Comments

You must log in or register to comment.

DocMeow3 t1_iwz5gko wrote

Reported. But it’s also kind of funny 😅

65

Ditovontease t1_iwzikql wrote

Apparently this has been happening to random local business pages everywhere... guess fb had a security breach again?

8

predicktable_x t1_iwzt816 wrote

Or everyone should just stop using Facebook since they will likely not help out.

19

dfloyo t1_ix05yfg wrote

This is the most likely scenario. Reusing credentials could also be a part of the problem. If you use the same login and password on two sites and one of them is compromised attackers will figure out where else they can use your credentials.

5

halfghan24 t1_ix08h19 wrote

Maybe they should use some of their “encryption software” they told one of their managers they used to monitor her social media to get to the bottom of this!

It’s not a coincidence that their socials and marketing took a nose dive after losing their social media manager (one of seven managers they’ve lost in less than a year)

30

CptJaxxParrow t1_ix0d73p wrote

Happened to me. They use business pages to run phishing ads. They add themselves as an admin on the business page and start running their ads. In order to make sure the actual owner cant put a stop to it, they take over the admin page and post porn or child exploitation images to have the algorithm lock them out.

I got mine back after 4 months and am still fighting the $11000 ad bill they rung up

5

borari t1_ix16qdb wrote

That's 100% a security breach. A security breach isn't just Cobalt Strike implants beaconing out from your systems, it includes stuff like social media account takeovers, business email compromise, etc. Any respectable SOC or IR team will have a playbook for this type of situation. It's not any sort of data exfiltration where people's PII is at risk, which is what I think you may have been trying to get at.

0

lostspyder t1_ix17akp wrote

The best way is to delete your own Facebook account. That way you're helping out Byrd Theater and everything!

1

OnARedditDiet t1_ix18vl8 wrote

It's a breach of whoever's account not of Facebook.

You're not activating facebooks SOC because 1 (non-paying) customer was phished.

Edit: I would assume Byrd theater does not have a full time IT employee or a MDR contract.

2

borari t1_ix1d6of wrote

Nobody said anything about Facebook getting hacked, or Facebook's IR team. I was just saying that an arbitrary company with a respectable SOC/IR team would have a playbook for dealing with social media account compromise in addition to their playbooks for ransomware, c2 beaconing alerts etc., because a compromised social media account is a compromised business asset, which is a security breach.

0