The Israel Internet Association (ISOC-IL) warned on Monday that hackers have found a security breach on Facebook to target Israeli business pages.
Hackers are using the platform's content filter mechanism to gain full access to Facebook accounts while locking users out without an option to report the attack.
Recently, the ISOC-IL has been receiving dozens of complaints from Israeli businesses about losing access to their Facebook accounts.
"In the past few months, we have received dozens of reports about hacking incidents", said Jonathan Ben-Horin, an internet security coordinator for the Israel Internet Association.
Hackers have managed to manipulate Meta's content-filtering mechanism, which is programmed to block content such as pedophilia, sexual abuse, or terrorism. The algorithm flags and blocks pages and profiles that promote harmful content on the company's various platforms. Besides removing the content, the system also terminates the accounts of the page owners and users that promoted it.
"Our first and most significant recommendation to all Meta users is to enable two-factor authentication across all accounts, especially if these are business accounts. We also recommend adding another managing account to the business page, so in case the page is hacked, the owner could still have access to it even if one of the accounts has been locked out," Ben-Horin added.
But before hijacking the algorithm, attackers need access to an account of one of the page owners. To that end, hackers use a diversity of tactics, including phishing scams. In more extreme cases, users' information was stolen using malware installed on their computers.
Once hackers obtain access to an account, they flood the page with harmful content that violates Facebook's terms of service. This triggers the platform's content filter to jump into action and ban the page owner's account.
Some add additional administrators to the page, thereby completely cutting off the page owner from access.
Businesses using Facebook's ad system to promote their page also risk getting their credit card information compromised.
In these cases, hackers gain full access to a victim's credit information. The ad system is sometimes also manipulated to promote third-party content using the hacker's advertising service.