The CEO of a firebrand marketing agency that spends millions of dollars on Meta advertising for clients is issuing an urgent warning to business owners over a “massive” security threat that puts their pages, businesses and credit cards at serious risk.
On Thursday, March 23, despite the fact that Reyes had “two-step verification” set up on The Silent Partner Marketing business manager, hackers were able to take it over – locking out both Reyes and his staff.
In that business manager were a number of businesses that Reyes owns – along with his public figure page.
Reyes learned about the hack (which didn’t impact any of The Silent Partner Marketing clients) because within minutes of the hack, he started receiving emails that new people had been added to the account – right after they removed his access. It was just the beginning of the nightmare.
They seized his verified public figure page which has over 130,000 followers and reached over 12 million people in the last month and immediately began posting phishing articles on websites hosted at Namecheap, here and here with malware to hack more accounts.
Then they began running ads through Reyes’ business – charging his company credit cards through a security flaw in the Meta platform. Before the remainder of Reyes’ access was removed, it appeared there were at least 10 ads published – each with a daily budget of $8,888. That’s right – hackers seem to be putting nearly $100,000 a day in ads on Reyes’ account and cards.
Within minutes, Reyes and his team had alerted Meta – sure that the platform would move quickly to shut down the hackers. Meta was provided with screenshots and emails showing everything – including the accounts impacted, the names and email addresses associated with the hacker accounts and more.
When nothing had been resolved after 24 hours, Reyes requested an update from Meta – who then scolded him.
“Friendly hint: The more help tickets you request, the more your resolution will be prolonged as the team answers tons of similar cases and this bumps you to the back of the line,” wrote a Meta representative.
Reyes warns there’s clearly a security flaw – as no personal Facebook accounts had been compromised, and the hackers somehow bypassed the two-step security authorization.
“This could happen to any business, clearly – your pages…your ad accounts…even your credit cards can be compromised. And it doesn’t matter that we spend literally millions of dollars on the platform – Facebook doesn’t seem to care,” Reyes said.
To make matters worse – it’s costing OTHER businesses money as a result of how Meta ads work.
“Facebook ads work through a bidding process, much like eBay,” Reyes said. “So the more companies bidding for ads, the more money businesses have to pay for ads. That means when you get huge influxes in advertising dollars through fraud - other companies and small businesses that are running other ads have to spend exponentially more to run their ads.”
Reyes can’t understand how Meta would allow this to continue.
“Don’t tell me Facebook can’t immediately shut this down. The platform launched a ‘break glass’ policy years ago to stop the viral spread of content – like the Hunter Biden laptop story, which was completely factual,” Reyes said. “They can immediately flag and shut down accounts for “misinformation” like memes and articles about China creating and releasing a pandemic. But they can’t stop hackers from seizing verified public figure pages and running hundreds of thousands of dollars in fraudulent ads? Please.”
Reyes isn’t optimistic that Facebook is doing anything to stop the hackers, get him back control of his public figure page, his businesses, his ad accounts or stop the fraud – which he estimates may be close to $250k since the accounts were seized on Thursday.
He hopes other business owners proceed cautiously.
FOR SUPPORTING DOCUMENTS OR INTERVIEWS, CONTACT ann@baldwinmedia.net OR KYLE REYES DIRECTLY AT kyle@thesilentpartnermarketing.com