Viewing a single comment thread. View all comments

Ditovontease t1_iwzikql wrote

Apparently this has been happening to random local business pages everywhere... guess fb had a security breach again?

8

CptJaxxParrow t1_ix0d73p wrote

Happened to me. They use business pages to run phishing ads. They add themselves as an admin on the business page and start running their ads. In order to make sure the actual owner cant put a stop to it, they take over the admin page and post porn or child exploitation images to have the algorithm lock them out.

I got mine back after 4 months and am still fighting the $11000 ad bill they rung up

5

OnARedditDiet t1_ix10e0u wrote

It's unlikely a security breach, more likely got phished or just a bad password

Enable 2fa yall

1

borari t1_ix16qdb wrote

That's 100% a security breach. A security breach isn't just Cobalt Strike implants beaconing out from your systems, it includes stuff like social media account takeovers, business email compromise, etc. Any respectable SOC or IR team will have a playbook for this type of situation. It's not any sort of data exfiltration where people's PII is at risk, which is what I think you may have been trying to get at.

0

OnARedditDiet t1_ix18vl8 wrote

It's a breach of whoever's account not of Facebook.

You're not activating facebooks SOC because 1 (non-paying) customer was phished.

Edit: I would assume Byrd theater does not have a full time IT employee or a MDR contract.

2

borari t1_ix1d6of wrote

Nobody said anything about Facebook getting hacked, or Facebook's IR team. I was just saying that an arbitrary company with a respectable SOC/IR team would have a playbook for dealing with social media account compromise in addition to their playbooks for ransomware, c2 beaconing alerts etc., because a compromised social media account is a compromised business asset, which is a security breach.

0

OnARedditDiet t1_ix1dswb wrote

Nobody said facebook had a breach except the comment I was replying to...

https://old.reddit.com/r/rva/comments/yzcgnp/byrd_theaters_facebook_page_got_hacked_everyone/iwzikql/

I understand your point but the only thing I'm saying is that it's unlikely that this one page was impacted by a facebook security breach (if there was one).

2

borari t1_ix1e2c9 wrote

Ah. I'm a complete idiot. I was over here thinking "of course The Byrd suffered a security breach, what else would this be?". Ignore me.

2

nartarf t1_iwzk3oc wrote

It’s the workers who were paid shit to admin the pages trying to get their moneys worth.

−14