Cyber Incident Victim: ElephantVoices
Date:
Jul 2025
Location:
United States of America
Summary
ElephantVoices and Save the Elephants experienced coordinated cyber attacks compromising their official Facebook pages. Attackers used social engineering, posing as representatives of US podcasts to gain unauthorized access under false pretenses. This resulted in the organizations losing control of their pages and suffering a significant loss of direct communication access to their large supporter base. Both groups are actively working with Meta to regain control of the compromised accounts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Between approximately June 10 and July 1, 2025, the official Facebook pages of ElephantVoices and Save the Elephants were compromised in a cyber attack. The attackers employed an elaborate and well-planned scheme, posing as representatives of established podcasts based in the United States. This impersonation tactic was used to gain unauthorized access to the organizations' Facebook accounts under false pretenses. The compromise severed the direct connection both organizations maintained with hundreds of thousands of dedicated supporters through the Facebook platform. This disruption hindered their primary communication channel for sharing information and mobilizing support for elephant conservation efforts. The attackers' actions created significant concern within the organizations regarding potential misuse of the compromised accounts.
Upon discovering the compromise, ElephantVoices and Save the Elephants immediately engaged with Meta, the parent company of Facebook, to resolve the situation and regain control of their accounts. They publicly acknowledged the incident on July 1, 2025, expressing deep disturbance over the breach and regret for any inconvenience caused to their supporters. Concurrently, the organizations implemented internal security enhancements, strengthening their systems and establishing new protocols designed to prevent similar incidents in the future. They issued urgent warnings to their followers, advising extreme caution regarding any messages received on Facebook claiming to be from either organization, particularly those soliciting donations, and instructed followers to report such messages directly. Furthermore, they proactively alerted fellow conservation non-governmental organizations (NGOs) to be wary of podcast-related requests, especially those originating from Gmail accounts, recommending direct verification with the podcast through alternative channels before engagement. To maintain communication with supporters during the Facebook page recovery, ElephantVoices and Save the Elephants directed followers to their verified Instagram and LinkedIn accounts, as well as their official websites and designated email addresses.