10+ Cincy restaurants caught in nationwide hack targeting small businesses

It’s hitting the restaurants hardest just before the holidays.
Hackers target Cincinnati restaurants' social media accounts
Published: Dec. 6, 2022 at 5:58 PM EST

CINCINNATI (WXIX) - Hackers appear to be targeting the social media accounts of local restaurants with the potential of costing the businesses hundreds of thousands of dollars.

That is according to Chris Breeden, owner of Arnold’s Bar and Grill, the oldest restaurant in the Tri-State.

Breeden says he cannot access his personal or business social media accounts due to the hack.

“It appears that they’re using it to run ads overseas,” Breeden said.

In a Reddit post Monday night, Breeden linked to an Ars Technica report describing the sophisticated hack targeting small businesses ahead of the holidays.

The report describes the hack as follows:

“A hacker gains access to a Meta [Facebook] account, then adds their account to the business owner’s ad account before removing the original account owner. At that point, the hacker has taken over the ad account completely. Then, the hacker moves quickly to knock the original user off Meta before they notice the ad account has been commandeered. To do this, the hacker posts inappropriate content like pornography, which quickly prompts Meta content moderators to disable the original account. Once an account is disabled, small-business owners told Ars, they are “in an impossible position,” [...]Many business owners told Ars that any attempts to appeal Meta’s decisions are repeatedly rejected.”

Breeden says in the post Arnold has been hit as well as Crown Republic, Losanti, Crown Cantina, Rosie’s Italian, Carriage House Farms, Via Vite and Birdcage. Tuesday he added Belle and Bear and the Lonely Pine Steakhouse.

Those are just the ones Breeden knows about.

The restaurants have all been hit since October.

Breeden says the hackers were able to get ahold of his credit card information because it’s on file on his business Facebook page.

He admits his social media passwords could have been stronger and that they were likely what made him a target.

He says everyone can still see the Arnold’s Facebook page, he just can’t access it. Clicking on a link to his Instagram page, meanwhile, brings up an error message.

It began with a warning message that the hackers were in his account.

“I blocked them,” he explained. “I changed my password and I still got hacked.”

Not having access to his accounts not only hurts the restaurant, Breeden says, it also hurts the nonprofits he likes to promote.

“It’s really hard,” he said. “Like, we have Christmas plays coming up that we do with OTR Improv, and I can’t promote them at all. We have a very large following on Facebook and Instagram, and it hurts us quite a bit not to be able to promote during the holidays.”

Breeden says if he can’t have access to his sites where he advertises his restaurant, it will cost him hundred of thousands of dollars.

He is sending letters to Cincinnati City Council and Ohio Attorney General Dave Yost to plead for help.

See a spelling or grammar error in our story? Please include the title when you click here to report it.