Maidenhead business issues warning after hackers seize its Facebook account
05:10PM, Wednesday 10 July 2024
0
SP Workwear director Steven Palmer
A Maidenhead clothing company has warned businesses to be watchful on social media after its Facebook account was seized by hackers.
SP Workwear, based in Smithfield Road near Cox Green, had its account hijacked in May with hackers racking up a near £2000 bill through a company card.
Staff then endured a months-long interaction with Meta, Facebook’s parent company, as they tried to regain access.
“It was a pretty stressful time,” said company director Steven Palmer, 38.
“We’ve got lots of customers on Facebook that we reach out to regularly, but we had no way of telling them we’d been hacked - and no way of knowing whether they’d tried to contact us either.”
Discussing how the hack had unfolded, Steven described how one night he received a notification that a new administrator had been added to the account.
The next day he found a ‘super user’ – the hackers - had gained access to the account and removed anyone else with access.
Once hackers had control, they used a card connected to the account to go on a £700-a-day spending spree.
Steven was able to cancel the card but, after Barclays issued him a new one, the Facebook account also updated with its revised details – allowing the spending to continue.
The money lost during the hack has been returned to SP Workwear by Barclays.
Then began a two-month grapple with Meta, as SP Workwear staff tried to regain access.
“They were absolutely ridiculous,” Steven said. “They just don’t care.”
Steven founded SP Workwear at the age of 28 and has grown it to employ more than a dozen people
And although the company has now had its Facebook account restored, Steven said he still doesn’t know how the hackers gained access.
“We still don’t know how the breach happened,” he said.
“Nothing’s wrong with my profile or with what anyone here did, maybe the ad agency we worked with had a breach we just don’t know, it’s all very strange.”
He added: “You just don’t know - it’s worrying when you have to give other people access to the account.”
Steven is warning other businesses using social media to be mindful of the threat.
He said: “Be vigilant about all of your social media, make sure you regularly update your passwords, and check who’s got access to the account.
“It’s hard for us to say exactly what to do because we don’t know where it went wrong – we might have done nothing wrong it could have been something else.”
A spokesperson from Meta said: “Fraudulent activity is not allowed on our platforms and we are continually investing in new technologies to tackle this industry-wide issue.
“We take the safety and security of our community seriously and encourage everyone to create a strong password, enable two factor authentication and to be suspicious of emails or messages asking for personal details.”
