Let's look at what happened:
- Someone malicious cracked his Facebook password, logged into his account and started sending messages to his friends.
- His friends alerted him and he immediately went in and changed his FB password.
- He reported the attack to Facebook.
- Facebook disabled his account.
- Per Facebook's instructions, he emailed "email@example.com" asking for his account to be reinstated.
- He's now been waiting over 10 days....
As Irwin points out, he's sadly not alone with this problem. Still, as Irwin notes, if a company is going to use Facebook as part of their communications strategy they need to be sure that they can use Facebook! A good step is to have multiple administrators on any Facebook page (we do on the Voxeo page).
Facebook, too, needs to step up here a bit. Irwin, who in addition to being an analyst has a security background (and is, like me, a CISSP), did the right thing by fixing the short-term issue by changing his password and then reporting the attack to Facebook. To then have his account disabled with no explanation and no communication is crazy!
If Facebook wants to be the big portal through which we all view the Internet (and which continues to concern me), then they need to provide the level of service - and responsiveness - appropriate to that grand vision of theirs.
Even better would be to open up their system so that Irwin could have more control over his own account and data... but somehow I don't see Facebook ever becoming the distributed and decentralized system we really need it to be...