It was June of 2022 when Heather Dempsey discovered that her Facebook and Instagram accounts had been hacked. Since then, she has been living the ongoing nightmare of trying to recover her accounts and seeking an explanation for what happened.
Heather does not work in a large company, nor does her work relate to the tech industry, the sectors often hit with cyberattacks. Heather is the proud owner of Self-Care Center in Southwest Florida and the founder of Elite Spa Pros Academy. But her social media account takeover is costing her much more than she expected.
“The hack resulted in a lifetime ban from Facebook and Instagram,” Heather explained.
Both of these social media platforms were vital for Heather’s business, as she used them to get clients, often running ads on the sites.
“I was left jobless with no income and had to think fast,” Heather said. “I ended up opening a local business because I wouldn’t have been able to find anything to make ends meet.”
As social media has become a lifeline for influencers, bloggers, and small businesses, the toll of a hacked Instagram, Facebook, or TikTok account can far exceed a few embarrassing spam messages. We spoke to others who have been affected by social media hacks, as well as cybersecurity experts, to understand how common and serious the problem can be.
Social media hacks have heavy consequences
At the time of this writing, Meta, the company that owns Facebook and Instagram, has not lifted the ban on Heather’s account.
“This hack/ban is costing me thousands every month, and I’m not sure my business will ever be the same,” Heather assures.
Moonlock was able to verify some of the information that Heather exchanged with the Facebook support team.
“I don’t know what happened, but some of the claims Facebook made were that the ban was (linked to) sexual exploitation and child exploitation (content),” Heather added. “They said, for security reasons, they couldn’t tell me anymore.”
For the past 18 months, Heather has been through it all. She was blackmailed via email, took her computer to a repair shop in hopes of blocking the attackers, and even had to read through messages from the attackers who assured her that they were “recording” her activities.
Heather refused to pay the attackers, who demanded $400 and gave her a deadline. To this day, Heather still wonders who might be behind the attack. Months after being blackmailed, she realized that the credit card she was using to run ads on Facebook was being charged again for new ads that she did not create.
When hacked account appeals are denied by social media platforms
The responses that Heather received from Facebook only further frustrated her. “No matter how many times I call to appeal it, it goes nowhere,” she said.
But the emotional toll is what she highlights the most. She stored pictures, memories, personal growth, and the history of her business on Facebook — and only on Facebook.
“My dad had somewhat recently passed, my brother a few years before that, so any connection I still had with them is gone,” Heather said about the family photos she lost.
Furthermore, she also lost countless hours appealing and calling Facebook for support. Despite having spent thousands of dollars every month advertising through Facebook and Instagram to keep her business afloat, all she got back were generic responses.
“Not having social media is weirder for a business than not having a website,” Heather said. “People want to be able to look you up to see what is happening in your business, to see that you are legit. Now I have nothing. It could appear that I am not with the times, that I’m an outdated business, or that I’m not a professional.”
People want to be able to look you up to see what is happening in your business, to see that you are legit. Now I have nothing.
Heather Dempsey, Owner of Self-Care Center
Heather still hopes that Facebook will someday pay serious attention to her story and lift the ban on her accounts.
The scary numbers of hacked social media accounts
For Facebook’s Support team, Heather’s story is just a number. Case ID number 1346822579247121, to be exact. And unfortunately, hacked social media accounts are becoming just that — nothing but statistics.
NordVPN says that 2 in 5 Americans have had a social media account hacked, and 9 in 10 know someone who has. The Identify Theft Resources Center (ITRC) adds that social media account takeover is on the rise. The organization states they received 4 times the number of social media account takeover inquiries in 2022 as in 2021 and 40 times more inquiries than in 2020.
According to ITRC victim reports from April 2021 to March 2022:
- 85% of reported victims had their Instagram accounts compromised.
- 70% have been permanently locked out of their social media accounts.
- 71% reported the criminals had contacted additional friends listed in their Friends list.
- 67% said that the criminals continued to post as the account owner after they were locked out.
Experts talk about the dangers of hacked social media
Moonlock reached out to several experts to get their insights on the biggest dangers linked to hacked social media accounts.
Scams and reputational damage
“Once they have control of your social media account, hackers can exploit the trust you’ve built with your audience to trick them into falling for a scam,” Rebecca Morris, founder of Safe Not Scammed explained. “This happened to Vitalik Buterin, the founder of the Ethereum blockchain, when his X (formerly Twitter) account was hacked on September 9, 2023. The bad actors posted a malicious link promoting a fake free NFT and used it to steal nearly $700,000 from followers.”
Jeff Mains, CEO of Champion Leadership Group LLC, said that it’s essential to understand that the impacts can be far-reaching and severe.
“Hacked accounts can be used to spread false information, engage in cyberbullying, or promote malicious content, tarnishing your online image,” Mains added. “This can have long-lasting consequences on personal relationships, professional opportunities, and even legal implications.”
Unexpected ad charges and malware spreading
Morris added that people often use social media for business purposes, and they should keep an eye on unexpected charges. “That’s because hackers can run ads using your account and leave you with the bill,” Morris said.
Scott Trachtenberg, CEO of ADA Site Compliance, also warned that hacked social media accounts are playing a vital role in malware attack campaigns.
“In order to spread malware, hackers can use social media accounts that they have broken into,” Trachtenberg said. “They could provide links to websites that contain malware or distribute files that themselves contain malware. It is possible for followers’ devices to become infected with viruses, ransomware, or other forms of malicious software when they click on these links or download the files, which puts the followers’ safety and privacy at risk.”
Naturally, malware attacks can result in the loss of data, damage to financial assets, and a compromise of personal information.
Deleted content and publication of private information
Hackers can also get their hands on your private information. For example, this can be attained from direct messages you send to your friends or data you have made public.
“Linus Tech Tips, a popular YouTube channel with over 15 million subscribers, learned this firsthand when their account was hacked by crypto scammers in March this year,” Morris said. “In addition to live-streaming crypto scams, the hackers deleted many of the account’s videos and made some private videos public.”
Simon Ryan is the CTO at software development company FirstWave, used globally by over 150,000 organizations, including household names like Microsoft and NASA. Ryan assures that the greatest cost of a social media hack is reputation damage.
“This damage may extend to personal and professional spheres, impacting your credibility and trustworthiness,” Ryan said. “Restoring your reputation after such an incident can be challenging and time-consuming. Therefore, it’s crucial to take preventive measures, such as strong passwords and two-factor authentication, to minimize the risk of hacking and safeguard your online reputation, a lesson I’ve learned through my own encounters in the digital realm.”
Access to your other accounts
If hackers break into your social media accounts, they may be able to use them to take over other accounts that you own. For example, if you use Google to sign in to your Facebook account and your Facebook account gets hacked, the bad actors can log in to your Google account as well.
High-profile accounts are just as vulnerable to hacking
Users should also be aware cybercriminals often hack famous figures or known organizations to target their followers. In fact, the ethical hacker group OurMine took over Facebook in 2020 to prove it was hackable.
Among the celebrity Twitter hacks of 2020, “high-profile accounts like Barack Obama, Elon Musk, and Bill Gates were compromised to promote cryptocurrency scams, impacting their reputation and potentially misleading their followers,” said Aleksa Krstic, the CTO of Localizely.
Similarly, in 2019, hackers gained access to the Facebook accounts of millions of users. Cybercriminals then used the accounts to steal personal information and spread malware. And in 2020, hackers gained access to the LinkedIn accounts of millions of users to send out phishing emails and spread malware.
Kristic said that attackers can take things even further. “The 2013 Twitter breach where hackers compromised the Associated Press’s Twitter account and falsely reported explosions in the White House,” Krstic said, “caused panic in the stock market and briefly affected stock prices.”
Real-life stories of people who have had their social media hacked
As we have seen, the number of hacked social media accounts is on the rise, but it’s also important to understand the real human toll of these attacks. We put out an open call to receive these sorts of stories. In just a couple of days, we got 12 different responses. And while we cannot feature them all, here are some extracts of voices that need to be heard.
A personal and professional life held for ransom by hackers
My name is Yulia Saf, founder of Miss Tourist. Last year, while I was on a trip to a remote destination, my MacBook got hacked, causing serious consequences. The perpetrators accumulated enough private information to impersonate me on my social media accounts, especially Instagram, where I am followed by thousands of people.
The criminals demanded a significant ransom. Rather than immediately complying, I decided to reach out to cybersecurity professionals. While I was seeking help, the hackers began to post inappropriate content and photoshopped images, damaging my online reputation. Financial losses ensued due to decreased audience engagement and partnerships falling through.
The hack was a nightmare because it was a direct attack on my personal and professional life. During this period, I felt a range of emotions, including vulnerability, anger, and distress, concerned about the irreversible impact on my career. The anxiety was overwhelming, knowing that strangers had access to my private information and were using it maliciously.
While I was seeking help, the hackers began to post inappropriate content and photoshopped images, damaging my online reputation.
Yulia Saf, Founder of Miss Tourist
A business nearly destroyed by social media hacking
My name is Liam Lucas. I am the CEO and Founder of Off Road Genius. About a year ago, our company’s Instagram account, which we use as a primary marketing tool, was hacked. The hacker not only sent out spam but also demanded a substantial ransom in return for restoring access. Our follower base of avid adventure enthusiasts was suddenly bombarded with unrelated, inappropriate content.
This incident had a major impact on our brand’s reputation, with followers questioning our security measures and ability to safeguard their data. The hackers even posed as our company, sending messages to followers and other businesses, asking for private information and making fraudulent offers. We eventually managed to regain control of our account and implemented stringent cybersecurity measures. However, the incident served as a stark reminder of the potential consequences of hacking and the importance of robust cybersecurity measures.
The hackers even posed as our company, sending messages to followers and other businesses, asking for private information, and making fraudulent offers.
Liam Lucas, CEO and Founder of Off Road Genius
These are just brief extracts of the many extensive and detailed personal stories we received. And despite being widely different in the details, they all shared certain similarities.
The consequences of a hacked social media account are undoubtedly serious and have profound economic, reputational, personal, and emotional impacts. Surprisingly, one common thread of all the personal stories we received is that those affected all highlighted the need for others to be aware of potential cybersecurity breaches. They hope their stories will serve as a cautionary tale.
Do yourself a favor and take this advice to heart. Observe every precaution to ensure the security of your social media accounts, and stay informed of the latest strategies to protect yourself online.
This is an independent publication, and it has not been authorized, sponsored, or otherwise approved by Meta Inc. or X Corp. Facebook and Instagram are trademarks of Meta Inc. Twitter and X are trademarks of X Corp.