The Decibel - The black market for getting hacked Meta accounts back
Episode Date: June 13, 2025Having social media accounts hacked is stressful. Usually, companies have formal channels for users to regain access. But for Meta platforms like Facebook and Instagram, some users say the social medi...a giant isn’t responding.Now, a new kind of broker has sprung up, helping people locked out of their accounts connect with a Meta employee or contractor who can expedite their request … for the right price. In 2022, Meta fired or disciplined employees or contractors who had allegedly abused the internal account recovery system for bribes. Kathryn Blaze Baum, an investigative reporter at The Globe and Mail, and Alexandra Posadzki, The Globe’s cybercrimes reporter, found that three years later, this is still happening.Today, Kathryn is on the show to talk about how this back-door process works, how Meta is cracking down on it, and where this leaves users who have had their accounts compromised.Questions? Comments? Ideas? Email us at thedecibel@globeandmail.com
Transcript
Discussion (0)
Bobby Monks is a Toronto woman who runs her own dog walking business, which she advertises
through the Instagram account at Bobby walks dogs.
That's Catherine Blaisbaum, an investigative reporter with the Globe.
So she was in her kitchen cooking dinner one night, chickens on the stove, her dogs are
barking, her son walks through the door.
It's your typical weekday evening domestic chaos.
And that's when she gets a WhatsApp message from a friend that she'd been messaging with
earlier in the day.
So it sort of seemed entirely plausible that this friend would be messaging her.
And the conversation picked up where they had left off.
But then she received a link that was supposedly going to help her friend activate his Instagram
account.
Instead, her own Instagram account got hacked.
Distracted, she had clicked
on a phishing link. And this all happened, she said, in a matter of seconds.
Having your account hacked is always a hassle. Usually, you have to reach out to the company
to try and regain access. But if you've tried getting back into a Facebook or Instagram
account, platforms owned by the company Meta.
Chances are, you may have run into a lot of difficulty.
Those who have been locked out of their accounts often report not being able to regain access
through Meta's regular customer support.
But there is another way in, if you're willing to pay the right price.
Catherine looked into this, along with The Globe's cybercrime reporter, Alexandra Pizadsky.
Today, Catherine's here to talk about how this backdoor process works, how Meta is cracking
down on it, and where this all leaves users who've had their accounts compromised.
I'm Maynika Ramen-Welms and this is The Decibel from the Globe and Mail.
Catherine, thanks so much for being here. Thanks for having me. So we just heard
about Bobby Monks in the intro. How important was Instagram for Bobby? So in
speaking with Bobby, I could tell it was important just as it is to most people
who have social media.
For her, it was the personal reasons, you know, her own content.
But also, it was important to her from a business perspective.
While she didn't have a huge following, she was growing her online engagement and didn't
want to lose several years of content.
Okay.
And so we just heard that, of course, she did get hacked, her Instagram account
got hacked. And so what are these hackers actually doing with these accounts once they
get control?
So, in some cases, they are holding the accounts for ransom. They're asking for several hundred
dollars. If you don't send me the money, I'm going to disable your account forever, or
I'm going to sell it on the dark web. And then all of your, you know, personal details
is going to be out there for somebody else.
In the case of Bobby, she wasn't asked
to pay any sort of ransom.
And instead, the hacker seemed happy to just use her access
to her followers in order to reach
their next potential victims.
They were impersonating her and then messaging her followers
to see if they could get another hack.
In general, Catherine, when people have their account hacked, what are they supposed to do? What is the process that you're supposed to follow with Meta?
So in general and in principle, you're supposed to fill out online submissions requesting assistance and as part of that sort of
assistance request, you may be asked to submit official IDs or selfies or video selfies to verify your identity.
And then you wait.
And based on my conversations with people,
you wait and you wait and you wait.
And you might not hear anything at all.
People who pay for MetaVerified,
these people pay somewhere between, say,
15 US dollars to 120 US dollars per month.
Wow.
They're supposed to have access to MetaAgents through email or chat so that they can flag somewhere between, say, $15 US to $120 US per month. Wow.
They're supposed to have access to meta-agents through email or chat so that they can flag
their concern that way.
I did speak with someone who tried to sort of go through the meta-verified process and
she didn't find it particularly useful in that instance either.
Okay.
So there is a process that you're supposed to follow.
I imagine, did Bobbi try these things?
Where did she end up?
Oh, she tried and she tried and she tried.
In her words, she said she sent dozens of online submission requests and emails.
I'm not sure to whom.
She heard absolutely nothing.
In her words, she was met with a brick wall.
It was radio silence.
She found it super stressful and was getting increasingly frustrated.
And the word she used when I asked how Metta had handled stressful and was getting increasingly frustrated. And the word
she used when I asked how Metta had handled her requests was useless. Wow. Yeah, I imagine that's
really stressful and kind of worrying for people, right? Because this is your account, this is your
information, and now you have no control over it. Absolutely. You've lost access to it and you don't
have any visibility into whether anyone is paying attention. Okay, so Bobby seems to hit a brick wall here
when this happens.
What did she do next?
So she's out and about, she's walking the dogs
for her dog walking business,
and she's chatting with people in the neighborhood
and word gets around and everyone's talking to her
about her.
A camp got hacked and she realizes that everybody
either had been hacked themselves
or knew someone who had been hacked
or knew someone who knew someone and
The through line in all of these stories was that nobody had been able to get help. Wow
So then someone suggested a different route. They said talk to a guy named Moe. He'll take care of it for you, huh?
Moe so she reached serious guy
Exactly. So she reached out to this mysterious Moe who told her he had a contact
inside Metta who was willing to take money under the table to expedite her account recovery.
So to be clear, this Moe did not work at Metta, but it seemed he knew someone who did. And
within about 12 hours, she got her account back. It cost her $1,170.68, and that's according to an invoice that I saw, which described the service as hacked IG and FB recovery.
Okay, so interesting. So she tries to go through this normal process with Meta, not getting anywhere.
She contacts this mysterious Moe, and within 12 hours and more than $1,100 later, she's got her account back.
Correct.
Okay, what do we know about what happened here, Catherine?
What was going on behind the scenes?
That was the question I had, too.
And so, for the sake of explaining this process or this arrangement, and for the sake of our
readers, I've dubbed people like Moe brokers.
So brokers are people who have connections inside Meta, who have access to an internal account recovery mechanism
known as OOPS for online operations.
So OOPS is meant for employees or contractors
to seek assistance with their own accounts
or those of their family and friends.
This is-
That is an ironic name, I just had to say.
It certainly is.
And instead of using it solely for themselves
or for their family or friends, some of these
meta-employees or contractors are abusing the mechanism for under-the-table profit.
So brokers find users who need help and ask them for the relevant account information,
and then they pass that information to their meta-contact, who will then file an internal
ticket.
So this meta-contact isn't themselves recovering the account, but they're submitting an internal ticket. So this MetaContact isn't themselves recovering the account,
but they're submitting an internal request,
which then expedites the process.
So they charge the user a fee.
Our reporting showed that that fee was typically
somewhere in the order of a thousand to $2,000,
but in one case as much as 6,000 and even more.
And they divvy up the fee,
which is sent through international money transfer
or cryptocurrency
exchange.
And we also learned that these brokers and meta insiders take steps to avoid detection.
So if you want, I can tell you about a text that I reviewed that was sent from a broker
to one of the meta users.
Yeah, please.
Yeah.
So this meta user says in this text message that his network had recovered dozens of accounts
in a single week and they needed to slow down to avoid drawing the company's attention.
So here's a quote from the text.
After getting 60 plus assets back last week, we saw some flags in the security code in
the internal resources we use and have paused submissions for the last two days on all new
cases.
Okay, so essentially there's a broker outside Meta, then there's someone inside Meta, and
they seem to be using this process that is supposed to be used for family and
friends.
So basically just pushing these tickets kind of up the top of the line then so they actually
get seen.
That's correct.
And Metta is explicit that this kind of internal appeal recourse is not meant for people that
the employees and contractors don't know.
Okay, but it sounds like, I mean, from what you're saying there,
they're quite busy because there's high demand for this.
That's correct.
How common is this? I mean, it sounds like it maybe happens
more than we would like to hear it happens.
So we don't know how often people get their accounts hacked,
and we don't know how often they are seeking out the services
of these brokers who collude with insiders. On the hacking side of things, we don't have a good figure because most people
don't tend to report a hacking to law enforcement, so any official figure
significantly understates the problem. So I asked Meta how many accounts are
hacked or disabled for purported community standards violations each year,
but they didn't provide that figure.
I think we can say with confidence, though, that it's a big problem.
Mo, for instance, told Bobby he was getting requests for help every day.
And it's clear from interviews, online forums and court records
that people are getting hacked or having their accounts otherwise disabled.
And they're not getting help from Metta in a prompt fashion.
So what did you find out through your reporting?
Like other people who are in this similar situation,
what kind of action have they been taking?
So people go public with their frustration.
Maybe they air their grievances online to the media
or to community chat groups or on Reddit.
But they've also shown up at Metta offices crying
and begging for help.
And they've also taken their grievances to court.
So I found court cases involving many people who had complaints with Metta, including a yoga
business owner who literally used the word beg in an email to Metta that she submitted as evidence.
It says, I beg you to activate our account as soon as possible. And in another email,
she said, it's like a long torture. And then early last year, there was a youth leader
in the Seventh-day Adventist Church
who sued Metta in New York State Court
after her Facebook account was disabled.
And she sent the company a handwritten note by fax,
which I saw as part of the court filing.
And it said, please be advised that I have tried every appeal
to reinstate my FB account.
I am hoping you can direct this to a human being." And it left her phone number. Also tellingly, we found a letter that was
written by attorneys general across the United States to Metta because they had
become so frustrated by the dramatic spike in complaints that they were
demanding that the company do more. In the state of New York alone, the letter
said, the Attorney General Office received 783 complaints in 2023, and that was a tenfold increase from 2019.
Wow. Okay. A lot of people are getting caught up in this then. And it sounds like, of course,
people have their personal accounts, but also business owners, as you mentioned, their livelihood,
I imagine, would be affected by not having access to your account.
Absolutely. They lose access to their customer base. They lose an avenue for sales. They've
relied on these accounts for engagement and customer growth. It's a big problem for small
businesses especially. I got the sense.
Yeah. So you just mentioned this situation with the attorneys general across the US,
like getting so frustrated because there's so many situations where that people are losing
access to their account.
I guess the big question, Catherine,
is like, why is this happening?
Why doesn't Meta have sufficient customer service capacity,
I would imagine, to handle these kind of requests
to have people's accounts reinstated?
So that is the big question.
I spoke with several industry and policy experts
who surmise that Meta just doesn't see this as a priority
worthy of its resources.
You know, their feeling is that it comes down to money and to market dominance.
Meta doesn't prioritize addressing these requests in their view because the company just plain
doesn't have to.
It's the largest social media company in the world.
You know, that being said, Brandon Garrett, who is a senior assistant attorney general
in New Hampshire's
Consumer Protection and Antitrust Bureau, he said it's a mystery in his words why the
company wouldn't do a better job trying to maintain people's access to its own platforms.
His state was among the offices that signed the letter to Metta last year, which said
tellingly, quote, we refuse to operate as the customer service representatives
of your company.
Proper investment in response and mitigation is mandatory.
We'll be right back.
So, Catherine, you just said that Metta is the largest social media company in the world.
Of course, you know, lots of people are using their services, whether it be Instagram, Facebook,
WhatsApp.
This must affect a lot of people because of the scale of meta.
How big is it exactly?
It's enormous.
It is the world's largest social media company.
It has a market cap of 1.75 trillion US dollars.
It had 3.43 billion daily active users across its platform during the first quarter of this
year on average, up from 3.35 billion the previous quarter.
Its quarterly revenue was $42.3 billion US.
Although the company offers paid subscription options in addition to providing free access
to its platforms, it primarily makes money through ad sales.
In the first quarter of this year, advertising accounted for nearly 98% of the company's revenues. And Meta had a global workforce of over 74,000 employees
as of the end of last year with offices in more than 90 cities around the world.
Okay, massive company, got a lot of people working for it too. How does the company respond
to all of this, Catherine? Like the situation of brokers and employees working out these
deals on their own,
how have they responded?
So in late 2022, as was first reported
by the Wall Street Journal, Metta fired or disciplined
employees and security contractors
for allegedly abusing the internal account recovery
mechanism at times for bribes.
Three years later, our reporting has
shown that it's clear the problem persists
and that the underground economy is thriving. And now, our reporting has shown that it's clear the problem persists and that the underground economy is thriving.
And now, our reporting also shows that the company is deploying a new legal strategy
and is taking its fight against the broker insider arrangement to court.
Hmm.
Okay, so it seems like they're coming after these individuals who are kind of going this
backdoor route to help users.
Do we know specifically, I'm wondering about this broker Moe who helped out Bobby, do we
know what happened to him? So Moe is Mohammed Ismail, and he's a Toronto area man
listed in corporate documents as the director
of digital marketing agency Smart Communications Canada, Inc.
And so I should say here that he declined to speak
with me for this story.
And as it turns out, Metta sued Mr. Ismail
in the Ontario Superior Court of Justice in 2023 for selling unauthorized
account reinstatement services.
He was accused of causing agents to, quote, misuse the internal Metta appeal channel by
having them submit, quote, deceptive and misleading requests for reinstatements for paying customers.
And it was clear from the court filings that Metta wasn't just looking to force him to
stop selling account services.
It was also looking to compel him to disclose the identities of his contacts within Metta.
And the case was settled last year.
Okay, so it sounds like they were trying to use him to actually find other people who
were involved in these schemes then too.
Exactly.
They were asking him to basically provide a list of everyone he had worked with.
And there's also another case in Ontario that actually involves a broker
who was pretty young, like still a teenager when he was doing some of this stuff, right?
What do we know about that situation?
RISA GOLUBOFF This case was particularly intriguing for that
reason and for a couple of others.
So in 2019, MetaFIR set its sights on a 16-year-old high school student living with his parents
in the small town of Shelburne, Ontario, which is a rural community south of Georgian Bay.
So he was a 16-year-old high school student.
He's living at home, and he's starting to hear from Metta.
So by the time this young man, Jacob Jones, was 17,
he was receiving cease-and-desist letters
demanding that he stop providing unauthorized Instagram account reinstatement services.
And then the situation escalated.
And in March of 2023, Meta filed a lawsuit against Mr. Jones
in the Ontario Superior Court of Justice.
And Meta thinks he made hundreds of thousands of dollars,
if not more.
Wow.
And the case was interesting for all kinds of reasons,
including because it gave a window, through an affidavit,
into the sorts of investigations the company undertakes
to find people who are violating their terms of use or community standards.
Mr. Jones, for his part, declined to provide comment to The Globe.
I have to wonder though, it really stands out to me that Meta has been so aggressively going after these brokers with lawsuits and all kinds of things here,
instead of actually just solving the initial problem and helping people reinstate their accounts for free in the first place. Do we know why Metta wouldn't just direct its energy towards solving that initial problem?
So, the experts that I've spoken with who spend their time thinking about stuff like
this believe that this is a clear cost issue.
And in the mind of Matt Malone, he's an assistant professor at the University of Ottawa Faculty
of Law and also with the Canadian Internet Policy and Public Interest Clinic, he said, it's also a matter of lack
of incentive.
He put it this way, we are at their whims.
They have no reason to do better unless we force them to do better.
So through that mindset, the thinking is they've got billions of users.
If someone doesn't like their customer support, no one is forcing them to be on the platform.
But that's, I imagine, leaving a lot of people in really difficult situations then, as we've
just been hearing in this conversation.
Right.
And it's sort of hard to imagine how a business can function in this world without social
media.
Yeah.
Yeah.
It's really, even for a personal level, right?
It's very essential for almost anyone these days.
Absolutely.
On personal level, professionally, absolutely.
What has Metta said about all of this, Catherine?
So we put somewhere in the order of 30 specific and itemized questions to the company over
the course of about two months.
Our questions were not individually answered.
For example, the company didn't answer the Globe's questions about the number of personnel
worldwide that it is determined to be implicated in the broker-inside arrangement or about
the estimated size of the underground economy.
What the company did say is that the use and provision of unsanctioned account services
goes against its policies and that people who offer such services in partnership with
meta personnel are deploying deceptive practices and exploiting users.
In a statement, their spokesperson, Julia Pereira, said, account recovery services are
against our policies.
They pose a risk to our users and are
designed to circumvent enforcement
of our terms of service and community standards.
We work to improve security and consider
all enforcement and legal options to protect
people on our platforms.
I mean, like we mentioned before,
it can be a pretty stressful and scary situation for someone
to lose access to their accounts like this.
Is there anything people can do to protect themselves and stop this from happening?
Yeah. So in addition to having, you know, good passwords and not sharing them widely,
there's two factor authentication. And I'm often struck by how many people don't know
about it or do know about it and don't realize that it's not turned on on their very precious
social media accounts and other accounts.
So we spoke with 11 Instagram users who all got hacked
or had their accounts disabled for a number of reasons,
and none of them had two factor authentication on.
So that's effectively when you enable that function.
If somebody is trying to sign into your account,
you will get a notification.
And in order to proceed with the sign in,
you have to enter a one-time code that only you can see,
because it's been texted to you or emailed to you.
OK.
OK, so that's something that people can do, at least.
An additional layer of protection, then.
Let's just say everybody that I spoke with now
has two-factor authentication.
Before we wrap up, Catherine, I just
want to go back to Bobby, who we talked about off
the top.
She initially got locked out of her account in 2022.
She managed to pay someone to get it reinstated.
Has she had any issues with her account since then?
Bobby has managed to maintain control over her account, which she's very happy about,
largely in thanks to her paranoia after what happened a couple of years ago.
But something weird happened this past May, just last month. She received an alarming direct message on Instagram.
And it said, hello, at BobbyWalksDogs.
We have received reports that you have violated
our account rules.
Please fill out the appeal form to review
and appeal the reports.
So she looks at the name on the account
and sees that it says Meta.
So at first glance, it looks legit.
But then the handle is Meta Design Business
HIH. It just didn't seem right. And then she scrolled up and she saw that there was a chat
history of messages that she'd exchanged with a friend about visiting a farmer's market.
So pretty quickly, she connected the dots and realized that the friend had been hacked
and now the hacker was fishing for their next victim. She wasn't going to make the same
mistake again. So knowing that Ms. Monks had been in touch
with the Globe for this story,
the friend asked to be connected with me.
I guess she wanted answers and thought,
I might be able to give some advice.
So I get a text message a couple of weeks ago,
and it says, quote,
none of the remedies on the Instagram
slash meta support site work or accomplish anything.
I don't know if you're still investigating
or have any possible suggestions
on how to recover the account, but I thought I would reach out.
The cycle continues. Full circle. Katherine thank you so much for your
reporting and for being here today. Thanks for having me. That was Katherine
Blaisbaum, an investigative reporter for The Globe. That's it for today. I'm
Maynika Ramon-Wilms.
Our producers are Madeline White,
Michal Stein, and Allie Graham.
David Crosby edits the show.
Adrian Chung is our senior producer,
and Matt Frainer is our managing editor.
Thanks so much for listening,
and I'll talk to you next week.