. To do this, the hacker posts inappropriate content such as pornography, which quickly prompts Meta content moderators to disable the original account. Once an account is disabled, small business owners told Ars that they are “in an impossible position,” just like Lalani. Many entrepreneurs told Ars that any attempt to appeal Meta’s decisions is repeatedly rejected.
“Complaints to Facebook are essentially unheard of,” Darel Parker, who works in network engineering and systems administration and also lost access to his business accounts, told Ars.
Parker collects complaints on the subreddit. He also launched a website to keep track of accounts that were disabled by Meta for being hacked. Last week, he said he lost access to several Instagram and Facebook accounts, as well as two dozen other business accounts that he manages as part of his business. He said that not only are some users struggling to get their money back after hackers took over their ad accounts, but business owners are also dealing with emotional issues, loss of reputation and subsequent loss of income.
When Parker’s accounts were disabled, he reached out to Facebook via email, through the support portal, and tagged Facebook and Meta on Twitter, but like many others on the subreddit, he got no response. So he tried to get over Meta’s head by contacting officials, including the FBI Internet Crime Complaint Center and the California Attorney General.
Other Redditors have posted success stories of contacting the Attorney General and pasting letters they received in response. In those cases, the Attorney General told Facebook users, “We will write to the company you have a complaint against and request a response from them regarding your concerns.” But even those Redditors who are successful report that it typically takes a month for accounts to recover. One Redditor suggested that contacting the Attorney General only helped half the time.
A Meta spokesperson told Ars that the best way to notify Meta of hacked account issues is through facebook.com/hacked and instagram.com/hacked.
“We have invested significant resources into detecting and preventing these types of scams and helping everyone affected regain access to their accounts,” Meta’s spokesperson told Ars. “While many of the improvements we’ve made are hard to see because they prevented people from having problems in the first place, we know that scammers are always trying to get around our security measures. We know it can be frustrating to experience any sort of business interruption, especially at such a critical time of year. We regularly improve our methods to combat these scams and have assembled teams dedicated to improving the support we can provide to people and businesses.”