If you or a page you manage has been affected, here are a couple of steps to take in order to resolve the issue:

1. Hide, don’t delete.
Immediately hide any inappropriate posts from the page. Facebook support will need to be able to view the spam posts, so it’s important to not delete them.
2. Get in touch with support.
Contact Facebook support here.
To get immediate help from the support team, use the chat feature rather than email.
3. Tighten up your admin roster.
Review and remove any extraneous or outdated admins from the page roles. This will limit the number of people that have access to the brand page, and can help to identify where the issue may be coming from.
4. Track down the source.
In “Activity Log” under page settings, you can see which specific page admins publish posts. Through this tool, you can narrow down which partner organization or user may be compromised.
5. Transfer ownership to a trusted source.
If a specific user or page has been attributed with the spam, remove them from any page roles or admin levels. You may need to grant page ownership access to another partner or agency in the meantime. This should halt the spam from being posted until Facebook support is able to triage the issue.

When dealing with a social media issue like this, it’s also important to consider the crisis management plan for your brand. Which parties need to be consulted in a crisis? Do you have a protocol set for crisis communications and escalations? What is an appropriate branded response to an issue like this that may arise?

Facebook is still uncovering details surrounding the security breach, but you can learn more in their blog here. If you have more questions about social media security or crisis communications, contact us here to see how we can be a resource for you and your brand.