Attorney General Bonta Urges Immediate Action by Meta to Prevent Account Takeovers

OAKLAND — California Attorney General Rob Bonta, as part of a bipartisan coalition of 40 attorneys general, today sent a letter to Meta expressing deep concern regarding the increase in account takeovers and lockouts on Facebook and Instagram and the inadequacy of the company’s response to prevent and address consumer harm from these takeovers. In response to a dramatic uptick of consumer complaints, the letter asks Meta to take immediate action to increase mitigation tactics and respond to users whose accounts have been taken over.

“Facebook and Instagram users spend years building their personal and professional lives on these platforms. The accounts are used to connect with friends and family, and to run businesses,” said Attorney General Bonta. “Having an account taken over by a bad actor can be a traumatizing, expensive, and time-consuming event for users. Today, I urge Meta to improve its prevention efforts and response to protect consumers against account takeovers and lockouts. What we are seeing today is inadequate: The company can and must do better to protect its users and our constituents.”

In an account takeover, threat actors compromise user accounts and change passwords so that the rightful owner cannot access the account. Once threat actors gain access to a user’s account, they may be able to usurp personal information, read private messages, scam contacts, post publicly, and take other nefarious actions. Account takeovers also pose a significant risk of financial harm for users who have credit cards or other financial information tied to their accounts.

In the letter, the attorneys general express alarm at the frequency and persistence of account takeovers in recent years. The letter requests Meta properly increase its investment in response and mitigation tactics for account lockouts and takeovers. In November 2022, Meta announced a massive layoff of around 11,000 employees, whose work reportedly focused on the “security and privacy and integrity sector.” The increase in complaints regarding account lockouts and takeovers also increased around this time. In the letter, the attorneys general also request a formal meeting with Meta to discuss the issue of account takeovers more deeply, and request materials from the company in order to better understand the scope of the problem and current mitigation strategies, including: the number of account takeovers over the past five years; suspected causes of the increase in account takeovers; safeguards currently in place to prevent account takeovers; current policies and procedures related to Meta’s response to account takeovers; and staffing related to safeguarding the platforms against account takeovers.

In submitting todays letter to Meta, Attorney General Bonta joins the attorneys general of Florida, Illinois, New York, Tennessee, Alabama, Alaska, Arizona, Colorado, Connecticut, Delaware, Georgia, Iowa, Kentucky, Louisiana,, Maryland, Massachusetts, Michigan, Minnesota, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, North Carolina, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, South Dakota, Utah, Vermont, Virginia, Washington, West Virginia, Wisconsin, Wyoming, and the District of Columbia.

A copy of the letter can be found here.