What the Tech: ‘Lily Collins’ Facebook data breach hits thousands
AUGUSTA, Ga. (WRDW/WAGT) - If you search Facebook for the name “Lily Collins” you’ll see hundreds of Facebook users with the name and no profile picture.
Over the past few weeks hackers, using a malicious link to a Chat GPT software program and Google Chrome extension, took over Facebook profiles and changed all of the user names to “Lily Collins”.
Raleigh Laplant from Topeka, Kansas was one of about 1,000 confirmed victims who lost not only access to their Facebook accounts but to their photos, memories, and contacts. How did it happen?
“I installed what I thought was a standalone chat G[Tt program from Facebook that came through as an ad,’ Laplant explained. “The next day I woke up and it said we detected a suspicious login to your account.”
Laplant identified the virus on his computer and sent an encrypted version to a friend who investigated.
“He found it logs keystrokes in real-time and it clones cookies that are stored on your computer from (Google) Chrome,” he said. “They take all of the cookies and copy them and then mirror them on the device they’re using, which makes it look, to Facebook, that you’re using a device that you’ve used before.”
Laplant had two-factor authentication turned on for his accounts but since the hackers found a way to trick Facebook into thinking they were using a verified device, it did not ask for 2FA login permission.
Around 1,000 other Facebook users have joined a Facebook group (many from new accounts they created) to try to figure out how it happened and what they can do about it. For some, it’s more than just an annoyance.
“They’re looking for financials,” said Laplant. “They’re also looking for a way to pretty much wipe out your banks. Anything you’ve stored on Facebook, like your credit cards or bank information.
They’re able to access.” Searching for “Lily Collins” on Facebook results in hundreds of returns in the United States.
Many are creators and business owners that have a Meta Business account which they use to buy advertisements. Laplant said the hacker who took over his account purchased $500 in Facebook ads which Facebook did not hold him liable for.
Most Lily Collins hack victims have been unable to access their accounts again and trying to get in touch with someone on Facebook to address the problem is, well, nearly impossible.
“I kept trying different ways, trying to get ahold of Facebook. I kept emailing them, every email address I could think of. I called their law enforcement hotline because I couldn’t get through there,” Laplant said. “You can’t get ahold of anybody. They’ve got 80,000 employees and you can’t get ahold of anybody.
It doesn’t make sense.” “We’ve even had a couple of people in the group say they’ve even accessed their email and while the emails were coming in from Facebook to verify your account, they were being deleted in real-time,” Laplant said.
Leplant shared screenshots of the Chat GPT ads containing the malicious links and as I write this, they can still be found on Facebook. Cyber security experts found a Chat GPT Chrome browser extension that contains the virus but Google has removed it from its Chrome store.
Be aware, Chat GPT does not have an actual app or browser extension. Laplant managed to gain access to his account again and some victims are finally getting results as well. But their names remain Lily Collins on Facebook.
We reached out to Facebook last week but have not received a response at this time.
Copyright 2023 WRDW/WAGT. All rights reserved.