Podcast
Hacked and Hijacked: When Meta and Stripe Fail Wellness Creators
The digital landscape has become a minefield for wellness creators, with sophisticated hackers exploiting vulnerabilities in major platforms like Meta and payment processors. We're seeing an underground economy emerge where desperate business owners pay thousands to recover hacked accounts, while legitimate creators lose everything to increasingly sophisticated phishing schemes.
The stories we're about to share aren't just cautionary tales—they're happening right now to real entrepreneurs in our community. And frankly, it's terrifying how little protection the platforms we depend on are actually providing.
The $100 Million War for AI Talent (And What It Means for Security)
Before we get into the scary stuff, here's something that puts the current tech landscape into perspective: Mark Zuckerberg is reportedly offering $100 million signing bonuses to poach talent from OpenAI. Yes, you read that right—$100 million per person.
To put this in context, entire presidential campaigns have run on $200 million budgets. We're talking about obscene, almost incomprehensible amounts of money being thrown around in the AI space right now. OpenAI just landed a billion-dollar contract with the U.S. Department of Defense, and the race for AI dominance is moving at breakneck speed.
Why does this matter for wellness creators? Because while these tech giants are focused on the next frontier of artificial intelligence, the basic security and customer service for ordinary entrepreneurs like us has become an afterthought. They're playing in trillion-dollar sandboxes while we're left vulnerable to increasingly sophisticated attacks.
The Underground World of Meta Brokers
Here's where things get really dark. We discovered this story through investigative reporting by Kathryn Blaze Baum from Canada's Globe and Mail, and it reveals just how broken Meta's support system has become.
Picture this: You're a wellness creator running a successful Instagram business. You wake up one morning and your account is gone—hacked, suspended, or simply inaccessible. You try Meta's official channels: fill out forms, upload selfies to prove your identity, wait... and wait... and wait. Nothing. Radio silence while your business is loses money.
Meet "Mo" - Your Friendly Neighborhood Meta Broker
This is where characters like "Mo" come in. Mo is what's called a Meta broker, a term coined by Kathryn Blaze Baum. He operates in the shadows of the internet, offering a service that shouldn't need to exist: getting your hacked social media accounts back.
Here's how the scam works:
Mo has connections with insiders at Meta who have access to something called the "OOPS" system (Online Operations System). This internal tool is supposed to be used by Meta employees to help consultants, family, and friends with their account issues. But Mo's inside source abuses this system, putting in tickets to restore accounts for paying customers.
The cost? Anywhere from $1,000 to $6,000, payable in cash or crypto (because of course it is).
Meta Knows About This—And They Don't Care Enough to Fix It
Here's the most infuriating part: Meta is fully aware this underground economy exists. They've filed lawsuits in multiple jurisdictions trying to shut down these brokers. They've taken Mo and others to court, spending who knows how much on legal fees.
But here's what they haven't done: fixed their front-door customer service problem.
Think about the irony here. Meta has enough resources to track down underground brokers and drag them into courtrooms, but they can't create a functioning system for legitimate business owners to recover their accounts. They'd rather fight the symptom than cure the disease.
Even their paid "Meta Verified" service—which costs $15 to $350 per month—offers no real help when accounts get compromised. Entrepreneurs who were paying for this premium service still had to wait weeks with no response when their accounts went down.
The Whack-a-Mole Security Game
One text message intercepted during Kathryn Blaze Baum’s investigation really drives home how widespread this problem is. A Meta insider told one of the brokers: "We got to slow down. I've recovered 12 accounts this week and there was an internal security warning that went off in the system."
Twelve accounts in one week. From just one insider. Imagine how many people are getting exploited across this entire network.
The most maddening part? We understand why people use these services. When you're an influencer, course creator, or wellness practitioner who depends on social media for your livelihood, losing access isn't just inconvenient—it's potentially business-ending. If going through proper channels means weeks of silence while your launch fails or your audience forgets you exist, paying a few thousand dollars starts to look reasonable.
But it shouldn't have to be this way.
The Brand Partnership Phishing Epidemic
The second major threat we're seeing specifically targets influencers and content creators. We've heard three separate stories in just the past ten days of creators getting completely wiped out by sophisticated phishing schemes disguised as brand partnership opportunities.
How the Scam Works
The setup is brilliant in its simplicity. Someone impersonating a legitimate brand or agency reaches out about a collaboration opportunity. They might say they represent a major company and want to sponsor your content or partner with you on a campaign.
The initial contact looks professional. They use real brand names, sometimes even hijacked email domains that appear legitimate at first glance. They'll say something like: "We'd love to collaborate with you! Click here to schedule a meeting to discuss the partnership details."
That link is where everything goes wrong.
The Devastating Results
In one case we know of, a creator lost their entire Facebook account and business after clicking one of these malicious links. Another had their YouTube channel—their primary income source—completely compromised.
But the most heartbreaking story involves a creator whose payment processor got hacked. The scammer gained access to their payment processor (we believe Stripe but this is unconfirmed), changed the bank account information to redirect funds to their own account, then charged tens of thousands of dollars—upwards of $50,000—to the creator's client credit cards.
Imagine trying to explain to your clients that charges appearing on their cards weren't authorized by you, that someone else gained access to your payment system and stole their money. The trust damage alone could end a business permanently.
Why This Targeting Works
These scams work because they exploit the very thing that makes our industry successful: relationships and trust. As wellness creators, we're used to collaboration. We expect partnership opportunities. We want to say yes to growth opportunities.
The scammers understand this psychology perfectly. They're not sending generic "You've won the lottery!" emails anymore. They're crafting personalized messages that speak directly to our business goals and aspirations.
The Email Apocalypse
One of us has over 24,000 unopened emails in a single inbox because the flood of spam and automated outreach has become completely unmanageable. When legitimate communication gets buried under this avalanche of garbage, everyone loses.
This has completely changed our approach to email marketing too. The old advice was to make your emails look like they came from a friend—plain text, no branding, casual tone. Now that's terrible advice because that's exactly what all the scammy stuff looks like.
We only open branded emails now. If it's from a creator or company we recognize, with their logo and professional design, we might actually read it. But plain text emails from unfamiliar senders? Straight to the trash.
What AI Means for Future Security Threats
We recently listened to an interview with someone called "the Godfather of AI"—one of the original researchers who worked on this technology at Google. When asked about his biggest fears for the future, he said something chilling:
Right now, all these scams and hacks are created by humans thinking about how to exploit other humans. But what happens when AI starts designing the scams?
Think about it: AI that can analyze millions of data points about your online behavior, craft perfectly personalized phishing emails, and execute attacks that no human would have thought of. We're already seeing hackers collaborate with AI to become more sophisticated. This is just the beginning.
This expert was so concerned about digital security that he keeps his money spread across multiple banks in different countries, specifically favoring Canadian banks because of their regulatory environment. When someone at that level of technological understanding is taking those precautions, the rest of us should be paying attention.
Practical Security Measures You Need to Implement Now
Given this landscape, here's what we need to do to protect ourselves:
Password Management
Forget everything you thought you knew about "strong" passwords. AI can now run calculations to try millions of password combinations easily. The most important thing isn't complexity—it's frequency of change.
Get into the habit of changing your important passwords at least once a month. Yes, it's annoying. Yes, it's one more thing to remember. But it's better than having to explain to your clients why their credit cards got charged for services they didn't receive.
Most of us probably have some information floating around on the dark web already—that's just the reality of living online. The key is making sure that old, compromised password isn't what you're still using for your important accounts.
Two-Factor Authentication (But Not the Kind You Think)
Here's something crucial: SMS-based two-factor authentication (where they text you a code) is no longer secure. Hackers can now spoof phone numbers and intercept these messages relatively easily.
Switch to app-based two-factor authentication immediately. We recommend Authy, though Google Authenticator works too. These apps generate codes locally on your device rather than sending them through potentially vulnerable communication channels.
Many sophisticated business tools have required app-based two-factor authentication for years precisely because they recognized the phone number method wasn't secure enough. It's time the rest of us caught up.
The New Rules of Email Engagement
We've had to completely change how we interact with email:
Never click links in emails from unknown senders. Even if you're interested in what they're offering, go to Google and search for their company directly.
Don't even click website links in email signatures from cold outreach. If someone reaches out about a legitimate opportunity, Google their company name and look up their contact information independently.
Make your own email links ugly and transparent. Stop hiding URLs behind pretty text. Let people see exactly where you're sending them so they can type it in manually if they prefer.
When in doubt, don't engage. The cost of being wrong is too high.
Brand Partnership Verification
If someone reaches out about a collaboration:
Don't click any links in their initial email
Google the brand or agency they claim to represent
Look up the contact information on the official website
Reach out through official channels to verify the person actually works there
Only then consider engaging with the opportunity
Yes, this makes legitimate partnerships more cumbersome. But it's better than losing your entire business to a sophisticated scam.
The Sad State of Platform Security
What's most frustrating about all of this is how little the major platforms seem to care about protecting the creators who make their ecosystems valuable.
Meta would rather spend money on lawyers than customer service representatives. Payment processors are playing constant defense against increasingly sophisticated attacks. And through it all, we're the ones bearing the real cost—not just financially, but in terms of lost trust, damaged relationships, and the constant stress of operating in an unsafe environment.
These platforms have unprecedented amounts of data about all of us. They know when we log in, where we log in from, what devices we use, and what our normal behavior patterns look like. Yet somehow they can't figure out who their inside sources are or provide adequate support when legitimate users get compromised.
It's not that they can't solve these problems. It's that solving them isn't a priority compared to whatever shiny new AI project is commanding their attention this quarter.
Building Trust in an Untrustworthy World
Despite all this doom and gloom, there is a silver lining: authentic creators and brands who've built real relationships with their audiences are becoming more valuable, not less.
When everything else feels suspicious and unreliable, people gravitate toward the voices they already know and trust. This is actually an opportunity for established wellness creators to deepen their relationships with their communities.
The key is leaning into transparency and authenticity in ways that clearly distinguish you from the scammers:
Use consistent branding across all platforms
Share behind-the-scenes content that shows the real human behind the business
Be upfront about your security practices and encourage your audience to verify communications
Build direct relationships that don't depend entirely on social media platforms
The Bottom Line
We're living through a fundamental shift in how online business operates. The trust-based, optimistic environment that allowed our industry to flourish is under siege from increasingly sophisticated bad actors who see our success as an opportunity to exploit.
The platforms we depend on have shown they're more interested in their next billion-dollar AI acquisition than in protecting the creators who built their value in the first place. Meta brokers charging thousands to do what customer service should handle for free. Stripe accounts getting hijacked to steal from clients. AI-powered scams that we can't even imagine yet.
This isn't the future we wanted, but it's the reality we're operating in.
The wellness creators who thrive in this environment will be the ones who adapt quickly, implement strong security practices, and focus on building unshakeable trust with their communities. We can't control what the platforms do, but we can control how we protect ourselves and our businesses.
Stay suspicious, stay secure, and remember: in a world full of fake partnerships and underground account brokers, authentic relationships become your most valuable asset.
The hackers are getting smarter, but so are we. And ultimately, that's going to have to be enough.
RESOURCES:
Marvelous Software Platform
Well Well Well Marketplace
Marvelous is Your All-in-One Platform for Stunning Courses, Memberships & Live Classes
Start creating and earning on Marvelous.
