NEWS

Monday 10 June 2024

Post by Monica Strut

Our Facebook Page Was Hacked!

Hey there, welcome to our first post! We thought we’d fill you in on some of the Facebook drama!

It’s been one week since we were kicked off our own Facebook page by hackers. It’s been over 8 months since we first alerted Meta that our account had been compromised. Despite us submitting countless tickets, ID, government documents, sworn statements and even paying for a Meta Verified account to get better customer service, our issue has not yet been resolved.

Why is this important?

In 2024, when artists have the power to release music independently and reach fans on their own, an artist’s social media channels are as valuable as a label. But the kicker is, that instead of being beholden to a label, we are now at the mercy of the likes of these social platforms, their ever-changing algorithms and yes, hackers.

To market anything effectively in today’s fast-paced world you need to have multiple ways to communicate with your audience and they need to see the same thing multiple times before it becomes ingrained - this is why having several social channels is important as well as things like PR and street posters, etc. Not only have we lost a key tool to communicate with fans we care about - right in the middle of a single release campaign nonetheless - but we have lost all of the data that page contained.

We are definitely aware TLM didn’t have the biggest following in the world (just under 4k at the time we lost the account). But it was a following we grew and nurtured for five years - we reckon it’s not the size of your fanbase, but the relationship you have with them!

Aside from the loss of connection to the Page’s followers, this hack is a massive data breach and loss. Not only are things like DMs from our followers and possibly their personal information compromised, but we will no longer be able to leverage the history of the page when running ads which will set us back significantly e.g. we won’t be able to target attendees of past shows with ads for new shows in their area - a massive blow.

So, how did this happen?

Long story short, we don’t know! There are a number ways hackers can gain access but we will probably never how they did with us. All we can do is take all the safety precautions and then some going forward and hope it doesn’t happen again.

How did we find out?

Late last year we noticed a fake profile called “Kirk McNeil” had gained access to the Page in August 2023 and added someone called “W D” to our Business Suite with full access. We actually noticed W D first and took to the audit trail which showed us how they got there and that’s when we found Kirk. This access means they can run ads from our account, control content on Facebook and Instagram and more - though they didn’t seem to have taken any action on this yet.

I did some digging and saw Kirk was on my friends list - a pang of guilt ensued - I had never seen his name before but to be fair I have over 3k Facebook friends and like many musicians, I use my page for networking. I get added by randoms all the time because of my band, position in the industry as a music journalist and artist coach. I took a shot and sent him a DM but of course, he never saw it or replied.

W D promptly downgraded mine and Vin’s Business Suite access to ‘Partial Admin’ meaning we could still runs ads, but we could not remove W D or anyone else they choose to add as a controller of our business (our bandmates Ben and Ricky were never admins). After that, Kirk McNeil seemingly disappeared, But W D was a perpetual thorn in our side that would send waves of anxiety through me - usually at 3am - whenever I thought about never being able to run ads ads or having our account compromised.

Fast forward six months, one Meta Verified badge and countless conversations with Meta later, it’s time to release our latest single, The Nihilist. We decided to employee a digital marketing agency to help run ads for the release. We had actually successfully run a handful of ads in the meantime via Vin’s account and figured they could do the same.

After several consults, they encouraged us to push back even harder than before and finally get this resolved for good. We’ve been trying to do this the past few weeks, even having phone and video calls with Meta reps, all ending the same way - them telling us they needed to escalate the matter and closing our ticket.

Page Admin audit trail of all the accounts that have gained or approved access to the account

The Take Over

Last weekend we wrapped our latest tour to celebrate our single, The Nihilist, stoked with how each show went. We returned Monday, very sleep-deprived but on a high, before noticing that Kirk was back…with a vengeance. It seemed our increased reach out to Meta support had put our Page back on the radar of the hackers. They possibly saw the tickets or got asked to confirm identity, and had started to take over the page, for good.

The Last Martyr was now controlled by a Business called Flash Pay (or possibly our old Business Suite changed to that name) and someone called “Rajib Sikder” had the same control of our Facebook Page as we did. It’s important to note that whilst we only had ‘Partial Admin’ control of our Business Suite, up until this point we still had full control of the Page itself.

I promptly kicked him off and alerted the band that time was of the essence. Not only could the hackers add others to control the Page at any time, but they also had the ability to remove us for good. A decision had to be made - and fast - whether to delete the Page whilst we still could, or it be left at the hands of the hackers.

It was a hard one. Deleting the Page made sense, rather than risk losing control entirely and them using it for who-knows-what. But this was 5 years of history, information and memories we’d be saying goodbye to. I figured we’d have at least few hours, or maybe days to decide - after all, this was the only activity the hackers had had in months.

Whilst we deliberated I promptly changed our Page name and URL - something that could not be done again for 60 days. The Last Martyr became ‘TLM Old’ and URL to ‘/tlmoldaccount.’ I then removed key identifiers like our website, email address, and updated the ‘About’ section to “This page has been hacked.” Then I disconnected our Instagram and downloaded all of our data from the Page.

Finally, as one last attempt to utilise our audience, I asked them for help. I made a post announcing the page had been hacked and to please join our mailing list so we can alert then when/if we make a new Page. I pinned the post to the top and we shared it to our personal pages to try and get as much reach as quickly as possible. I knew it was a risky move but it was worth it.

Screenshot of Page Admin section of The Last Martyr's Facebook Page showing it's clearly been hacked

Screenshot of The Music article detailing the situation

To our surprise, the response was immense, with a ton of supportive comments, people joining the mailing list almost immediately and the situation even being picked up by The Music.com.au.

Of course, this attention came at a price. An hour later, our fears were realised when we discovered we no longer had admin control of the page. Game Over.

The Burial

The hackers promptly turned our Page into a shitty history account posting images of statues, relics and archaeological sites with ill-formatted paragraphs of AI text. Perhaps the most triggering was the new profile photo - an AI Indiana Jones-like character grimacing back at us, knowing they’d won. I’ve never wanted to punch a cartoon so much in my life.

Over the course of the coming days, the hackers sort to bury any remanence that the Page ever belonged to a band. All the posts I’d spend hours crafting with just the right text, curated collections of only the best live photos from shows, and graphics designed ourselves that told the story of who were were as artists, sunk lower and lower down the Feed.

It was like watching pirates make themselves at home in your living room, opening your mail, smashing all your favourite things and there was literally nothing we could do about it.

On a happier note, our fans went in to bat for us - hard. They signed up to our mailing list in droves, left hundreds of comments on the hackers’ posts and endlessly reported the Page and its contents. We were so overwhelmed by the support which was honestly, quite unexpected. Many of the comments were hilariously cleaver and definitely made the circumstances easier to swallow.

What shouldn’t have been surprising was that amongst the volume of comments and DMs, were a large number of artists sharing that the same thing happened to them. Of course it has; we aren’t special. Pages get hacked every day. There are a lot more important issues happening in the world as well. But it doesn’t make the situation any less disheartening.

Down The Rabbit Hole

Three days after we lost control of the Page, I noticed that some of our posts were starting to be shared to other Pages. The majority of our post were being shared to a Page called Bonito Family and all their posts were of a similar kind relating to ancient civilisations and artefacts. As I scrolled through the feed of Bonito Family I noticed that’s our old page was not the only one that they were sharing from. Swamptown Throwdown, a roots festival based in Georgia USA, had also been hacked. The festival had been running for years and this year event occurred only a month ago, not another Music industry business being impacted. I thought.

I’ve reached out to the festival and will be chatting to them about their experiences soon, but it’s insane how far the rabbit hole goes. Many posts on Bonito Family have thousands of likes, probably from other fake accounts who have stolen Pages as well.

It’s clear those behind this are not insentient bots that use algorithms to hack accounts. They are calculated, intelligent and organised and they have the process down to a tee.

What’s Next?

It’s now been a week since all of this came to a head and what’s ironic is that myself and my bandmates actually became ‘Top Fans’ of our own former Facebook Page due to all the comments we were leaving. But it seems that no amount of tagging Meta or reporting in droves by ourself and our fans has made a dent in the situation. Instead, today all but one of us, and many of our friends and followers have found ourselves now blocked from the page with comments switched off. Facebook’s answer to all our reports we have got a response from is that nothing is wrong.

A glimmer of hope lies in Facebook referring me on to the Oversight Board; an independent body tasked with making judgements on what should and shouldn’t be on Facebook. I submitted a review to them on Saturday and if my case is selected, I’ll hear back in a few weeks. We’ve also had generous offers from people who have direct connections to Facebook to bring up our case with their rep should the situation arise as well as information about the Small Business and Family Enterprise Ombudsman who can potentially assist.

For now, we have created a new Page. You can find it but we aren’t promoting it yet until we’ve done security scans on our computers, crossed every ‘T’ and dotted every ‘i’ before launching - there’s no way I want this to happen again.

Thank you to our fans, followers and friends who have showed your support this past week, it has been the shining light to all of this. In the meantime, stream our new song and sign up to our mailing list here.