When Linda’s Facebook account was hacked, she knew exactly what to do: she quickly reset her password, then logged in to assess the damage.
Someone had used her account to create a fake business at a non-existent address, then run Chinese-language ads for watches. She stopped the ads from running, but still had access to what she assumed to be stolen credit cards that the hackers used to pay for the ads. She contacted Facebook, and after weeks of back-and-forth, realized just how little their support team could do to help get rid of the ad accounts.
“I couldn’t delete the credit cards or the accounts,” said Linda, an attorney who asked Digital Trends not to use her full name because she was the victim of a crime. “Facebook support said they couldn’t delete them either, which seemed like a flagrant lie.”
Facebook’s billions of users have little recourse when their accounts are hacked or otherwise compromised. The social network uses automated systems to detect suspicious activity and reset people’s passwords, but anything beyond that forces users to wind their way through an unhelpful labyrinth of customer support reps with limited administrative access. Or they might not be able to reach a human being at all.
A recent $5 billion settlement with the Federal Trade Commission (FTC) brought along with it a slew of new privacy rules for the company, which CEO Mark Zuckerberg said would require the work of “hundreds of engineers.” But when it comes to customer service staff – representatives needed to deal with users who are confused or need help in the aftermath of an account hack – Facebook is lacking, according to consumer advocates and users who have dealt with hacks firsthand.
“Generally speaking, [Facebook’s customer service] is not very good,” said Jillian York, Director of International Freedom of Expression at the Electronic Frontier Foundation, a digital civil liberties advocacy group.
Contacting an actual human being to help you is so difficult that scammers have created fake Facebook help lines to steal data or money from frustrated users. York told Digital Trends that the best way to get help at Facebook is to either be famous and have an agent who can handle requests for you, or to know someone who works at the company.
“If you know somebody at the company or you know someone like me, who has access to people at the company, it can be fairly easy,” she added. But if you’re one of the billions of users without those kinds of connections, you’re often stuck dealing with automated systems, she said.
The Facebook Help Center gives you no obvious way to directly contact Facebook support. Instead, users often have to deal with FAQs, chatbots, and forums – not real, human Facebook reps who can deal with a unique problem brought on by a hack.
Here’s the thing about Facebook’s customer service: their users aren’t actually customers. Aside from advertisers who are actually paying Facebook, most users are the product — Facebook wants their data to use for ad targeting. It means that there’s little incentive for Facebook to do better when it comes to providing support after hacks or stopping account compromises in the first place.
“You would think that it would be in their interest to improve their security practices,” said Christine Bannan, a consumer protection counsel at the Electronic Privacy Information Center. “But the history of Facebook has shown the company to be more interested in growth and ad revenue and prioritizing that over security.”
Bryan Haskins, a self-described “power user,” is an actual paying customer. He uses Facebook ads to promote his two businesses in Mount Pleasant, South Carolina. Haskins, who’s been on Facebook pretty much since its inception, was locked out of his account earlier this month due to suspicious activity. Even Facebook’s automated tools, he couldn’t reactivate his account – and was stuck with little recourse, since Facebook support typically goes through Messenger, which you can’t access without an account.
“I’ve Googled every number possible, but their help center is focused on helping you after you log in,” he said. “I couldn’t log in.”
So my @facebook account got temporarily locked. I have no idea why, and there is no way to contact live help. None of my emails are being responded to, and when I try to “unlock” the account using their “Help” center, I get this screen: pic.twitter.com/gdHbSav4Cz
— Bryan Haskins (@HaskinsBryan) July 16, 2019
Haskins buys ads through Facebook to find clients for his legal and real estate businesses. Without the ability to log in, his ads kept running — and his credit card was still charged — but he couldn’t respond if a prospective client messaged him. He tried sending emails to Facebook’s phishing and advertising support email addresses, messaged them on Instagram, tagged them in tweets, and didn’t hear back.
“I was just kind of lost in the Facebook world,” he told Digital Trends. “This is the longest I’ve been without going on Facebook since 2006.”
After a week and a half, he finally regained access to his account on Tuesday – but he never heard from Facebook about why he lost access in the first place.
Consumer advocates say it’s unlikely that Facebook sees customer service as a priority, even in light of the $5 billion FTC settlement.
“Facebook is a company that’s infamous for its poor – and at times seemingly non-existent – customer service,” said Joseph Ridout, a spokesman with Consumer Action. “None of this [$5 billion] settlement appears to be dedicated toward improving that customer service or making the user interface more manageable for people who experience problems.”
“I wouldn’t say that they’re not capable of dealing with consumers’ privacy issues, I would say they’re more than capable of it, but they’re totally uninterested because it’s not a profitable activity,” Ridout added.
Linda ran into the problem firsthand when she spent weeks dealing with Facebook trying to delete the ad accounts make by the person who hacked her account. In emails between her and Facebook that were reviewed by Digital Trends, a Facebook Global Marketing Solutions rep initially promised to delete the accounts on July 1. A few days later, the same rep told her that she didn’t need to delete the accounts and that she’ll “be fine” with them remaining online. One rep seemed to think she was an advertiser, not a regular user whose hacked account had been used to fraudulently purchase ads.
Eventually, a rep told her that no one at Facebook had enough control over the platform to delete the accounts.
“”While I do understand that you may have not created the Ad Accounts, or the Business Managers, we do not have a way to delete Ad Accounts, or Business Managers,” wrote a person who identified herself as Colleen with Facebook’s Global Marketing Solutions.
“We will now consider this issue resolved, as we are unable to provide any additional information,” she wrote in another email.
Linda tried to delete the accounts herself, but ran into error messages. They’re still there, stolen credit cards and all, ready to have ads re-activated.
“There are just these unauthorized accounts that are attached to mine. I really don’t know how they work or if someone can still access them,” said Linda, adding that she’s worried she could be held liable for fraudulent charges made by the Ad Accounts. “If you get hacked and someone creates these fake accounts, they’re just going to exist forever.”
At a company as big as Facebook, the customer support team might not have the kind of engineering or platform access it needs to truly help the victims of hacked accounts. If a support rep is a third-party contractor – and Facebook has been known to hire thousands for various needs – they might have very limited access to Facebook’s internal systems.
Digital Trends reached out to Facebook to ask how many support reps the company employs, whether they are full time or contractors, and if it plans to expand its customer support in the wake of the $5 billion FTC settlement. We didn’t hear back, but will update this story if we do.
York from the EFF said that Facebook’s billions of users makes creating an effective a daunting task, they have an obligation to their users to create a more transparent system.
“I understand that they might be concerned about being overloaded because they do these things so badly, but I think they really need to invest in reasonable customer service,” said York. “By choosing to keep their systems free and how they exist right now, they’re making a statement about how they don’t really have to help anyone.”
- Facebook to pay a historic $5 billion penalty in final settlement with FTC
- Facebook let advertisers target you using two-factor authentication numbers
- The FTC’s $5 billion privacy fine on Facebook could’ve been much, much bigger
- Millions of phone numbers linked to Facebook found in exposed database
- Looking forward to that $125 Equifax settlement? FTC says it will be much less