Gosh.. Don’t Tell Me Your Facebook Account Got Hacked!

hacker image

Cybercriminals are increasingly targeting small businesses

I’m still surprised every time I hear that a colleague’s Facebook ad account has been hacked through his personal Facebook account, allowing the hackers to happily go off and use the credit card on the ad account to pay for their own advertising.

Many of the marketers who get hacked have neglected to include 2-Factor Authentication on their accounts. 2-Factor Authentication simply means that after a user enters their password they are asked for another item of information before they are logged in. Or a code is sent to the cell phone for them to enter before they are logged in.

Apparently, the current flood of news stories – such as the Ashley Madison Hack, WannaCry, and the Facebook Cambridge Analytics data scandal – was not enough to encourage them to take all security measures. So let me try. You always have to be extra careful with your login credential. But when you are managing other people’s accounts? No professional can afford to be careless.

Let me repeat. Everyone should use 2-factor authentication for their account – but for marketers, it is an OBLIGATION. A compromised account can result in the loss of thousands of dollars or more before the breach is identified. It’s not much fun, chasing after Facebook trying to retrieve that lost money.

This is one of a marketer’s worst nightmares, so if you haven’t already set-up 2-factor authentication, DO IT NOW, before you continue reading. We’ll wait for you here?

In case you aren’t as familiar with this subject as you’d like to be, here’s a general overview.

Why Do I Need 2-Factor Authentication?

Because your password alone is not sufficient to protect your account from hackers. You may be using a weak password or a hacker might steal it from you through a phishing social campaign.

2-factor authentication provides 2 layers of security, making it much harder for a hacker to break into your account – they now need that second piece of information in order to access your account.

In other words – your password is breakable, so back it up with a second level of security.

It Wouldn’t Happen to Me

If you are not a marketer you may be thinking this doesn’t concern you – you’ve never given Facebook your credit card number or any other financial information, so there’s no reason on earth for anyone to be interested in your personal user account. Ha. Wrong. Here are a few:

  • Financial gain: Hackers know that many of us use the same login details for numerous accounts. So they try to hack one account, in order to obtain access to another that does provide them with access to your money.
  • Identity theft: If a hacker gains access to your personal information – name, address, phone number, etc. – he can use it to apply for a credit card or loans.
  • Ransomware attack: Hackers can shut you out of your account and ask for ransom, in exchange for returning your access.
  • To hack into your friends’ accounts. Your friends trust you, so hacking them through your account is a piece of cake.
  • Malware: Through your hacked account, hackers can share malware with all your unsuspecting friends.
  • Dark web: You wouldn’t believe the amount of personal data that gets sold on this market.

Those are just a few examples. If you’re a marketer and your account provides access to any ad account, the hacker can use the credit card on the account to advertise his own website.

OK, I’m convinced. How Do I Apply 2-Factor Authentication?

Below are the most used/popular platforms for marketers, as well as for personal users.

  1. Google – Google’s 2-Step Verification enables you to protect your account with both your password and your phone number. Follow the steps here to apply 2-Step Verification on your Google account.
  2. Facebook – With Facebook’s 2-Factor Authentication, you are asked to enter a special login code or confirm your login attempt each time someone tries accessing Facebook from a computer or mobile device we don’t recognize. Follow the steps here to secure your account.
  3. Instagram – Similar to Facebook’s 2-Factor Authentication. Follow these steps to enable the added security layer to your IG account.
  4. LinkedIn – With LinkedIn 2-Step Verification you will have an additional layer of security with the verification code sent to your mobile device. Follow these steps to activate it.
  5. Dropbox – similar to the other platforms, you’ll have to provide your mobile number (or a compatible mobile authenticator app) in order to turn on the 2-Step Verification. Follow the steps here to protect your DropBox account.
  6. Twitter – With Twitter’s Login Verification, a code will be sent to your mobile device. Follow these steps to activate it.
  7. Paypal – If you haven’t applied the 2-Factor Authentication on your PayPal account you must be out of your mind. Follow the steps here NOW in order to update your security key by registering your mobile device number.
  8. Amazon – Perhaps you love shopping on Amazon, but I doubt that you’d be thrilled to have someone else shop on your personal or business account and ship all those items somewhere else. To turn on 2-Step Verification on your Amazon account, follow these instructions.
  9. Facebook Business Manager (marketers only) – This is required by admins who manage users on Facebook’s properties. Follow these instructions to turn-on the 2-factor authentication and choose whether to apply it for everyone or for admins only.
  10. Google Tag Manager (marketers only)– When you enable 2-step verification on GTM a user attempting to modify user settings as well as creating or modifying JavaScript Macros or Custom HTML tags will be asked to verify his login. Read here how to set it up.
  11. Hubspot (marketers only)– A two-factor authentication on HubSpot will require a verification of the login through a second linked device, such as an SMS message or Google Authenticator. Follow this link to set it up.

What Else Can You Do to Protect Your Account?

The following tips seem pretty obvious, but we all need to be reminded of them.

  • Use strong passwords.
  • Use different passwords for each of your online accounts.
  • Don’t store all your passwords on your computer or other devices.
  • Never click on links you don’t have good reason to trust.
  • Never click on an attachment you were not expecting, even if you know the sender.
  • Never fill out any forms that look fishy. Never fill out any beautiful, official-looking forms that ask for your credit card number, passwords, pin, etc.
  • Be extremely careful and selective when sharing your personal information online.


2-Factor Authentication does not make your account 100% secure. There’s no magic way to make your account completely un-hackable, but 2-Factor Authentication makes it much more difficult to breach.

With a second layer of security, your chances are much better that a hacker will select another, less secure account and leave yours alone. TURN it on now!

Comments are closed.