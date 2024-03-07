Large-scale hacks can be very disruptive, but when individual users and small businesses are hacked it’s much more personal — and just as costly.

When words like “cyberattack” or “hack” pop up in headlines, it’s typically a story of a large company or a local government suffering a security breach. These can be costly and dangerous, like the ongoing pharmacy supplies disruption caused by a ransomware attack on Change Healthcare. But individual social-media accounts and small websites are also frequent targets for hackers, and those attacks can impact small businesses that use platforms like Instagram to promote themselves or even sell their products — we are living in an influencer economy, after all!

Now, a group of 41 state attorneys general have written to Meta about individuals and businesses that have been victimized on its platforms, placing the Facebook and Instagram owner in the spotlight for the poor way it handles such attacks. They say the tech giant’s security measures are inadequate and leave law enforcement with the work of cleaning up preventable online crimes.

The law officials make no bones about why they’re targeting Meta: It’s all due to a “dramatic” spike in complaints concerning user account takeovers, the letter says. This spike in takeovers, Wired explains, is causing what the AG coalition calls a “substantial” drain on government resources because the hacks are often part of financial crimes. How a hack happens, and who gets hurt

This tallies with why and how such takeovers happen. They start when a user’s login credentials are stolen by a malicious actor, which freezes the user out and allows hackers to do whatever they want with the stolen account. Typically, popular accounts with lots of followers are targeted in these attacks. That lets the hackers try to monetize the account for their own gain or, as the attorneys generals’ letter notes, the criminals can access stored credit card information and rack up fraudulent charges. The problem is not only about individual users being defrauded, Wired notes, but also small businesses — which are said to often be the victims of account takeovers, and which can be doubly damaged when the hack results in their accounts being banned. Essentially states are fed up with acting as “customer service representatives” for Meta, which the AGs say is because Meta is simply not investing enough money and effort into preventing account hacks and helping users who have suffered an attack.

Meta, for its part, has attempted to defend itself. In a statement, it pointed out that scammers “use every platform available to them and constantly adapt to evade enforcement,” which is arguably true. The statement also says Meta invests “heavily” in its “trained enforcement and review teams” and has “specialized detection tools to identify compromised accounts and other fraudulent activity,” which may be cold comfort to people who’ve found Instagram’s help team highly unresponsive when they’re seeking help.