Recently, I did the thing you are never supposed to do: I clicked on a weird Instagram link. Predictably, my account got hacked. The hackers changed the email and phone numbers associated with my account, changed my username, and started DMing everyone I know about weird crypto schemes and posting that I started a clothing line. Thanks to Slate’s contacts at Meta, I was able to email a real person at the company and get my account back. But for users who don’t have a personal connection to Meta, there is no reliable way to get a hacked Facebook or Instagram account back. These accounts may hold a lifetime’s worth of pictures of loved ones, or be the basis for an entire small business; when they get hacked, it can feel like losing an appendage. So why doesn’t Meta seem to care about the issue?
On a recent episode of What Next: TBD, I spoke with Kirsten Grind, investigative reporter for the Wall Street Journal, about why Meta makes it so hard to get your hacked account back. Our conversation has been edited and condensed for clarity.
Lizzie O’Leary: Facebook has almost 3 billion active users, Instagram roughly 2 billion, and all of those users like, love, or maybe even depend on their accounts. What options do users have if they lose access to their beloved accounts?
Kirsten Grind: There’s really not much you can do. You would think there would be a customer service email, or a phone line, or at the very least a chat bot. There’s actually nothing. Facebook provides some guidance online for forms that you’re supposed to fill out to get your account back. I’ve heard that that often doesn’t solve the issue, and they just have not built out up into this point any customer service function at all.
When I got hacked, I got a notification from Instagram saying, “The email associated with your account has been changed. If you did not do this, let us know.” But then I ended up in an endless loop of trying to change it and the hackers would just change it right back.
I’ve heard very similar stories where the user goes through the process, sometimes repeatedly and nothing happens, and then when nothing happens and you still don’t have your account, there’s literally no one you can go to for help.
What are some of the more creative ways you’ve heard of people getting their accounts back?
Meta’s virtual reality division at one point had a customer service line, so some people were buying these expensive virtual reality headsets, literally just to get someone in customer service to restore their Instagram or Facebook account. I talked to people who literally spent $300 or $400 on a headset that’s just sitting in their house now just to get their Facebook account back.
Some people have hired lawyers to send scary letters to various people at Meta, but even knowing who to email it to is kind of challenging. Some people have emailed like Mark Zuckerberg, and they just don’t get a response back.
Another common one I’ve heard is finding random Meta employees in your area on LinkedIn and messaging them for help.
When this happened to me, I kept thinking Meta must have teams of people whose job it is to help with this stuff. Do they?
No, they don’t, and there’s a lot of reasons for that. One of the reasons is the expense: Think of having customer service for 3 billion people. The other reason is a cynical reason, which is Meta users are not their customers. We are not paying for this service, so why would they help us? Meta has said in the past that it could be a security issue if they have people on the phone talking to you—maybe they’re actually talking to a hacker? I’ve heard that explanation, too, but it’s unclear why they have no one yet.
What did they say to you in your reporting process?
They said that they’re now looking at building out some kind of customer service function, and they have acknowledged that it’s going to be hard and it’s going to take a while. When I recently reported that Meta employees were themselves, some of them, facilitating this hacking, they of course have said they do not stand for that. They’ve been firing these employees, investigating the issue. So they seem to be on it somewhat, but, man, there’s a lot of users having trouble.
We reached out to Meta for comment. A company spokesperson told us that in 2021, Meta formed a team to improve customer support and started building a customer support platform. They said, “Our goal is to ensure the people and businesses who rely on Meta’s platforms every day can get support when they need it.” Do we have any way of knowing how many users are having trouble?
I’ve never seen a number and I’ve looked for one, maybe not super hard, but I don’t think there’s been one publicly reported.
When I was hacked, I made the mistake of tweeting about it, and it triggered this flood of people replying to me saying, “I run a service that can help you get your account back. DM me here, message me here.” Is there a weird little ecosystem of shady dealers who prey on people who’ve lost their accounts?
100 percent there is. There are these people claiming that they can get your account back, and I’ve talked to users who have literally paid thousands of dollars to these people. However, sometimes it seems to work. So this is the part where it seems like some of these people—and I’ve talked to people who have claimed this—have some kind of in with a Meta employee. So there legitimately does seem to be some people who have some kind of connection to help you get your account back, but then there’s definitely a lot of others that are just taking your money and months go by and nothing happens to your account.
There is an internal channel at Meta that can help people get their accounts back. It’s known as “Oops.”
Oops is a way for Meta employees and contractors to not only help get their accounts back but also their friends and family. It’s supposed to be for people you know, business partners, someone on Mark Zuckerberg’s team, or something like that, but it’s just so many people are having trouble with their accounts that the number of so-called tasks happening in this Oops channel has just risen over the years dramatically.
The very existence of a channel like that both makes total sense and is a wildly inequitable system. Like, “Oh, you have to know someone whose cousin works at Facebook in order to get your name in front of a human.”
It wasn’t initially founded that way because these problems with hackings seem to be more prevalent in recent years. And so I think it wasn’t set up that way, the Oops channel. It was truly supposed to be just an internal system for employees and not this sort of backdoor way for all users to try and get help.
Who has access to it?
Meta employees, but also contractors, which is very odd, like physical security guards that are stationed in Meta offices. As part of the process of working for a Meta location they’re onboarded to be able to use the system, and so that sort of opens the door for a lot more access than just employees.
Perhaps it was inevitable given the amount of power involved that the Oops system would be abused too. You broke a story showing that Meta was investigating employees and contractors for basically selling their access to it. Can you tell us more about that story?
What some employees allegedly were doing was actually aiding the hackers, so they would accept a bribe from a hacker to get access to a user’s account. So basically it was a way for someone on the outside to easily access Facebook user data, which is just terrible. This is obviously a huge problem that Meta is aware of and is investigating, because you can’t have your own employees and contractors improperly accessing user accounts.
Do we know how many people had access to the Oops channel?
Most employees and a lot of contractors, so thousands and thousands of people have access to file an Oops claim through that channel. What we reported in our most recent story was that Facebook was investigating more than two dozen employees and contractors for improperly accessing those accounts.
And they have lawyers on it. They’ve been sending these really scary lawyer letters to current and former employees and other intermediaries who are facilitating this access of accounts, so they’re definitely aware of it.
Someone could listen to this and say, “Get over yourself. It’s just your Instagram account, it’s just Facebook. This is not real life.” What would the people you’ve talked to, who have lost their accounts, say to that?
First of all, there’s the category of people that have literally built small businesses around Instagram and Facebook. Their pages are set up to advertise themselves to the world, and they’ve spent years building up followers and all of this. To have that destroyed is just terrible. I personally am most affected by the people who have their life’s memories on Facebook and haven’t thought to save photos. These are often older people. I heard from someone whose parent had died, and all their memories were on Facebook. They could no longer access that account, and they couldn’t get anyone to help them.
Is Meta making any changes to address this?
This has been an issue they’ve been following for about a year now. They’ve been doing this big internal investigation, specifically into the issue of employees improperly accessing user accounts, and so they seem to be on it in that respect. Also, in regards to the Oops channel, they’ve definitely tightened up access, especially among contractors accessing that channel, but it’s hard to say exactly what they’re going to be doing and what’s going to happen going forward. In a way, it hurts users because tightening that one access is, again, the only way for a user to get help sometimes.
In reporting these stories, has it made you think at all about how tech companies think about the users of their services?
I think about that a lot. It’s actually why I get interested in stories like this because strangely sometimes users get overlooked when we cover tech companies. We’re so focused on like “how is Facebook moderating content?” or “how is Elon Musk changing Twitter?” You stop seeing stories about how the user is affected. And the funny thing is, none of these tech companies could exist without the user.
Future Tense is a partnership of Slate, New America, and Arizona State University that examines emerging technologies, public policy, and society.