Last week, hackers compromised the Facebook page for Bookmarks, a literary arts organization based in Winston-Salem, N.C., that "fosters a love of reading and writing in the community." Bookmarks' programming includes an annual Festival of Books, an Authors in Schools program, year-round events in its community gathering space and a nonprofit independent bookstore.
Jamie Rogers Southern, operations director at Bookmarks, wrote us to note that the hack and its aftermath have "turned into quite a learning opportunity! We hope that our experience will help others prepare and maybe avoid such stress as us. I thought I'd share in case it might be of interest to other booksellers":
Last week our Facebook page was hacked. Apparently through our assistant manager's personal page who was set as administrator for our page. It took over 24 hours to get back in our control and was very stressful meanwhile. It definitely could have been a lot worse, but here are some things we learned in the process we thought were important precautionary measures others could take.
Make sure anybody with admin access to your page has an updated e-mail address and phone number in Facebook. In our case, the admin that was hacked had an outdated e-mail address and phone number, which made reinstating their account (and proving their ID) much more difficult.
Set up extra security measures on your account: Get alerts about unrecognized logins so you'll be aware if your account is used on another browser or device. Choose 3 to 5 friends (who are not admins of the same page) to assist with the reset process if you get locked out. Use two-factor authentication that requires you log in with a code from your phone as well as a password.
Clearly communicate any account changes with your staff. Make sure that somebody knows if they receive a message that their admin privileges have been revoked that they immediately check with other admins. You don't want employees to ignore this e-mail!
If your page does get hacked:
File a report immediately with Facebook and have every admin on your page do the same. Identify which account has been comprised and be clear on who/what should be reinstated and include any other details that would help Facebook assess and fix the situation. When Facebook reinstated our roles, they unfortunately only reinstated us to positions like "analyst" which didn't allow us to perform the necessary tasks to secure our page. We needed to be reinstated as admin to kick the hacker out!
Spread the word: if possible, post from your personal accounts that the account has been hacked. This will make your followers (who hopefully follow the page) aware in case they see strange links on the page. Get employees to share on their accounts as well.
Check your bank accounts: If the account that was hacked has a stored credit cards for buying ads or fundraisers, notify your credit card company. Because we have fundraisers through Facebook, we also alerted our bank to be on the lookout for suspicious activity.
When everything is resolved:
Let your followers know that your account was hacked (in case they saw questionable activity) and thank them for their patience.
Assess the damage and clean up your page. Check contact information and other profile information, pictures, posts, and messages and delete all content related to the hack. Review your page followers and people who have liked your page to ensure people who hacked your page are not still associated with your account. We looked through activity for the past 24 hours and discovered several "questionable" profiles who had started following us in that time frame and then banned them from our page.
We were alerted to the problem when all the admins for the page received an e-mail from Facebook stating that their admin privileges to the page had been revoked. After determining which account had been comprised and filing reports with Facebook, we received word that the accounts had been reinstated about 12 hours later. Facebook didn't properly reinstate the account privileges, which took additional communication; however, the problem was resolved in about 24 hours.