Facepalm: Meta made some recent changes regarding certain Facebook account holders. To notify those who needed to take action, Meta composed a suspiciously worded email and spammed it out to relevant users. Naturally, recipients treated the spam as such and are finding themselves locked out of their accounts for not taking the sketchy-looking email seriously.
Meta's latest ill-conceived notion goes by the name Facebook Protect. The idea itself is not completely bad. It looks to add a layer of protection for specific groups more likely to be targeted by hackers such as journalists, human rights defenders, and government officials.
Facebook Protect monitors these accounts for hacking attempts and turns on two-factor authentication (2FA) by default. Unfortunately, Meta has implemented it very poorly, and now many users are finding themselves locked out of their accounts.
I got locked out from Facebook indefinitely today because I didn't respond to emails from FB (that looked like a scam) about its new Facebook Protect system, which I was required to enable by today. So far, the text and security key options don't work, many report. pic.twitter.com/0aXbiqzLv7— Liv. (@Olivia_Thiessen) March 18, 2022
It all started in earlier this month with Meta's poorly thought out idea of notifying these account holders via an email that sounded scammy. The email originates from "email@example.com" with the subject line reading, "Your account requires advanced security from Facebook Protect." The body instructs users to turn on Facebook Protect by clicking a link in the email by a specific deadline (March 17), or else they would lose access to their account.
It is an almost perfect model of the typical phishing email people have been conditioned to ignore, which many people did. Since Facebook had no other contingencies in place, like, oh, I don't know, maybe a popup notification on logging in, these account holders had no other reason to believe the email was legit.
Dear @FacebookApp: Your new Facebook Protect, which I didn't ask for, keeps texting me an identical two-factor verification code, which continues to not work. I'm now effectively locked out of my account. This is heightened security? Guess I'll spend more time on Twitter… @Meta— Mike Morrell (@RealMikeMorrell) March 18, 2022
But wait, there's more. Meta also fumbled implementing Facebook Protect's 2FA system correctly. Users who did manage to activate Facebook Protect are flooding Twitter, saying that 2FA refuses to accept their codes as entered despite several attempts.
Meta has not acknowledged the situation on any of its Twitter accounts except for a brief tweet about six hours ago directing people to its "Why is my personal Facebook account disabled" help page, which is not that helpful in this situation.