A growing number of Facebook users are reporting an issue in which their Facebook accounts are being disabled because of violations attributed to linked Instagram accounts that the Facebook users themselves do not own.

The issue, which was first reported weeks ago on the subreddit r/facebookdisableme and reported by ReviewGeek May 16, starts with the affected user receiving a message from Facebook saying that they cannot use Facebook or Messenger because of a linked Instagram that violated Instagram’s community guidelines. In all cases, the Instagram account consists of a jumble of random letters and numbers typical of spam accounts.

Where the case becomes strange is that hackers have found a way to link Instagram accounts to unrelated Facebook profiles before they violate community guidelines. This not only results in the newly linked Instagram accounts getting disabled but also the Facebook profiles of unrelated users, as they’re seen as being guilty by association.

Exactly how this happens is not clear. An analysis by SiliconANGLE can find no evidence of hacking, although this cannot be categorically ruled out. There is no sign of account compromise and best practices were used with passwords. The Facebook account was never compromised, the only evidence being that the spam Instagram account had become linked to the user’s Meta account, hence the eventual ban.

The other possibility is a security vulnerability involving an application programming interface or something similar that hackers are exploiting to link Instagram accounts to legitimate Facebook accounts.

“This attack, and the vulnerabilities it exploits, highlight the difficulty and risks that come with platform integration,” Casey Ellis, founder and chief technology officer at crowdsourced cybersecurity company Bugcrowd Inc., told SiliconANGLE. “While this kind of attack might not be possible on either Facebook or Instagram alone, if you put them together, it becomes possible. Hopefully, Meta comes out with mitigations and cleanup steps soon.”

Human cost

Imagine logging onto a decade-old Facebook account, one used to keep in touch with family and friends or even run businesses and groups, only to be presented with a message saying you have lost your account for something you didn’t do. That’s the reality facing thousands and possibly many more Facebook users as the same thing continues to occur without any recourse or comment from Facebook or its parent company Meta Platforms Inc.

SiliconANGLE reached out to affected users to ask for their stories and they have a similar pattern — longstanding accounts with few or no problems with Facebook until this occurs. One user said that their account of 16 years and the only admin for three business pages had been disabled without warning because of the issue.

Another user had a 15-year-old account with a 13-year-old business page that has more than 100,000 followers disabled. “My business page was the main way I communicated to my audience and was huge leverage for gaining licensing contracts due to my following,” Reddit user DragonLadyArt explained. “The impact to my business is massive and I’m still reeling.”

Many of the users affected had Facebook accounts of long and good standing, including legitimate business owners that would have no reason to put their accounts at risk by setting up a random spam Instagram account. It also defies logic that if a person were going to set up a spam Instagram account for community guidelines breaching purposes, they would link it to their main Facebook accounts where they run their businesses.

No contact

This should be a problem that could easily be solved by Facebook and Meta having a way to contact customer support to explain the situation, but the opposite is the case: It’s nearly impossible to contact anyone who will even look at the issue.

Appealing these bans is a Herculean task, as users are directed to Instagram to resolve the issue. However, since the offending Instagram accounts aren’t owned by the affected Facebook users, they’re left in a Catch-22 situation with no clear resolution in sight.

This isn’t the first time Facebook or Meta has faced criticism for its opaque communication channels. Getting a response from the social media giant has always been challenging, but this situation highlights how dire the consequences can be when users can’t reach out to the company for support.

“Facebook is already notorious for being hard to contact and even harder to work with when an account is compromised,” explained Mike Parkin, senior technical engineer at cyber risk management company Vulcan Cyber Ltd. “To be fair, their user base is enormous and their support staff is only so large. Still, their linking several of their products together has been a mixed blessing at best.”

Although Parkin said it would be good if the company were more responsive, harder to compromise and provided better customer service, it’s unlikely this will get better any time soon. “Meta may implement some changes that will make it harder for a malicious actor to link accounts between applications, but we shouldn’t expect any sort of mass change,” he said. “The only people who could expect to see service quickly are ‘influencers’ of one form or another who have large followings, and Meta recognizes are earning them money.”

Legal recourse

With users unable to contact Facebook to appeal their account suspensions, various users of Reddit’s r/facebookdisableme recommend that others lodge complaints with various states’ attorneys general, particularly the California attorney general since Meta is headquartered there. Some have reported success in having their accounts restored within a week of contacting the California AG’s office. Users outside the U.S. could also lodge complaints with relevant government bodies in their countries.

The arbitrary unfair suspension of accounts raises concerns in other legal matters, such as its impact on minority and vulnerable groups in relation to federal discrimination law. The case could also raise questions over involuntary censorship — with Facebook censoring users who have not violated any guidelines and its impact on public discourse and freedom of expression — which could also be grounds for an appeal to Meta’s Oversight Board.

SiliconANGLE has reached out to Meta several times over the last week and has yet to receive an answer to questions about the situation and what users should do. Should Meta respond, this post will be updated.

Images: Pixabay, Duncan Riley