If you have a business, a non-profit organization, a rock band, a chess club, or pretty much any kind of entity these days, you probably need a Facebook fan page. Fan pages can become vital cornerstones of a brand’s web presence, and with user-friendly marketing options, it is often a great launchpad for your first advertising campaign. In fact, 57% of social media budgets are invested in Facebook, and it is not unheard of for companies to spend millions of dollars on Facebook promotions.
Another fact is that, even if you have a large, organic following on Facebook, these days you are practically required to fork over at least a small amount of cold hard cash each month to reach all of your fans. Anyone who has managed to cobble together an active, thriving fan page knows that a successful fan page equals a major investment of time, money, and creativity.
That’s why it is unbelievably shameful how easy it is for a Facebook fan page to be highjacked by malicious hackers.
Like most fan page managers, I’ve spent several years learning about and experimenting with post strategies, ad formulas, engagement techniques, and all the other minutiae of social media development… but I’ve hardly ever put much thought into security for my fan page. This is partly because I have a lot of faith in Facebook’s security and account recovery features. Facebook invests a lot of money and thought into making it easy to recover a hacked Facebook account. Several of my friends have suffered attacks to their personal Facebook page, and nearly all of them reported happy endings with their privacy and pages restored without too much fuss or long-term damage.
But when it comes to Facebook fan pages, I can tell you from my own horrific experience: security is practically non-existent.
Facebook’s official stance on fan page security is that fan pages are impossible to hack, and so they offer absolutely no support for Facebook pages that have been hacked. Here is their official statement in reference to losing access to your fan page:
“This is most likely because one of the other admins removed you as an admin. The best thing you can do is reach out to the other admins and ask them to add you back.” – Facebook
Well, good luck “reaching out” to a malicious hacker or spiteful troll if they take over your fan page. Especially since there is absolutely no way at all to find out who has admin status of a fan page.
A few weeks ago, I lived through this nightmare myself when I lost admin privileges for a page I created, and I was shocked to discover that for the average Joe, there is no way at all to recover a fan page, no matter how much money you’ve dumped into advertising for it. There are hundreds of dead threads asking for help in the support community that go unanswered. Searching the help pages will lead you on an endless loop of frustrating madness, and contacting them directly will only yield form emails that no human has ever had anything to do with whatsoever.
There are even several Facebook fan pages with thousands of fans dedicated to this problem. A few people in those circles say that contacting the advertising department’s customer support might possibly yield results, but they never replied in any way whatsoever to this blogger’s wails of sorrow.
I was very fortunate because in my situation, I was able to find the person with admin status and they restored my account for me, but this was only through sheer dumb luck. If the person who had admin status were a troll, a hacker, or a spambot, I would have been SOL, up the creek, and other colorful expressions for “screwed.”
Other people have lost thousands and thousands of dollars of advertising investment or countless hours of work because of this flaw, which Facebook describes as a “feature.”
The only way to protect your fan page is by protecting your admin privileges by following these three simple rules:
- Protect your personal account! If someone hacks your personal Facebook profile, they have access to all of your fan pages. Use an extremely secure password and do not give it to anyone under any circumstances.
- Protect your admin privileges! I only ever allow one admin per page, simply because more admins means more opportunites for hackers to hack profile pages. Even if you trust a fellow collaborator implicitly, you can never be positive that their accounts won’t be hacked! It’s better to give collaborators “content creator” privileges just to stay on the safe side.
- Be vigilant against phishing! Phishers use creative and manipulative social tactics to collect passwords and other information. Be careful with your data and always remember that one little mistake can cause irrevocable damage.
Best of luck and if you have any other tips or horror stories, please share them in the comments to help your fellow fan page admins!