Communications Litigation Today was a Warren News publication.

41 AGs Urge 'Immediate Action' From Meta to Address Spike in Account Takeovers

The National Association of Attorneys General requested “immediate action” from Facebook and Instagram for the “dramatic increase in user account takeovers and lockouts” on the social media platforms, said their Tuesday letter to Meta Platforms Chief Legal Officer Jennifer Newstead. The letter came on the same day both platforms experienced disruptions when users weren’t able to log in to their accounts for over two hours. Meta issued a cursory tweet on X Tuesday acknowledging the outage but not giving a reason for it: “We know some people were having trouble accessing our apps earlier. Apologies for any inconvenience this may have caused, and thank you for your patience while our teams worked quickly to resolve!” The Tuesday letter, signed by 41 AGs, cited a “dramatic and persistent spike in complaints in recent years concerning account takeovers that is not only alarming for our constituents but also a substantial drain on our office resources.” In account takeovers, threat actors compromise Facebook and Instagram user accounts and change passwords so the rightful owner can’t access the account, the AGs said. The hackers can then “usurp personal information, read private messages, scam contacts, post publicly, and take other nefarious actions,” the letter said. There’s risk of financial harm to those users who use Facebook Marketplace for their business and those who have credit cards tied to their accounts, it said, referencing complaints of hackers “fraudulently charging thousands of dollars to stored credit cards.” In 2019, the New York Attorney General’s office received 73 account takeover complaints on Meta platforms; the number rose to 783 last year, and in January alone, the office received 128 complaints, it said. “While we may not be completely certain of any connection, we note that the increase in complaints occurred around the same time Meta announced a massive layoff of around 11,000 employees in November 2022, which reportedly focused on the 'security and privacy and integrity sector,'” the letter said. The AGs urged Meta to “substantially increase its investment in account takeover mitigation tactics, as well as responding to users whose accounts were taken over.” The AGs “refuse to operate as the customer service representatives of your company,” it said, saying “proper investment in response and mitigation is mandatory." In addition, they requested materials on the number of account takeovers over the past five years; suspected causes of the increase in account takeovers; safeguards in place to prevent account takeovers; current policies and procedures related to Meta’s response to account takeovers; and staffing related to safeguarding the platforms against account takeovers and responding to complaints. A Meta spokesperson emailed Wednesday: "Scammers use every platform available to them and constantly adapt to evade enforcement. We invest heavily in our trained enforcement and review teams and have specialized detection tools to identify compromised accounts and other fraudulent activity." Meta regularly shares tips and tools people can use "to protect themselves, provide a means to report potential violations, work with law enforcement and take legal action," she said. AGs from Alabama, Alaska, Arizona, California, Colorado, Connecticut, Delaware, District of Columbia, Florida, Georgia, Hawaii, Illinois, Iowa, Kentucky, Louisiana, Maryland, Massachusetts, Michigan, Minnesota, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Carolina, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, South Dakota, Tennessee, Utah, Vermont, Virginia, Washington, West Virginia, Wisconsin, and Wyoming signed the letter.