back to article We're not Meta support: State AGs tell Zuck to fix rampant account takeover problem

A group of 41 US state attorneys general, tired of serving as a customer complaint clearinghouse for Facebook and Instagram users, have sent a letter to Meta asking it to figure out how to reduce a "dramatic and persistent spike" in account takeovers. In a letter [PDF] dated March 5, the AGs said their offices have received …

  1. DrG

    Pendantic

    "...dramatic and persistant spike in account takeovers"

    How can a spike be persistant...? Wouldn't it be a plateau?

    I'll see myself out.

    1. cyberdemon Silver badge
      Coat

      Re: Pendantic

      You forgot your coat.

      It's only a plateau if it has levelled off.. If it is still rising then it's still a spike, and is (for now) persistent?

      I'm sure it has nothing at all to do with oncoming elections in the US and UK ...

    2. Ace2 Silver badge
      Coat

      Re: Pendantic

      It’s “pedantic,” not “pendantic.”

      1. Michael Wojcik Silver badge

        Re: Pendantic

        Yeah, a pendant is when it goes down, not up.

  2. chuckufarley Silver badge
    FAIL

    This is an easy problem to solve...

    ...because all that is needed is to make account take overs unprofitable for Antisocial Networks. That might be a step towards turning them into Social Networks again. However, as long they can make money the easy way and avoid all obligation of protecting the people they use on a daily basis this will continue to happen. At this rate we'll be lucky if ever gets upgraded to a game of whack-a-mole.

  3. Suburban Inmate
    Big Brother

    FailBook and the other big ASNs are powerful enough not to need to give a toss. They don't care about users and accounts the same way powerful regimes don't have to care about human rights or international law.

    Both WasteBook and the Xitter are plagued with rampant spammers and scammers so obvious that I could probably bash out some code in qBasic to flag at least half of it, even after 20 years away from coding. Their systems are perfectly capable of recognising the crud; they have no trouble "de-boosting" user content that displeases The Party™. Likewise they could flag accounts that have been taken over. For instance when a ton of content gets deleted, completely new person in the profile pic, change in writing style, and pictures that are obviously screencaps from grumble vids or show up on Google reverse image search and/or TinEye.

  4. anonymous boring coward Silver badge

    "Facebook doesn't have control over telecom providers who reissue phone numbers or with users having a phone number linked to their Facebook account that is no longer registered to them,"

    So perhaps you shouldnt rely on them being static then? Since they aren’t…

    Christ, the arrogance…

  5. abend0c4 Silver badge

    Linking credit cards to their Facebook accounts

    What could possibly go wrong.

  6. Mike Friedman

    This is a real problem....

    Happened to my husband. He wasn't a heavy Facebook user, but one day couldn't log in and was never able to recover the account despite repeated attempts. He finally gave up.

    1. A2Wx8
      FAIL

      Re: This is a real problem....

      It's happened to several pages I follow. They were taken over by people who, for some reason would just spam it with garbage "viral" videos until it died, meanwhile Facebook support is saying "huh, this WWII history page is suddenly posting dashcam videos. Well, I don't see a problem here, ticket closed."

    2. Blue Pumpkin

      Re: This is a real problem....

      Think of it as a gift .....

  7. The Man Who Fell To Earth Silver badge
    FAIL

    Phone number recycling

    Moving one's cell number when one changes providers is trivial in the US. Very few people change numbers to avoid a harasser. Most change numbers because they didn't pay their phone for some period of time, or are trying to avoid bill collectors, or some other dumb ass reason.

    It would not be an undue burden on cell phone companies to require numbers be deactivated for some amount of time, measured in years, before being recycled. These days, in the US, area codes are meaningless so phone numbers really are 10 digits (not counting the 11th US country code digit which is optional inside the US), so roughly 10 billion possible numeric combinations most of which work as phone numbers. Mandatory retarding the recycling of phone numbers would benefit a lot more important things that Farcebook, like 2FA of bank accounts and such.

    1. aerogems Silver badge

      Re: Phone number recycling

      We don't have time for rational solutions!

      -- George Carlin

    2. rw.aldum

      Re: Phone number recycling

      Or you could just 2FA using a 2FA app…

      SMS isn’t secure. And there are some companies (Uber as an example) which you can log in completely just using an SMS OTP - which has my credit card on it…

      The point being, multi layer security is supposed to be implemented with thought, not just to tick a tickbox.

  8. Sora2566 Bronze badge

    Just to play devil's advocate for a minute here, what do the AGs want Facebook to do? If the account has its phone number reassigned and/or suffers from a credential stuffing attack, then what's happening is that the attacker is logging in using the valid user's password and with their 2FA code. How are they supposed to know that this isn't the user?

    I'm sure they want Facebook to "find a solution", but aside from forcing mass adoption of Passkeys, I'm not sure what Facebook can do? (And then we get into the problems of re-educating the tech-illiterate masses as to what a passkey is and locking them into their current tech ecosystem...)

    1. 43300 Silver badge

      "I'm sure they want Facebook to "find a solution", but aside from forcing mass adoption of Passkeys, I'm not sure what Facebook can do? (And then we get into the problems of re-educating the tech-illiterate masses as to what a passkey is and locking them into their current tech ecosystem...)"

      Systems to detect multiple changes to an account, changes in style, frequency of posting, etc. Then they'd need enough staff to review the borderline cases manually, and to deal with people contacting them where the changes were genuine. None of this is impossible, but it costs.

  9. benderama

    The reliance on bots and walls of support text instead of a human to interact with is perhaps starting to bite these companies. Just try and get someone useful at Google, Facebook..

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like