What Lloyd Cadena's Hack Teaches Every Business on Facebook

Facebook page hacks happen every single day, targeting accounts of all sizes. According to a VPN Central study, Google records over 67,940 monthly searches from users looking for help with hacked Facebook accounts, making it the most targeted social media platform online.

If you manage a Facebook Page, you are a target. There’s no other way around it. Your job as an admin is to reduce your attack surface so you don’t become the next victim. The hack of Lloyd Cadena’s Facebook page is a perfect example of what happens when a page falls into the wrong hands.

In this post, we’ll break down what happened, why you should pay attention, and the specific steps you can take to protect your Facebook Page from hackers.

What Happened to Lloyd Cadena’s Facebook Page?

Lloyd Cadena was one of the Philippines’ most beloved content creators. He started vlogging on YouTube in 2010 and grew into one of the country’s most recognizable online personalities. Sadly, Lloyd passed away in September 2020 due to a heart attack. His family shared the cause of death through his social media accounts two days after his passing.

Recently, his Facebook page (which had over 7 million followers) was hacked. The hackers changed the profile and cover photos, renamed the page, and started posting clickbait content about unrelated foreign personalities. The page became a tool for the hackers to redirect traffic to external websites.

Fellow content creator Madam Aivan pleaded with netizens to help mass report the compromised page. She shared that the family had already tried to recover it, even reaching out to contacts who previously worked at Meta. None of it worked. The family’s main concern was preventing the page from being misused any further.

Followers quickly responded, expressing willingness to help and frustration over the hacked page’s activity. By the time reports surfaced, the page had already lost over 1.5 million followers.

Why Should You Pay Attention to This?

Facebook is the most hacked social media platform in the world. A VPN Central study found that 67,940 U.S. social media users searched for terms like, “account hacked”, “hacking”, and “hack” related to Facebook. With over 300,000 Facebook accounts compromised every single day (worldwide), the threat is real for any business on the platform.

What makes this even more concerning is the financial cost. Cybersecurity Ventures projected that global cybercrime costs reached $10.5 trillion USD in 2025 and will grow to $12.2 trillion annually by 2031. Cybercrime is accelerating, not slowing down.

If your brand depends on Facebook for revenue, engagement, or marketing, you need to take page security seriously. Losing access can mean losing years of content, follower trust, and revenue (all in a matter of minutes).

How to Protect Your Facebook Page

There are effective ways to protect your Facebook Page from hackers. The key is to reduce your attack surface. Here’s what you need to do.

1) Use Strong Passwords Across All Accounts

Your password strength is one of the easiest indicators of how quickly an attacker can breach your account. If you use a weak or commonly used password, you’ll give hackers an open door. That’s why your first layer of defense should always be a strong, unique password.

To create a strong password, use a mix of uppercase and lowercase letters, numbers, and special characters. Aim for at least 20 characters, and avoid personal information like birthdays or common words.

Once you create one, never reuse it across platforms. According to Forbes, 50% of people use the same password for different accounts (and that’s a top reason hackers breach multiple accounts at once).

If having different passwords for every account sounds overwhelming, use a company-approved password manager to store them securely. Proton Pass, 1Password, and Bitdefender SecurePass are all solid options, choose the one that fits your team best.

2) Enable 2FA for Teams

Two-factor authentication (2FA) adds an extra layer of verification beyond your password by requiring a second form of identity (like a one-time code from your phone or an authenticator app) before granting access. That’s precisely why it’s the best way to stop most brute force attacks.

2FA for teams takes this a step further by allowing administrators to enforce 2FA across an entire organization. This is especially useful in situations like:

• When a team member leaves the company and you need to confirm no unauthorized access remains.
• When a new employee joins and needs proper security protocols from day one.
• When a contractor has temporary access that needs to be tightly managed.
• When your team works remotely and logs in from different locations.

That said, while 2FA for teams is effective at stopping most unauthorized access attempts, it’s not hackproof. Hackers have found ways to bypass it through SIM swapping and phishing. So implement it alongside the rest of the recommendations in this post.

3) Create a Social Media Policy

A social media policy is a document that outlines how your team should use, manage, and protect your brand’s social media accounts. It determines who gets access, what they can publish, and how they should behave when representing your brand online.

A strong social media policy typically covers:

• Account access and roles: Defines who has access, their permission levels, and how access is granted or revoked.
• Content guidelines: Outlines approved content types, tone, topics, and brand voice.
• Security protocols: Specifies password requirements, 2FA enforcement, and procedures for handling suspected breaches.
• Crisis response plan: Details steps to follow if an account is hacked, impersonated, or involved in a PR incident.
• Legal and compliance rules: Covers disclosure requirements, copyright guidelines, and platform terms of service.

If you want to create a social media policy in minutes, check out our easily customizable template. It covers things like a customized policy based on your teams, accounts, and risks, a review of current security blind spots, and a workflow for approval, access, and crisis response.

4) Review and Revoke Unnecessary Account Access

One of the most common reasons businesses lose access to their Facebook Pages is that an administrator gets hacked. When hackers compromise one admin account, they can gain full control of the Page. That’s why regularly reviewing your account permissions is critical.

And while this is the most common scenario we see, it’s not the only one. Sometimes people leave organizations but retain admin access. Other times, team members have more permissions than they need. Both create unnecessary risk.

Review your Page’s access list regularly and revoke access for anyone who no longer needs it.

5) Enable Account Monitoring

Account monitoring is a security practice where a platform continuously watches your social media accounts for suspicious activity or unauthorized changes. It tracks login behavior, content changes, and permission modifications to catch threats early.

If you want a reliable account monitoring platform focused on social media cybersecurity, check out Spikerz. Spikerz connects to your accounts through official APIs (no passwords needed). Once connected, it uses AI to scan your account’s activity and enrolls you in 24/7 monitoring.

Here’s how Spikerz helps brands protect their social media presence:

• Account takeover protection: Monitors your accounts 24/7 for unauthorized access attempts and alerts you immediately when something suspicious is detected.
• Phishing protection: Scans incoming messages and interactions for phishing attempts designed to steal your credentials.
• Permissions management: Tracks who has access to your accounts and flags any changes to roles or permissions.
• Impersonator takedown: Identifies fake accounts impersonating your brand and helps you take them down before they deceive your audience.
• Comment moderation: Uses AI to filter out spam, bot activity, and harmful comments that could damage your brand image.

If this is something your brand would benefit from, book a demo right now to see how Spikerz can help protect your social media.

6) Use Antivirus Software to Protect Your Local Devices

While 2FA and account monitoring are effective at stopping most threats, they aren’t perfect. Some attacks allow hackers to bypass your password and 2FA altogether. These attacks are called session hijacking.

Session hijacking works by stealing the active session token stored in your browser after you log in. This token acts as a digital key that tells Facebook you’re already verified. If a hacker steals that token through malware on your device, they can log into your account without needing your password or 2FA code.

That’s why you should protect your local devices with antivirus software like Bitdefender. Antivirus software scans your devices for malware, trojans, keyloggers, and other malicious programs hackers use to steal session tokens and login credentials.

Conclusion

This hack is a clear reminder that no account is safe without the right security measures. A page with over 7 million followers was taken over, stripped of its identity, and turned into a spam machine (and even direct outreach to Meta couldn’t reverse it). If it can happen to a page that size, it can happen to yours.

The good news is that protecting your Facebook Page is not complicated. Use strong, unique passwords, enable 2FA for your entire team, create a social media policy, regularly review and revoke unnecessary permissions, set up account monitoring with Spikerz, and protect your local devices with antivirus software to protect against session hijacking.

Every step reduces your attack surface. The more layers you add, the harder it gets for hackers to break through. Don’t wait until your page is compromised, start securing your Facebook Page right now.