Residents Facebook Page Hacked

One night I was viewing my local community residents page just to see what news is going on around the town I grew up. Since living out of state, I would always like to see how my old town is doing since I left it about three years ago.

Then all of a sudden we’ve noticed that the community Facebook page was acting a little abnormal. At first there was spam posts and then the community page banner was changed to a cartoon. By then all types of alarms were being set off as myself and other members noticed that the page was acting extremely bizarre. Following that the residents Facebook page was completely closed out from commenting or posting until two weeks. It was then and there I knew I had to act fast because here at Reywins, we’re trained and educated in dealing with Cybersecurity Incidents. The residents community page is a very important medium because all local residents would write posts looking for babysitters, local repairs, recommendations, and local events for over 16 years.

Heck, I even used the community Facebook page when my son was younger and needed assistance with babysitting. With the help of my local school friend, we were able to reach out to the individual that claimed his account was hacked. To make matters worse, the subject deleted all group admins so no other member was able to cut off the subjects access to the Facebook page. This was very troublesome because nobody else had access with the admin features, except for this individual. To make matters worse, the individual closed all group access from posting/commenting, and even was unable to grant admin access to those who were disabled. Also, this occurred right around 4th of July! Can you believe it?!

The Recovery

After reaching out to the individual who claimed he was hacked, I was able to communicate with him via Facebook Messenger calling feature. Additionally, I took advantage of Facebook Screen Share and viewed what the individual was able to see on their cell phone. From there I was able to communicate and navigate the settings on how to my account as an admin. We ran into a bunch of issues by not having my account (or any account in general) become an admin. The remedy was to send an invite to my personal email to become a member and an admin. Once I’ve accepted the invite after a few times the admin feature became available to the individual. It was apparent that the backend of Facebook was having a lot of issuing keeping up with the constant updates and changes that was performed by the individual. Luckily, the method that I’ve used worked and from there the individual removed his admin access and I was the lone admin. The first action was to make the community page become private from public. This would remedy any spam accounts from joining the page.

Post Recovery

After I became admin I was able to calm down the environment by pinning a post advising everyone that things would return back to normal. I’ve inquired to the local town mayor to let him know what has occurred and a game plan on how to ensure that the 16 year old residents page would return to its availability and integrity. With local residents recommendations I’ve enlisted a team of admins and moderators that would help assist with the cleanup process. We’ve also raised Cyber Security awareness to the group on how to look out for fake accounts vs normal accounts. We’ve change the community page to private and I set up security controls to filter out fake accounts and spam posts. In order to join the group, users would need to fill out a questionnaire, otherwise they would not be eligible to join the community page. Since then, we have been able to remove over 400 fake accounts from the residents page and maintain the integrity of the community’s Facebook page.

I was able to conduct a post analysis report to the residents mayor and provided detailed information on the steps I took and my outputs from the investigation. I did this all voluntary as well because being a native of my community, doing this all for free was the least I could do. Normally Security Analysts charge anywhere from $200 to $250 an hour. But for me, it was priceless to keep the community page alive.

Lessons Learned

The lessons learned from here is NEVER to provide admin access to any individual who cannot be vetted to maintain any community page in goodfaith.

Our existing team is monitoring the community residents page and since then I have become a full-time volunteer as a result.

We were able to conduct a post Analysis Security Report and provided a detailed explanation to local town officials.

To date and going forward the community Facebook page will remain available and accessible to all town residents. Either local, new, or old, everyone will continue to have access to it.