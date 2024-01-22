The person kidnapped by the group managed by Kekkilä demands money for the return of the group. According to a data security expert, the account hijacker should never be paid.

“I'm making cookies The story of the Garden and yard Facebook group has come to an end. We want to thank all the team members!”

This is stated on the Facebook page of the gardening company Kekkilä. At its peak, a group focused on gardening with more than 140,000 members has been hijacked by an outsider.

How did the hijacker manage to get hold of the group?

The connection between Kekkilä's Facebook page and the garden group was broken due to an error by an employee of the company, the marketing manager responsible for Kekkilä's social media Seela Sorvari tells.

“Facebook automatically starts suggesting the role of administrator to group members if the group does not have an administrator. For some reason, this person took control.”

New the administrator is presumably a private person living abroad who was a member of the group, but did not actively participate in the discussions, says Sorvari.

He has changed the name of the group to Piha ja Tuutarha. The group's icon is a winter garden landscape.

When he was asked to give up the role of administrator, he demanded significant compensation for transferring the account back to Kekkilä's name, says Sorvari. The demand was not agreed to.

According to him, Facebook's community rules prohibit trading groups and administrator rights. Kekkilä and the group members have made several statements about the matter.

“They have not helped. For Facebook, our problem is just one among millions, and there is no chat help specialized in group activities available in Finland.”

“ “There are a lot of people in the group who may not even know that they are members of the group or that the administrator has changed.”

New the administrator has removed the representatives acting in the name of Kekkilä, including Sorvar, from the group. Any kind of criticism towards the new administrator will be removed, as all publications will go through the administrator's review, he says.

“We wanted to share information widely, because there are many people in the group who may not even know that they are members of the group or that the administrator has changed.”

The number of group members has dropped by a few thousand, but was still over 130,000 on Monday morning.

Situation saddens Sorvar, because according to him the group's community was strong. In a large group, garden-related tips and information were shared in a good spirit.

The establishment of a new group has not yet been planned in detail, he says.

“We had created a safe place to talk and now it is no longer there. We have received feedback that a lot of people really miss the group.”

Social media at worst, there have been dozens of notifications a day about account breaches, says the information security expert at Traficom's Cybersecurity Center Matias Mesia.

“Nowadays, awareness of information security has increased, so the situation has calmed down a bit. Still, almost every day, someone says that they are very upset that their account has been hacked.”

He advises to act in accordance with the official instructions of the service provider if your own group or account is hijacked. According to Mesiä, getting them back won't happen quickly, but it can take weeks.

“Patience is a virtue. Of course, passwords must be changed if the fraudster knows the same usernames that the person uses in other services as well.”

“ Fraudsters are constantly inventing new ways to manipulate people.

Hijacker may publish content and advertisements harmful to the group it has taken over, Mesiä points out. The organization should also take into account that customers' sensitive information may end up in the hijacker's knowledge.

“In the event of an account breach, the company must consider whether to report it to the data protection commissioner.”

According to Mesiä, you should never agree if the hijacker demands money for returning the credentials. Instead, a criminal complaint should be filed against the blackmailer.

“In the investigation, we may find out who hacks the accounts. It is important that the police become aware of the account hack, because it might help the police connect the threads.”

credentials are often successfully hijacked, for example, because the user does not have multi-step authentication at his disposal, says Mesiä.

In multi-step authentication, it is not enough to log in with just an e-mail and a password, but the log-in must be accepted, for example, with the help of a series of numbers sent via text message.

IDs are also fished directly from users. Fraudsters are constantly inventing new ways to manipulate people, Mesia states.

Nowadays, it is common that a fraudster has already taken over someone's account and is approaching the account's contacts with it.

“After all, it seems reliable when your friend posts a message. If you are not a regular user of social media, you may act according to the instructions of a fraudster posing as a friend.”