When Your Facebook Or Other Online Account Gets Hacked, Who’s Responsible For The Losses?

Justin Donnaruma • December 13, 2023

Share Post

Recently, the CEO of a very successful marketing firm had their Facebook account hacked. In just a weekend, the hackers were able to run over $250,000 worth of ads for their online gambling site via their account and removed the rightful owner as the admin, causing the firm's entire Facebook account to be shut down.


Not only are they uninsured for this type of fraud, but they were shocked to discover that Facebook, as well as their bank and credit card company, was NOT responsible for replacing the funds. Facebook's "resolution" was that there was no fraud committed on their account because the hacker used their legitimate login credentials, and Facebook is not responsible for ensuring you keep your own personal credentials safe and confidential.

Further, they didn't have the specific type of cybercrime or fraud insurance needed to cover the losses, so they're eating 100% of the costs.


Not only are they out $250K, but they also have to start over building their audiences on Facebook again, which took years to build. This entire fiasco is going to easily cost them half a million dollars when it's all totaled.

In another incident, another firm logged into their account to find all of their ads were paused. Initially, they thought it was a glitch on Facebook, until they realized someone had hacked into their account, paused all of their legitimate ads and set up 20 NEW ads to their weight-loss spam site with a budget of $143,000 per day, or $2.8 million total.


Due to their spending limits, the hackers wouldn't have charged $2.8 million; however, due to the high budgets set, Facebook's algorithms started running the ads fast and furious. As they were pausing campaigns, the hackers were enabling them again in real time. After a frantic "Whac-A-Mole" game, they discovered the account that was compromised and removed it.


The compromised account was a legitimate user of the account who had THEIR account hacked. Because of this, Facebook wouldn't replace the lost funds, and their account got shut down, with all campaigns deleted. Fortunately, these guys caught the hack early and acted fast, limiting their damages to roughly $4,000, but their account was unable to run ads for 2 weeks, causing them to lose revenue. They estimate their total damages to be somewhere in the $40,000 to $50,000 range.


When many people hear these true stories (with the name of the companies withheld to protect their privacy), they adamantly believe someone besides them should step up and take responsibility, covering the losses. "It wasn't OUR fault!" they say. However, the simple reality is this: if you allow your Facebook account - or any other online account - to be hacked due to weak or reused passwords, no multifactor authentication (MFA) turned on, improper e-mail security or malware infecting your devices due to inadequate cyber security, it is 100% YOUR FAULT when a hacker compromises your account.


Facebook is just one of the cloud applications many businesses use that can be hacked, but any business running any type of cloud application, including those that adamantly verify they are secure, CAN BE HACKED with the right credentials. Facebook's security did not cause their account to be compromised - it was the failure of one employee.


The BEST way to handle this is to NOT get hacked in the first place. Here's what you need to do to protect yourself:

  • Share this article to make sure your staff is aware of these types of scams. Cybercriminals' #1 advantage is still hubris; businesses and most people in general insist that "nobody would want to hack me" and therefore aren't extremely cautious with cyberprotections.
  • Make sure you create strong, unique passwords for EACH application you and your team log into. Use a good password management tool such as iCloud Keychain or 1Password to manage this, but remember IT MUST BE USED IN ORDER TO WORK. For example, don't allow employees to store passwords in Chrome and bypass the password management system.
  • Minimize the number of people logging into any account. If someone needs access, give them that access and then remove them as a user ASAP immediately after. The more users you have on a cloud application, the greater the chances are of a breach.
  • Make sure all devices that touch your network are secure. Keylogger malware can live on a device to steal all of your data and credentials.


If you want to ensure your organization is truly secure, click here to request a free Cyber Security Risk Assessment to see just how protected your organization is against known predators. If you haven't had an independent third party conduct this audit in the last 6 months, you're due.


It's completely free and confidential, without obligation. Voice scams are just the latest in a tsunami of threats aimed at small business owners, with the most susceptible being the ones who never "check the locks" to ensure their current IT company is doing what they should. Claim your complimentary Risk Assessment today.


Justin Donnaruma

December 13, 2023

By Justin Donnaruma November 6, 2024
Phishing attacks are the most common cybercrime attack for one reason…they work. Every day, over 3.4 billion spam e-mails reach unsuspecting users' inboxes. Phishing e-mails have held the top spot as the most frequent form of attack for years because they're easy to implement, easy to scale and continue to fool people. AI tools like ChatGPT are now making it even easier for cybercriminals to create e-mails that look and sound like they're coming from humans instead of bots and scammers. If you're not careful, the effects of phishing scams can be detrimental. Since it's Cybersecurity Awareness Month and phishing e-mails are one of the top causes of attacks, we created this simple guide to help you and your team successfully identify phishing e-mails and understand why it's so important to do so. What can happen? Here are 4 significant dangers associated with phishing attacks: 1. Data Breaches Phishing attacks can expose your organization's sensitive information to cybercriminals. Once your data is exposed, hackers can sell it on the dark web or hold it for ransom, demanding thousands, millions or even more for its return - and they likely won't return it anyway. This can result in financial and legal repercussions, damage to your reputation and loss of customer trust. 2. Financial Loss Cybercriminals often use phishing e-mails to steal money directly from businesses. Whether it's through fraudulent invoices or unauthorized transactions, falling victim to phishing can have a direct impact on your bottom line. 3. Malware Infections Phishing e-mails can contain malicious attachments or links that, when clicked, can infect your systems with malware. This can disrupt your operations, lead to data loss and require costly remediation efforts. 4. Compromised Accounts When employees fall for phishing scams, their accounts can be compromised. Attackers can then use these accounts to launch further attacks or gain unauthorized access to sensitive company data. And the list goes on. However, there are actions you can take to prevent becoming the next victim of a phishing attack. Here is the S.E.C.U.R.E. Method you and your employees can use to help identify phishing e-mails  S - Start With The Subject Line: Is it odd? (e.g., "FWD: FWD: FWD: review immediately") E - Examine The E-mail Address: Do you recognize the person? Is the e-mail address unusual? (e.g., spelled differently) or unknown (not the one they usually send from)? C - Consider The Greeting: Is the salutation unusual or generic? (e.g., "Hello Ma'am!") U - Unpack The Message: Is there extreme urgency to get you to click a link or download an attachment or act on a too-good-to-be-true offer? R - Review For Errors: Are there grammatical mistakes or odd misspellings? E - Evaluate Links And Attachments: Hover over links before you click them to check the address, and do not open attachments from anyone you don't know or weren't expecting to receive mail from. It's also important to have a cybersecurity expert monitor your network and eliminate e-mail spam before your employees can make a mistake. Make sure you're taking proper precautions to protect your network. These phishing attacks work and happen all the time. We don't want YOU to be the next victim. If you need help training your team on cybersecurity best practices or implementing a robust cybersecurity system, or just want a second set of eyes to examine what you currently have in place and assess if there are any vulnerabilities, we are ready to help. Call us at (207) 300-2300 or click here to book a call with our team.
By Justin Donnaruma October 30, 2024
National Public Data confirmed in September 2024 that a hacker has compromised the personal records of millions of individuals. The information exposed includes the names, e-mail addresses, mailing addresses, phone numbers and even Social Security numbers of up to 2.9 billion people. Here's what you need to know. What happened? National Public Data, a consumer data broker that specializes in providing criminal records, background checks and other forms of data to private investigators, consumer public record sites, human resources, staffing agencies, the government and more, was hacked. The incident is believed to have started in December 2023 when a third-party bad actor attempted to gain access. In April, a cybercriminal named "USDoD" posted the stolen data online in a popular criminal community. On August 6, the stolen dataset resurfaced, this time posted for free to several breach forums for anyone to access and download. The sensitive, personally identifiable information released included names, addresses, phone numbers, e-mail addresses and Social Security numbers for millions of people, some of whom are deceased. The data also contained previous addresses and, in some instances, alternate names. The official data breach notice that was filed in Maine indicated that 1.3 million records may have been breached; however, some lawsuits are suggesting as many as 2.9 billion records have been exposed. As the investigation continues, many cyber experts are finding that some of the data released was inaccurate, and aside from the Social Security numbers, most of it is already public and easy to find online. So why is this breach dangerous if the information can be found with a quick Google search? There are several reasons to be concerned. Having all this critical information in one place makes it easy for criminals to use the information needed to apply for credit cards and loans or open new bank accounts. The information included, such as childhood street names or the last four digits of your Social Security number, are often answers to security questions and can help hackers bypass authentication and access your private accounts. Some cyber experts are suggesting watching for a surge in phishing and smishing (phishing over SMS) attacks as well. Can you be affected even if you've never heard of National Public Data or purchased data from them? Yes! Just because you haven't interacted with them doesn't mean other organizations, businesses, landlords, etc., haven't leveraged their resources to dig up information on you. What should you do to protect yourself? Step 1: Check to see if your data has been exposed. You can use tools like https://npd.pentester.com/ to find out if your information has been compromised. If so, it's important to take immediate action. Step 2: Request a copy of your credit report and then freeze your credit. One of the best ways to protect your identity is to freeze your credit and set up alerts. This prevents criminals from opening up new lines of credit in your name. To do this, contact all three major credit bureaus - Equifax, TransUnion and Experian - and request a freeze. The process is free and should take you less than 10 minutes per site to complete. If there are others in your house over the age of 18, it's a good idea to freeze their credit too. Anyone with a Social Security number is vulnerable following a breach of this size. Once you have a copy of your free credit report, review it for anything that you didn't authorize. Don't forget to set up alerts and review your credit regularly. Step 3: Watch out for phishing scams. As mentioned, many cybercriminals will try to leverage this information to scam you through phone calls, text messages, e-mails and even social media sites. Be cautious! A data breach is devastating for everyone involved - the business hacked and the customers or employees whose data is leaked. As a business owner, it is your responsibility to make sure you are taking the highest precautions to protect your business and its data. If you want to do a full assessment and find out if any of your information has been leaked or if your network is vulnerable to a breach, we'll do a FREE Security Risk Assessment. This deep dive into your network will provide you with a blueprint for security steps to take. To book yours, call our office at (207) 300-2300 or click here .
By Justin Donnaruma October 23, 2024
Software updates can feel like a nuisance, but skipping them is one of the easiest ways to leave your systems vulnerable to cyber-attacks. Hackers are constantly looking for weaknesses, and outdated software is like an open door to your network. But how do you know when it's time to update, and should you always trust your computer to tell you? Here are five clear signs it's time to update, plus tips on how to handle updates safely. 1. Your Software Is No Longer Supported If the software provider has stopped releasing updates for your current version, it's a major red flag. Unsupported software often has known vulnerabilities that cybercriminals can easily exploit. Check for announcements from your software providers about end-of-life support and upgrade as soon as possible. Tip: Don't wait for the software to "break" before updating. Plan ahead and migrate to newer versions while you still have full support. 2. You Notice Slower Performance A sudden slowdown in your software's performance can be a sign that it's out-of-date. Newer versions of software are optimized to run more efficiently, and skipping updates might leave you with buggy, sluggish software. Tip: If you notice performance drops, check the settings for pending updates or visit the provider's website to manually download the latest version. 3. You Receive Security Alerts Has your antivirus or security software flagged vulnerabilities in an application you use? If so, an update is likely overdue. Cybercriminals thrive on exploiting security gaps in outdated software. Always pay attention to security alerts and take them seriously. Tip: Use a trusted antivirus tool that can integrate with your software and alert you when updates are needed. Make sure you verify the authenticity of any update alerts before clicking. 4. You Haven't Updated In Over 6 Months If it's been more than six months since your last software update, you're probably due for one. Many providers release updates on a regular schedule to patch vulnerabilities and enhance features. Tip: Set a reminder to check for updates regularly, rather than waiting for the computer to alert you. This is especially important for critical software, like operating systems and antivirus programs. 5. New Features Have Been Announced Sometimes updates come with more than just security patches - they also bring new features. If you hear about exciting new functionality that you don't have, it's a sign you're behind on updates. Tip: Keep an eye on announcements from your software providers. Follow their blogs or sign up for notifications so you're always aware of improvements. How To Update Safely While updating software is crucial, you should always be cautious about how you do it. Here's how to ensure your updates are safe: - Verify The Source: Always download updates directly from the provider's official website or trusted app store. Avoid third-party sites or suspicious links. - Back Up Your Data: Before any major update, back up important data to an external location. This ensures that if something goes wrong, you won't lose critical files. - Restart Your Device: Once the update is complete, restart your computer to ensure that the new features and patches are properly installed. By staying on top of software updates, you're not only improving performance but also protecting your systems from potential threats. Don't wait until it's too late - keep your software up-to-date and ensure your network stays secure. Need help managing your software updates? Call us at (207) 300-2300 or click here to schedule a consultation.
Show More