Mr Elite
Founder, SecurityElites.com · Penetration Tester · Educator
Facebook accounts are high-value because of breadth — messages, photos, identity, business assets, login provider for other services. The protection priorities are the same as Instagram (app-based 2FA, unique strong password, secured email account) plus business-specific protections for users with Business Manager access. The pattern I see most often: long-time Facebook users with passwords from 2010, no 2FA, dozens of forgotten app connections, and "trust me, no one would target me". The first time targeting happens, the recovery is painful and slow; the prevention is straightforward and takes one afternoon. For business account holders specifically: the financial-loss potential is real and large; the controls (enforced 2FA, spending limits, regular access audits) are well worth the operational overhead.