Bob Birgel is still recovering from the events that took place Aug. 2.
“I woke up to half a dozen text notifications from Facebook trying to authenticate a two-factor identification that was trying to be processed,” Bob Birgel, the marketing and public relations manager for Homewood-Flossmoor Park District, recalled.
When he realized he had not been the one triggering the verification steps, he logged on to find his personal page and the Park District’s public Facebook page had been hacked.
The hackers, who are still unknown, attempted to post content pornographic in nature as well as several images depicting foreign acts of terror, Birgel said. Meta, the company that owns Facebook, prevented the content from going public and froze the hacked accounts.
“Facebook themselves were not able to help us at all to regain access to the Park District site,” said Doug Boehm executive director of the Park District. “We were left to create a whole new page.”
The Facebook page had more than 5,400 followers before the hack. Now, they are trying to rebuild that audience on a new page but only have about a tenth the audience.
The old page is still up but there has not been a post since Aug. 1.
The Homewood-Flossmoor Park District boundary is nearly contiguous with the two communities, and spans about 365 acres, according to its website. It has an annual operating budget of almost $13 million and serves roughly 30,000 residents; people Park District leaders say they now cannot reach nearly as easily.
“It’s the number one form of communication for all of our users,” Boehm said. “That’s what people follow and use. So it set us back a little bit in our communication with our public.”
In the aftermath of the hack, Birgel says the focus was not trying to figure out who conducted it, but instead centered on recreating the engagement with residents of Homewood and Flossmoor. They also did not reach out to authorities despite the content potentially being illegal.
“Our main concern was getting those pages back,” he emphasized.
The new page uses two factor authentication again, something technology experts say goes far to thwart hacks. But since they have been hacked once using the system, Birgel and others are looking into connecting the page to a business account to further secure the platform.
Meta’s handling of the situation was both good and bad, Birgel said.
For one, Meta allowed a hacker to gain access. But Meta also knew not to post the images publicly since they violated the company’s content rules.
At the same time, the company prevented Birgel from regaining access to the page he managed for the community.
“It is still kind of baffling to me that they can look at what happened and agree that my account had been hacked … (but) they don’t have the power to restore that content,” he said. “We have to start from scratch now.”
hsanders@chicagotribune.com
