Firms say Meta not helping them to recover hacked s

When wedding dress designer Catherine Deane saw her company's Instagram get hacked, she says it was "devastating".

"It felt like the rug had been pulled from under us. Instagram is our primary social platform, and we've invested the most amount of time and business resources into it.

"To keep the current we post content every day. Suddenly all this work… it was just pulled."

Ms Deane's UK-based business, which is named after her, sells wedding dresses online, with her biggest market being the US.

On Instagram it now has 59,000 followers, but a few years ago the firm lost control of the after a member of its social media team received a message suggesting that the business had been selected to get blue-badge verification from Instagram, which is owned by Facebook's Meta.

This was the stamp of authenticity that Ms Deane had long sought. "We were obviously very excited about that," she says.

So her employee opened a link to what turned out to be a fake Instagram verification form that requested log-in credentials. She filled it in, divulging the name and , and shortly afterwards the was taken over by hackers.

What added to Ms Deane's anguish was that she says she had to fight with Meta to get her back, which took four months.

Initially she filled out the dispute form and sent it off, but heard nothing. Multiple emails followed but no action was taken.

"It's so incredibly frustrating when you're dealing with your being hacked and there is no-one to talk to," she says. "It's almost traumatising because there is no-one who understands and can help escalate it."

Eventually an email came from Meta, telling her that the case was closed, even though she was still unable to access her page.

In the end the matter was finally resolved for Ms Deane because someone in the firm had a at Facebook, and the team emailed that person daily for the four months.

"Finally, I think they just needed to get us off their backs and they reinstated the ," says Ms Deane.

According to Jonas Borchgrevink, boss of US-based cyber security firm Hacked.com, Ms Deane is far from a unique case among people with business s on Instagram and Facebook.

"I would say that it is a massive problem," says Mr Borchgrevink. "There are probably thousands every day that are losing their business pages."

His company helps firms recover their Instagram and Facebook s, and he gets "10 to 15 clients per week". "But those are just the ones that know and are able to pay the price, because these cases can take up to six months to sort."

The BBC asked Meta to provide some numbers that would reveal the extent of the problem, and how it was tackling it, but it declined.

However, it said in a statement, that "we take the safety and security of our community seriously and encourage everyone to create a strong , enable two factor authentication and to be suspicious of emails or messages asking for personal details.

"We also have a feature called Security Check-up to help people keep their Instagram and Facebook s secure."

Hackers want to take over business social media s for a number of reasons. These including using the pages to sell fake products or place scam adverts, harvesting personal information, spreading malware, tricking people into sending money, or blackmailing the company in question to unblock the .

The final thing in that list happened last year to David Davila, who is part of the marketing team at Quantum Windows & Doors, a small, family-run business based in Washington state in the US.

He got locked out of the firm's social Facebook when he responded to what turned out to be a fake message purporting to be from Meta.

Because his phone number was linked to the , that also fell into the hands of the scammers and, soon after the lock-out, he got a WhatsApp message demanding $1,200 (£900) to unlock the .

Unable to find a helpline, he searched on Google, but the number he rang put him through to more scammers. That link has since been removed by Google.

Thankfully, Mr Davila was able to get the Facebook unlocked a few days later.

Mr Borchgrevink believes that Meta is overwhelmed by the scale of the problem.

"It has implemented different security measures over the years and yet we still receive the same amount of clients, so I don't think there's been a lot of change there," he says.

In fact, with scammers now utilising AI to make their messages seem even more believable, Mr Borchgrevink thinks the situation could get a lot worse.

He tells the BBC that scammers are behind many of these lock-outs and one of their preferred methods of fooling people is to masquerade as customer agents.

"They pretend to be Meta and send the business an email saying that they have infringed some kind of copyright or broken and conditions in some way, and that they need to themselves.

"The messages have the Facebook logo and are very believable. But when you start to your business page, they ask for the and redirect you to a fake Meta site to steal log-ins."

He said that the fraudsters often target a personal Facebook page first, because all business s need to be linked to one.

"Your personal will also have rights to your business . The scammers go into your business and transfer the rights to their own or to fake profiles.

"Then they go back to your personal and disable it by posting inappropriate content like terror-related or pornography-related. That disables your and makes it really hard to recover either that or your business ."

The BBC has also learned of businesses losing access to their Facebook and Instagram s despite them not being hacked.

One small business which is part of franchise, told the BBC that they lost access to their when another franchisee gained a blue-tick verification. As a result of that their was flagged as a clone.

Meanwhile, others, such as digital marketer Chetha Senadeera, say that Meta has wrongly closed business s.

Last autumn he realised that a Facebook page he managed for a mobile bank had gone missing. "It had just disappeared," he says.

"There was no notification to me or any of the team . It was just gone. It was like it had been kidnapped, almost."

The page was a crucial gateway to customers across Europe for Lithuania bank MyTU.

Mr Senadeera says that the customer agents he spoke to at Meta, Facebook's owner, were baffled. He says they told him that they could see the page, but that it had been restricted, and that they couldn't unblock it.

Six months later, and the page remains locked.

Meta tells the BBC that the page had been removed for violating its scams policies, via a link on the page that was flagged by its systems as potentially harmful.

Mr Senadeera disputes that the firm has ever posted any harmful or misleading content. He says that Meta needs to do more, and move more quickly, to help firms get their Facebook and Instagram pages back, whether they have been a victim of fraud or not.