Some Facebook and Instagram users are being locked out of their accounts for reporting impostors posing as relatives (in some cases, dead relatives). The social media platforms have been requiring locked-out users to submit a picture of photo identification through an API, but many have said the API is not functioning. A source at Facebook has told Android Police the company is investigating how the code got published. The company has also pulled the API.
Dozens of people have lamented the ordeal of being cut from their accounts for reporting fake profiles on Twitter under the hashtag #FacebookLockout for the past several weeks. It appears that the reporting accounts as well as the impersonating accounts are locked simultaneously as a result of a person filing a report.
Many who have had to verify their identity to Facebook tried doing so with a provided camera-scanning API. However, most times, the app just cycles a loading circle for a lengthy period before sending users back to the beginning of the process.
2/ Thousand's of facebook user's facing this sh**ty problem! just tap this hashtag here #FacebookLockout
Just like this clip! pic.twitter.com/IBbCtbszBl
— Sayeed Al Mahmud Joy (@thesayeedjoy) October 13, 2019
The bug has affected administrators who run business pages. Cory Comer, a marketing director for logistics servicer RateLinx, was locked out of his account with his profile removed from public view. As an administrator of a his company's Facebook business page and Instagram account, he was prevented from directly managing his company's media as well as interacting with plug-in services for those platforms.
2 days locked out of @FBBusiness. PhotoID submit is hung, no indication it worked. No confirmation email. Can't reach out to @facebook for support. Can't manage engagement, messages, ads or budget. #FB treats #SMBs/users poorly. #marketing #SocialMedia
— Cory Comer (@corywcomer) October 10, 2019
Comer would finally be re-authenticated into his account after a week of emails with Facebook support. Some had to wait a few days to be reinstated, others even a few weeks.
Russakovskii had his Facebook account locked after people filed impersonation reports against him twice in the past month — the first time was by Facebook bug hunter Sayeed Al Mahmud Joy of Deactive Gang for testing purposes (Joy was also affected); the second person is unknown.
A source at Facebook told Android Police on September 24 that the company's security division placed the developers responsible for the API under formal review, deactivated the code, and had begun to reactivate affected accounts — though locked accounts were still seeing the API well into October.
Facebook sent a statement to Mashable this week which reads:
We worked quickly to fix an issue where we unnecessarily asked some people to verify their accounts after they reported account impersonation for someone else. We've removed this request and restored access to the affected accounts.
Anyone who has been locked out of an account and needs to verify their identity can use this form to do so.
As to whether Facebook has the right idea for locking down both parties involved in an impersonation case, it does make sense that the authentic person will be the only one able to verify their identity through documents. But when users are being gamed by scammers on a mass scale, there may be more that needs doing.
Alternate title: Strangers can now do you a favor and help you quit Facebook