Metallica Got Hacked, And So Did I: How Artists Can Protect Their Socials

1 July 2024 | 12:03 pm | Monica Strut

After The Last Martyr got hacked and lost access to their Facebook page, singer Monica Strut has shared some tips to protect other bands from the same situation.

The Last Martyr

The Last Martyr (Credit: Electrum Photography)

Metallica are the latest victims of cyber hackers after their official X (formerly known as Twitter) account became awash with posts promoting a new crypto token called $METAL. While it’s a cool name and all, fans and companies in the world of crypto were quick to point out the scam and Metallica’s team seems to have quickly regained control of the account. My band hasn’t been so lucky.

For the better part of a year, my own metal group, The Last Martyr, have been battling with Meta to regain control of our Facebook account from hackers, and we’re not the only ones. Despite submitting countless support tickets, ID, business documents, and even splurging on a Meta Verified account that promised better customer service, the issue has still not been resolved.  

We first discovered we’d been hacked late last year when a random account took over our Business Suite—the hub that manages Facebook, Instagram, ads, and more—demoting our access. 

This meant that aside from the fact we could not remove them, we could effectively be evicted from our own Page at any time; a scary thought for an independent band that relies heavily on social media to promote our music.

Don't miss a beat with our FREE daily newsletter

For nearly nine months, the hackers remained mostly dormant as we went through the motions with Meta to rectify the situation. During a recent single campaign, we decided enough was enough and fought harder than ever to regain control of our account. Our efforts were noticed, but unfortunately, not by the right people.

We had high hopes after having several video calls with Meta who even acknowledged the issue. But afterwards, we received the same holding response as always - they were looking into it, and our patience was appreciated.

Things came to a head when we returned from the high of tour a few weeks back to discover our patience had been in vain. The hackers had won, and we had been kicked off the Page for good.

In 2024, when artists have the power to release music independently and reach fans on their own, an artist’s social media channels are as valuable as a label. Like or loathe it, online platforms have been connecting fans with their new favourite artists since the MySpace days. But the kicker is that instead of being beholden to a label, we are now at the mercy of these social platforms, their ever-changing algorithms, stretched customer service and yes, hackers.

In fact, according to ABC, Meta hacking cases have risen by 120% in Australia since July 2022, and a whopping 700% in the United States. Of course, small businesses are affected most, and musicians are no exception. The moment I shared my band’s story online, we were flooded with comments and messages from artists who’ve experienced the same thing.

Sydney rock band Wicked Envy shared that last year, hackers not only took control of their band’s Facebook Page and vocalist Desiree Hancock’s personal Page but also racked up a bunch of charges on their credit card by running ads for keychains via their account. 

“It went on for three or four months, reporting to Meta, getting friends and family to report on our behalf, trying to change the passwords and delete the hackers,” Hancock laments. “[It was] very stressful. I felt extremely anxious, and I nearly deleted Facebook altogether. It has affected me still to this day and the Meta account is still corrupted from ad campaigns created using our band name.”

Gold Coast rockers We Set Signals have been hacked halfway through recording their new record and are grappling with the idea of starting again. “A hacker got control of our drummer’s account which opened a back door to the band through an admin,” vocalist Nicholas Wilkinson recounts. “After they kicked us off the Page as admins I tried everything to no avail. Facebook literally offers no direct support for the issue. We built this page to 8k followers over the years and lost it overnight…it crushed us.”

It’s a feeling I can relate to. There’s something so invasive and gross about losing the account you poured years of energy and unpaid labour into building to internet pirates. Aside from having the connection to followers severed - and all the career highlights and memories with it - it is a massive data breach and loss. 

For instance, losing your account means we can’t re-target attendees of past shows with ads for new shows, thus losing an essential promotional tool. More alarmingly, hackers can now DM our followers from our old account and potentially scam them - something cyber security experts we’ve spoken to say is likely the motivation behind the takeover.

Almost immediately after my band was removed, our Facebook Page was turned into a bizarre ancient history Page. Hackers buried any reminisce of our music with tens of shitty AI posts a day, and all we could do was watch on. When I followed the trail of where those posts were being shared, I discovered an elaborate labyrinth of fake or overrun accounts and, for the first time, understood how sophisticated and organised these hackers are.

Down the rabbit hole, I discovered that the US-based roots festival Swamptown Throwdown had fallen victim to the same history of hackers we had. Thankfully, they don’t feel like it has hurt ticket sales. “I don’t think it’s hurt my business any. Most people are aware of what my Pages represent and hopefully can tell on their own that it’s not me making the new posts,” said event organiser Dave Griffin, who has since started a new account.

After weeks of us and hundreds of our fans commenting and reporting the posts and hacked Page, we, too, made the decision to start fresh. After all, most of us don’t have Metallica-level resources.  If you are a band, musician, or any small business for that matter, no doubt you can imagine what losing your social accounts would be like, so here’s what you can do to protect yourself:

Up Your Password Security

Most of us know what two-factor authentication is, but when multiple band or team members need access to the same accounts, it can be a royal pain in the ass to have it on for everything - do it anyway! 2FA adds an extra layer of security by requiring a second form of verification in addition to your password, like the code texted to your phone. 

Also, keep your passwords weird and secure. Don’t use the same password for everything and ensure they’re made up of random letters, numbers and symbols. Apps like LastPass enable you to share passwords between multiple people and only cost a couple of bucks a month.

Build Your Audience on Multiple Platforms

While being hacked was demoralising, stressful and a huge inconvenience, it was never outside the realm of possibility. Unfortunately, it’s just a part of being in the digital landscape. Also, taking into consideration the fact that both Facebook and Instagram have completely gone down in recent years, it’s wise to not put all your eggs in one social media basket. Ensure you’re nurturing your community across all the major platforms.

The Power Of Mailing Lists

No matter how many followers you have, you don’t own that data and should have a way of contacting your fans if you lose your social accounts. A mailing list is the best way to communicate directly with your people, and there is a higher chance of them seeing an email than a post on socials, making it a killer marketing strategy regardless.

Set Your Band Up Like A Business

If something goes down, you want to be able to prove that the business is yours. This means having an ABN, registered business name and band/business bank account, which can be used as evidence of ownership. 

Even though Meta clearly didn’t give a hoot in our situation, the Small Business and Family Enterprise Ombudsman has been recommended to us as a body that can help in these situations, and they will need these documents to be able to do so.

Act Fast If You’ve Been Hacked 

It was mere hours between the time our hackers became active again and when we were booted completely off our account (you can read the full story of how I knew here). If you find your account has been compromised, I recommend removing any identifying data like your email address and website, as well as changing the name and handle/URL to something else immediately (a move that can’t be performed again for 60 days). 

Doing these things will hopefully indicate to your fans that something is up with the Page and enable you to create a new account under the old name at a later date if need be. But to be brutally honest, I wish we had not hesitated to delete our Page while we still had the power to.  

As an artist, it's easy to fall into the trap of gauging your success by the number of followers you have. This is a core reason why the thought of starting all over again can feel like a massive setback. Though my band Page didn’t have the biggest following in the world, we were completely overwhelmed with the amount of shares, comments, reposts, and messages of support we received throughout this ordeal. 

It is a timely reminder for all of us that behind the numbers are real people who support you now and will do so again. Ultimately, success as an artist isn't measured by vanity metrics, but by the genuine connections you cultivate with your audience along the way. Just remember to change your passwords frequently.

Follow The Last Martyr’s new Facebook Page here and sign up for the mailing list here. Stream their latest single below.