Having your Facebook account hacked is a nightmare nowadays. Think of how much you depend on it. Many apps use your Facebook login as credentials for their sites—I can certainly think of at least a handful of phone apps I’ve used with a Facebook or Google login. Think of all the stuff someone could get into if they had hacked your Facebook account!
On top of that, think of how many ways a hacker could get to your entire friend and family network. Private messages with malicious links, abusing your Facebook page, deleting or gaining access to personal information (sometimes very personal)—all which could help someone further exploit your business connections or even compromise your business network.
Plain and simple. If your Facebook account is hacked, you should act quickly!
Act fast, but remember to not panic! You can regain access to your account.
Once it’s too late, however, you must act fast. The most important thing is – don’t panic! You can regain access to your account.
First off, how do you know your Facebook account was hacked to begin with? If nothing obvious changed? The hacker has likely left a couple of breadcrumbs around even if you don’t see anything obviously different on your account.
Figure out what devices logged in and from where. Go into your Facebook account and click the arrowhead in the top right corner to expand a menu. From the drop down menu, click on Settings then go to Security and Login.
At the top of the page, you’ll be able to see a list of devices most recently logged into your account, along with when they logged in.
You can expand the list by clicking on See More to view additional older sessions. If you spot any suspicious activity from devices or places you don’t recognize your account very well was breached. Note: in the event of credential leaks like the Facebook breach last week (that leaked 50 million passwords, including those of Facebook CEO Mark Zuckerberg and COO Sheryl Sandberg), it is a good idea to take proactive measures of changing that password.
But, in any event, here’s a list of steps you can take when your account is breached (the order counts here!):
Change your password—in the event that your password hasn’t been changed yet, you got lucky! This is the time to update your password before you log out any suspicious sessions (you don’t want to alert the hacker you know something’s up). If it’s too late, resort to resetting your password (see below).
Under Settings>Security Login, scroll down to Login and click Change password. Enter your current password and then set up a strong new password — click here for some tips on passwords. Remember to keep passwords in a password vault, like KeePass. Click Save Changes.
Scroll back up to where you’re logged in and Log Out of individual sessions by clicking the three vertical dots or click the Log Out Of All Sessions button in the bottom right after expanding the list. Note: Do this only if you are sure you can log back in.
I recommend logging out completely as long as your contact details are up to date.
We recommend logging out completely, provided your contact details and security settings are up to date. You don’t want to jeopardize your means of logging back in! If you’re unsure, manually log out all recent sessions that seem suspicious.
From here, go to Remove Suspicious Applications (see below).
Reset Your Password—if the hacker DID change your password, you won’t be able to log into your account. You must act quickly. There is a link beneath the Facebook login Forgot your password. It will let you retrieve your password in several different ways. First, you’ll have to Find Your Account, which you can do either by entering your email address registered to Facebook or any secondary email as well as your registered phone number.
In many cases, Facebook is able to send a recovery code to any email you listed. I suggest you specify multiple backup addresses in case something like this happens. Note: you will want to make sure that those accounts are equally secure—at very least by using a strong password.
If Facebook is able to find your account, you’ll be able to choose Reset Your Password.
If you have the misfortune of no longer having access to those email addresses, Facebook will ask you how to reach you to verify your identity. This may take a while.
If you see that the person that breached your account is abusing it, report the account as being compromised (see below).
Reporting a compromised account—if your account was hacked and is sending out ads or spam to friends, you must report it as being compromised. You can use this in case you lost access to your account through a hacking attack. Facebook will go through a lengthy process that ultimately will help you reclaim access to your account.
Remove suspicious applications—often when your account is hacked, it is often from malicious Facebook applications that have gained control of your account.
To remove suspicious applications, got to Settings>Apps and go through the list. Be sure to Show All, hover over the application you’d like to remove and then click the X and confirm by clicking Remove.
Assess The Damage—after taking the above steps to regain control of your account and prevent further damage, make sure to inform your friends what has happened (they may be in the same boat you’re in).
Improve your Facebook Privacy and Security—once you’re in control of your account, change your settings to ensure that nothing like this will happen again (do this even if your account wasn’t hacked or breached):
Update your contact details—under Settings>General, update your contact details and add addresses or mobile numbers you have access to. This will verify your identity more easily in case something like this happens again.
Set up extra security measures—go to Settings>Security and Login to set up security measures, including alerts about unrecognized logins, two-factor authentication, and choose a handful of friends that can help you recover your account by chance you get locked out.
Reevaluate your privacy settings—under Settings>Privacy, choose privacy settings that seem right for you. I’d recommend only letting close friends see your future posts and retroactively limiting visibility on past posts (so that criminals exploiting social engineering to target your businesses don’t glean more information to convince your team they’re really you).
Bottom Line: use common sense while online. If your Facebook account gets hacked, learn from your mistakes and take measures to make it harder to get hacked the first time. Knowing that Facebook DID get hacked, proactively change your password to ensure it is secure. Never use the same password—especially between social sites and work/ banking sites to ensure your sensitive information is safe.
We want to make sure you’re safe online. If you have any questions, feel free to call!
