Hackers are using fake Oculus Meta accounts to get Facebook users suspended — everything you need to know

A hacker typing quickly on a keyboard
(Image credit: Shutterstock)

Having your Facebook hacked can be a real headache due to just how hard it can be to recover your account. But now, users of the social media platform are having their accounts suspended even when they’ve done nothing wrong and have the right security safeguards like two-factor authentication (2FA) in place.

As reported by Cybernews, Vietnamese hackers have begun creating fake Oculus Meta accounts which they then link to real Facebook profiles. However, doing so is registered as unauthorized access — likely since the email addresses don’t match — which then leads to a victim’s Facebook account being suspended. 

In a post on X, Dan Astin-Gregory (whose own account was suspended) explains that more than 1,000 individuals have been affected by this campaign so far and that this issue has yet to be addressed by either Meta or its Facebook social networking service. However, this campaign could expand further and the hackers behind it could even hold suspended Facebook profiles hostage by refusing to unlink these fake Oculus Meta accounts.

Here’s what you need to know about this new campaign and why it’s particularly hard to defend against.

Even 2FA can’t help you

The reason social media sites and security writers like myself encourage you to enable two-factor authentication in the first place is to help protect you from account takeover attempts. This is because once 2FA is enabled, a hacker would need access to your email or phone in order to login to your accounts.

Surprisingly in this case, though, 2FA fails to protect Facebook users from unauthorized account linking. Normally, you would need to verify that you are really you before you could link one account to another.

While a Facebook account used to be required to use the Meta Quest 2, this was scrapped back in 2022. Instead, Facebook’s parent company created brand new Meta Accounts so that users of its VR headset wouldn’t be required to sign up for its social media platforms.

If 2FA not working wasn’t bad enough, Astin-Gregory also points out that both Facebook and Meta’s help centers have been slow to respond when it comes to users having their Facebook suspended due to unauthorized account linking. 

Outlook: Meta needs to take action

Facebook app on phone

(Image credit: Shutterstock)

Although this issue is plaguing a small number of Facebook users, it still needs to be addressed as the hackers behind this campaign are abusing Meta’s platform to cause chaos or quite possibly for their own gain.

As for protecting your own Facebook account, it seems there isn’t much you can do since even enabling 2FA won’t keep your account safe. That said, the best antivirus software can keep you safe from malware and other cyberthreats that could occur as a result of having a fake Oculus Meta account linked to your Facebook. For instance, the hackers may try to send you malicious documents in a phishing email about unlinking your Facebook from one of these fake accounts.

While there have been plenty of Reddit posts about this issue, now that the news is officially out, let’s hope that Meta takes action soon, especially since doing so will lead to far less support tickets on the company’s end.

More from Tom's Guide

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.