Connect with us

Hi, what are you looking for?



State AGs Send Letter to Meta Asking It to Take ‘Immediate Action’ on User Account Takeovers

A group of 40 state attorneys general have sent a letter to Meta expressing concern over Facebook and Instagram account takeovers.

Facebook account takeovers

A group of 40 state attorneys general have sent a letter to Instagram and Facebook parent company Meta expressing “deep concern” over what they say is dramatic uptick of consumer complaints about account takeovers and lockouts.

The attorneys general called on Meta to do a better job preventing account takeovers — when malicious actors take a users’ accounts, lock them out by changing their passwords, and post their own material, read private messages, scam contacts and engage in other harmful or illegal behavior.

The letter asks Meta to take “immediate action to increase mitigation tactics and respond to users whose accounts have been taken over.” It also asks the Menlo Park, California-based company to provide information on the number of account takeovers over the past five years, the suspected causes of the increase in account takeovers and safeguards it has in place.

“Consumers are reporting their utter panic when they first realize they have been effectively locked out of their accounts,” says the letter dated March 5. “Users spend years building their personal and professional lives on your platforms, posting intimate thoughts, and sharing personal details, locations, and photos of family and friends. To have it taken away from them through no fault of their own can be traumatizing.”

Even worse, the letter says, the takeovers pose a significant financial risk to users, who may be running businesses or have credit card information linked to their social media accounts.

In a statement, Meta said scammers are constantly adapting to evade crackdowns.

“We invest heavily in our trained enforcement and review teams and have specialized detection tools to identify compromised accounts and other fraudulent activity,” the company said. “We regularly share tips and tools people can use to protect themselves, provide a means to report potential violations, work with law enforcement and take legal action.”

Related: Meta Patches Facebook Account Takeover Vulnerability

Advertisement. Scroll to continue reading.

Related: New York Attorney General Fines Vendor for Illegally Promoting Spyware

Related: EU Watchdog Urged to Reject Meta ‘Pay for Privacy’ Scheme

Written By


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Shay Mowlem has been named CMO of runtime and application security company Contrast Security.

Attack detection firm Vectra AI has appointed Jeff Reed to the newly created role of Chief Product Officer.

Shaun Khalfan has joined payments giant PayPal as SVP, CISO.

More People On The Move

Expert Insights

Related Content

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to and Exchange Online.


US National Cybersecurity Strategy pushes regulation, aggressive 'hack-back' operations.


Companies have announced securing billions of dollars in cybersecurity-related contracts with the United States government in 2022.


Private equity giant plans to buy Forcepoint’s Global Governments and Critical Infrastructure (G2CI) business unit for $2.5 billion.

Cloud Security

Redmond is accused of “negligent cybersecurity practices” that enabled a successful Chinese hack of the United States government.


NIST releases Cybersecurity Framework 2.0, the first major update since the creation of the CSF a decade ago.


CISA has described and published a set of principles for the development of security-by-design and security-by-default cybersecurity products.


The proposed UK Online Safety Bill is the enactment of two long held government desires: the removal of harmful internet content, and visibility into...