‘Catastrophic damage’: Facebook silent on three hour delay in recovering UNSW page after hack

Facebook has refused to comment on why it took more than three hours to respond after the page of one of Australia’s biggest universities was hacked during its open day on Saturday.

A hacker took control of the University of New South Wales’ (UNSW) Facebook page on Saturday, posting images of semi-clad women and headlines including “the best sex he’s ever had” on one of its most important days of the year.


According to reports it took more than three hours for the university to reach support teams with Facebook in Australia and internationally, despite the university being understood to have an assigned account manager.

A spokeswoman for Facebook refused to comment on the details of the hijack, or the length of time it took to regain control of the page, but said: “We are working closely with UNSW to establish what occurred on the weekend.”

While the university did eventually regain control of the page, which has more than 360,000 likes, it was hacked again last night.

The incident has prompted warnings from social media experts for brands to be more aware of their own social media action plans.

“Brands need to plan before they sign up and engage on a platform,” said Karalee Evans, digital and social strategy with Method. “They need security planning, admin access passwords, they have to keep a central email and not create brand pages with a personal employee’s email as the primary contact.

“I suspect that all of those things are what UNSW have not done – which is why you see such catastrophic damage.”

One of the posts upload on the UNSW page on the weekend.

One of the posts upload on the UNSW page on the weekend.

UNSW and Facebook were today asked what had occurred on the weekend and what processes the social giant has to protect brands, both big and small, when a social hijack does occurs.

During the hijacking the G8 university’s page was bombarded with images such as rapper Nicky Minaj in a bra and thong and photos of porn star Mia Khalifa.

The posts quickly gained traction online with many users mocking the hijack and calling into question UNSW’s online competence.

Among the many posts were comments from users such as this from Timmy Cheng: “I want to ask whether there is any admins here, and why so many X-rated, adult content? (sic)”

Student Joni Lee commented: “All that tuition… clearly wasn’t spent on (online) security.”

While Harrison Weir wrote: “Excellent clickbait articles. 10/10 would enrol in a bachelor’s of Mia Khalifa studies.”

Evans, who was previously head of social at DDB Australia, said that it was likely a number of people had access to the UNSW Facebook page.

“All it takes is for someone to get in with an email,” she said. “Maybe it’s an employee that’s left or a student who did some work with them and all it takes is to go in and remove all the other administrators and then bang they have got the page.

“Whoever is doing it obviously had access, which is not too hard because most of these big pages have multiple administrators.”

Evans noted that after regaining access on Saturday the university and Facebook appears to have failed to lock down that page, allowing whoever was behind the stunt to repeat it on Sunday night.

The university later tweeted an apology for the second hijack: 1

2“(The second hijack) tells me they didn’t regain control after the first initial hack on Saturday,” said Evans. “Brands need to be aware that it is very easy if you have editor status to remove every other admin.

“For it to happen again tells me there’s no code problem with Facebook, rather it would be a policy problem on UNSW’s side.”

Evans said anyone with a brand Facebook page, Twitter account or other social media presence needs to think about what steps will they take should they lose control of their social media presence.

“They need support from the platform themselves,” said Evans. “For Facebook it depends what tier you are on, in terms of if you have got your own dedicated account manager then your first phone call is to them.

“If you don’t have a dedicated account manager there are two options. One is the brand live chat option, a new function that was launched recently for brands and advertisers in Australia, if that doesn’t work is to try and call Facebook. It’s so rudimentary but it is important.

“For UNSW they would probably have an account manager and I suspect it wouldn’t have been too hard for them but if it was a small bakery that’s a different scenario.”

Evans noted that every brand should know what they do in the event someone takes control of their social media.

“If you are playing on platforms that you don’t own – it’s not your website or you’re not paying the server provider’s bills – the first thing you have to figure out is figure out who the lines of communication are to that platform.”

A spokesman for UNSW told Mumbrella: “There was a second security breach of UNSW’s Facebook page late last night.

“The University regained control of the pages early this morning and the offensive posts were removed. UNSW has put in place additional security measures around its Facebook pages and will be discussing with Facebook the level of support available 24/7.”

Rival social platform Twitter also weighed in on the hijacking, when asked about their social process, a spokesman noted: “Any Twitter advertiser or user can leverage the global presence of our safety teams around the clock if their account has been hacked or for any other assistance through the online forms available at

“Major brands and partners also have dedicated named account teams that can assist them in emergency situations whenever they arise, and our team regularly supports our advertisers and partners outside of standard office hours.”

Nic Christensen 


Get the latest media and marketing industry news (and views) direct to your inbox.

Sign up to the free Mumbrella newsletter now.



Sign up to our free daily update to get the latest in media and marketing.