Arnold's Bar & Grill's Facebook account was hacked over the weekend in what owner Chris Breeden says is a scheme that has targeted several Cincinnati small businesses.
According to Breeden, he received a notification Friday that someone in Los Angeles had logged into his personal Facebook account. Minutes later, he was alerted that an unknown user had accepted his friend request.
"I went in and unfriended that person and removed everyone that was logged in," he said.
Breeden also changed his password. However, the user was added back as a friend, and the next morning, Breeden was locked out of his personal Facebook account, Instagram and the Arnold's Bar & Grill business page for violating Facebook's terms of service.
Downtown:Paris Baguette to open first Ohio location in Cincinnati
Scams:Nationwide foreclosure relief scam 'took advantage of folks' financial despair'
The small business owner says two of his credit cards, which were linked to Facebook to pay for Arnold's Bar & Grill advertising, were charged a total of $2,800. Two of four fraudulent charges were flagged by his bank before going through, and he was reimbursed for the other two.
As of Tuesday, the Downtown bar's Facebook page is visible online, but Breeden says he can't log into it. The Arnold's Bar & Grill account on Instagram, which is owned by the Facebook parent company Meta, has been taken down.
Multiple Cincinnati restaurants have been targeted
Breeden believes what happened to him is part of a hacking scheme that has hit multiple small businesses around the country. Hackers can gain access to a user's Facebook account, add themselves as an administrator for their business page and make purchases with linked credit cards or PayPal accounts, according to a Reddit page dedicated to the issue. The hackers quickly block users from regaining entry to their account by posting explicit or copyrighted content, getting the page taken down by Facebook.
Crown Restaurant Group, which owns Losanti, Crown Republic Gastropub, Crown Cantina and Rosie's Italian, experienced similar hacking issues in October.
Hayley Sitek, the group's co-owner and social media manager, said she was notified on Oct. 18 that one of the restaurants' posts had violated Facebook's terms of service. After contesting the ban, her personal Facebook account was hacked, and she was locked out of all four restaurants' Instagram profiles.
"You merge these accounts together and it's advertised to make your life easier, but as soon as you connect them, they can take you down," she told The Enquirer.
The restaurants' Facebook pages were able to remain active because they had an administrator besides Sitek who could still access them, she said. Sitek didn't save any credit card information to the business pages because she manages multiple accounts, so no fraudulent charges were made.
However, the restaurants' Instagram pages and Sitek's personal account were permanently removed, but she was able to create new pages for the businesses last week following a 30-day ban.
Breeden said he has connected with 10 local businesses, including Crown Restaurant Group's, that have been targeted, seven of which were hacked within the past two months.
One business, bar and music venue the Belle & the Bear, said in a post it was forced to create new Facebook and Instagram pages after being hacked in September. Breeden also said Via Vite, which is owned by Cristian Pietoso, was affected by a hack. Via Vite, as well as Forno Osteria & Bar, one of Pietoso's other establishments, began inexplicably posting out-of-place movie clips on Facebook in the past few weeks.
The Enquirer has reached out to Pietoso and other restaurant owners who might have been affected but did not hear back.
For small business owners, losing access to social media is "instantly crippling," Breeden said, especially amidst the holiday season.
"We have a large Facebook presence that I've been working for over a decade to build," he said. "We have our holiday show that we do with OTRimprov coming up, and I have no way to promote it."
Breeden has begun Facebook's appeal process to regain access to his account. He plans to contact the Cincinnati City Council and Ohio attorney general with a list of local businesses that have been targeted.
The Enquirer will continue updating this story as we get more information.