Facebook removes ‘coordinated inauthentic behaviour’ targeting Princess Eugenie

Facebook said it has taken action on “coordinated inauthentic behaviour” originating from Iran, which included accounts posting about the royal family and US President Donald Trump.

Some 51 Facebook accounts, 36 pages, seven groups and three Instagram accounts were removed, targeting public figures and politics in the UK and US, as well as the US secessionist movements, Islam, Arab minorities in Iran and the influence of Saudi Arabia in the Middle East, the social network said.

A photo of Princess Eugenie marrying Jack Brooksbank with homeless people edited into the image was used by one page, claiming that the princess “expects the taxpayer to subsidise her dream wedding, while food banks are over run”, in an apparent attempt to stir up tensions among the British public.

Edited photo of Princess Eugenie and Jack Brooksbank alongside homeless people
Edited photo of Princess Eugenie and Jack Brooksbank alongside homeless people

Meanwhile, a video of Mr Trump joining a ceremonial sword dance in Saudi Arabia was also distributed with suspected malicious intent.

The people behind the activity misled people about who they are and their intentions, Facebook explained in a blog post, sometimes representing themselves as journalists.

“We’re constantly working to detect and stop this type of activity because we don’t want our services to be used to manipulate people,” said Nathaniel Gleicher, Facebook’s head of cybersecurity.

“Policy, as is always the case with these takedowns, is we’re removing these pages, groups and accounts based on their behaviour, not the content they posted.”


Around 21,000 accounts followed one or more of the pages involved, while approximately 1,900 accounts joined one or more groups and about 2,600 followed at least one of the Instagram accounts.

“Based on a tip shared by FireEye, a US cybersecurity firm, we conducted an internal investigation into suspected Iran-linked coordinated inauthentic behaviour and identified this activity,” Mr Gleicher continued.

“We’ve shared our analysis with law enforcement, policymakers and industry partners.”

Last month it was reported that Iran carried out a number of cyber attacks on the Post Office and the UK’s local government networks in the lead-up to Christmas.