As more local businesses are turning to virtual services amid the COVID-19 pandemic, hackers are becoming a recurring problem.

It happened at the newly opened Bainbridge Apothecary & Tea shop on Winslow Way. Shop owner Erika Thayer said their Facebook page has been taken over by an unverified Philippine company called “Phu Nu & Sac Dep” since mid-December. BAT’s photos have been changed to others added by the hackers, and they have added some posts written in Philippine language. The posts are about healthy eating.

“This has been really awful,” Thayer said. “If I can help just one business from this not happening to them, it’s worth (it). It’s embarrassing and an incredible violation.”

Thayer said she set up the business’s Facebook page through her private account. “That was mistake number one,” she said.

The Facebook page was the local business’s main avenue of promotion and communicating with the public, which Thayer said was a “big part of our outreach.” She said on the night of Dec. 11, her personal Facebook account had been compromised and soon she couldn’t even log into it as the password had been changed.

A few days later, the business page was hacked.

“Whether that is actually the truth or not, who knows,” Thayer said about the hackers reportedly in the Philippines. “They don’t seem very credible. The content is awful. At first, it seemed like they were trying to do just health and wellness stuff but it’s much more nefarious.”

After a few weeks of trying to pinpoint the hackers’ motivation, Thayer and her business believe they are using it for their contact base as well as trying to find any credit card or banking information that might have been included on the business page pertaining to ad boosting. None of that information was compromised.

“The blessing was I never paid for anything on the business side of it,” she said. “There are services that Facebook offers where you can put your credit card information in and saves your information.”

Thayer said due to the sudden privacy breach right before the holidays, they lost “thousands of dollars because of it and reputational branding.”

“I feel helpless in what happened, and there was no resolution,” she said.

In terms of regaining access to the Facebook page, Thayer said she has reached out to the hacker’s business to try and regain ownership, but they are stating she needs to pay them for that to happen. Her real issue is with Facebook, which she claims has been no help.

“The real injustice in all of this is Facebook,” she said. “They have zero accountability. No one has ever responded to the initial (outreach). I’ve spoken to nobody, no email has ever come through from them. They simply have no burden of care if a business is compromised.”

If Facebook gets in touch with Thayer, she said they can revert the account back to her.

Thayer has some advice for other businesses.

“There is a way to set up a business account on Facebook which is separate from your private (account), which is much more difficult to breach security protocol and take over,” she said. “I think Facebook has a greater burden of responsibility to an actual business account that is not attached to a personal (account).

“There’s so much security breach through private accounts, they just do not have the bandwidth to address every concern,” Thayer continued. “My greatest advice is if your business — in any of your social media (platforms) — is attached to your private (account), those passwords are much easier to gain. Change your passwords often.”