If you have to get hacked, you might as well find the humor in it. That was one of the American Library Association’s main takeaways after it lost control of its Facebook page last month. A member of ALA’s social media team shares some insights from the experience.
Nobody wants to wake up to a message that their organization’s website or social media accounts have been hacked, especially over a holiday weekend. But that’s exactly what happened to the staff at the American Library Association this past Labor Day
For almost 31 hours, the group lost control of its Facebook page to a hacker “who posted decidedly un-library-like content,” as Tina Coleman, membership specialist, and Jenny Levine, executive director of the Library and Information Technology Association, wrote in their account of the situation later in ALA’s American Libraries Magazine.
“It was a challenging and stressful situation for staff, who realized the problem immediately after it happened but were unable to do anything. The GetHuman phone number listed for Facebook worked, but nothing happened when we’d press a menu number. None of the solutions we Googled or found in the Facebook help section worked. Links to Facebook pages took us in circles. We tweeted @Facebook, but there was no answer. Hundreds of staff and ALA supporters used the option on each post to report that the page had been hacked, but that only resulted in messages from Facebook that they didn’t consider the post spam. Seriously?”
Amidst the chaos that ensued, however, a funny thing began happening: A group of librarians began commenting on the fake posts with tongue-in-cheek responses.
To one of the fake posts linking to a supposed article on the “Before and After Faces of Meth,” for example, commenters began posting call numbers to books detailing the dangers of stimulants and guides to amateur chemistry experiments.
“It helped so much,” Coleman told Associations Now about the response from ALA’s community to the fake posts. “If something that horrible has to happen to your presence, especially from a nonprofit or business standpoint, having your community respond so well and rolling with it and almost taking ownership of the situation and being flippant and not putting up with it, but not railing against it, really made it so much easier to deal with the stress.”
The hackers were posting regularly, about every 20 minutes, and while the posts hadn’t left the realm of tacky, ALA’s social media team was worried that they could head “into a really bad direction,” Coleman said. “The internet is so full of really horrible things that could’ve been posted.”
Another concern was whether the posts contained links to phishing websites, so Coleman and others warned followers not to click on any of the posts. They also avoided commenting as administrators so as not to tempt the hackers to up the ante. “I wasn’t sure if we started responding and trying to triage the situation in the comments, if the content would suddenly get worse,” Coleman said.
As anxiety provoking as the whole situation was, the hack led to some unexpected and advantageous surprises, in addition to the humorous comments.
“I actually think that post-hack, there’s been more of a sense of the community feeling ownership of the space that they’ve created there,” Coleman said. “People seem more likely to comment and interact with the posts that we’re putting up or even with each other, and that’s been not just on the Facebook page, but it’s been on some of our other channels, too.”
The benefit of cultivating an online, social community was a big lesson for ALA staff not only because it helped relieve some of the tension during the saga, but because it was people from within their community who called on connections at Facebook to help fix the issue and reinstate administrative rights to ALA.
“When an association is using social media, it’s an opportunity to create community, not just to put out content. And, as you cultivate that space and create the community feeling for your members and for your staff and for your supporters, that can really come back and help you in a stressful situation.”
Although no one is sure yet whether it was Facebook or the hackers who eventually released the page back to ALA, Coleman and Levine laid out a list of recommended steps to follow should organizations face a similar situation. Chief among them is to make sure your organization is using a two-tiered security option that social media platforms have available.
“ALA is very decentralized, which is sometimes a problem when it comes to enforcing standards, but this is too important and we just have to do it,” they wrote with the advice to implement two-factor authentication on accounts. “It adds an extra step to logging in on new devices or browsers, but if you do this now you won’t have to go through what we did because someone else logged in as you. It’s not a 100 percent guarantee nothing will ever happen, but it’s the single best thing you can do.”
Has your association experienced a hacking incident? Please share how it went in the comments.