I’m seeing Facebook hacked more often. It’s not an alarming increase, but you should be aware of and prepared for it.
Much like email, it’s not that uncommon for someone, somewhere to gain access to a Facebook account and use it to post spam or worse. Sometimes, the account password is changed. Sometimes not. Sometimes, traces are left. Sometimes not.
Sometimes, the entire account is destroyed.
If you think that’s happened to you, here’s what you need to do next…
1. Recover your account
Login to your Facebook account right away.
If you can, consider yourself very lucky and proceed to step 2.
If you can’t login even though you know that you’re using the correct password, then it’s likely that the hacker has already changed your password.
Proceed to my article: How do I recover my Facebook log in password? Facebook includes several recovery options provided that you set them up beforehand. These may allow you to regain control of your account and reset your password.
If that recovery method doesn’t work – perhaps because the hacker has also altered all of the recovery information that might be used, you don’t recall the answers, or you never set up any recovery information in the first place – Facebook does have a couple of additional approaches to try.
Get Help From Friends is a technique where you tell Facebook the names of a few friends whom you’re connected with on Facebook. Facebook then sends them recovery information, which you then collect from them and provide to Facebook to recover your account.
If your account really is hacked and you’re unable to regain access, you should report it to Facebook as being hacked by visiting this URL: http://www.facebook.com/hacked. That will also provide additional steps to attempt to regain access to your account.
Important: If you cannot recover access to your account, then it is now someone else’s account. It is now the hacker’s account. Unless you’ve backed up, everything in it is gone forever and you can skip the next two items. You’ll need to set up a new account from scratch.
2. Change your password
Whether you regain access to your account or you never lost it, you should immediately change your password.
As always, make sure that it’s a good password: easy to remember, difficult to guess, and long. In fact, the longer the better. Make sure your new password is at least 10 characters or more (ideally 12 or more). While I couldn’t find a definitive answer on the maximum length allowed by Facebook, I’ve seen anecdotal evidence that passwords of at least 50 characters work.
But don’t stop here. Changing your password is not enough.
3. Change (or set) your recovery information
While the hacker had access to your Facebook account, they may elect to leave your password alone. That way, chances are you won’t notice that the account has been hacked for a while longer.
But whether they changed your password or not, they may very well have gone in and changed the recovery information.
The reason is simple: when you finally do get around to changing your password, the hacker can follow the “I forgot my password” steps and reset the password out from underneath you using the recovery information that he collected or set.
Thus, you need to check all of it and change much of it … and right away.
Change the answer to your security question. The answer that you choose doesn’t have to match the question (you might say that your mother’s place of birth was “constitution”, for example). All that matters is that the answer that you give matches the answer that you set here if you ever need to recover your account.
Check the email addresses associated with your Facebook account and remove any that you don’t recognize or are no longer accessible to you. The hacker could have added his own. Make sure that all of the email addresses are accounts that belong to you and that you have and will continue to be able to access.
Check the mobile phone number associated with the account. The hacker could have set their own. Remove any that you don’t recognize and make sure that if a phone number is provided, it’s yours and no one else’s.
Overlooking information that could be used for account recovery could allow the hacker to easily hack back in. And of course, failing to set any recovery information dramatically lessens the chances of you recovering a hacked account, so make sure to take the time to carefully review and/or set up this information.
4. Let your contacts know
Some may disagree with me, but I recommend letting your friends know that your account was hacked, particularly if your account was posting spam while out of your control.
I believe it’s important to notify your contacts, so that they know not to pay attention to posts made while the account was hacked and to be on the lookout for phishing attempts using information that the hacker may have gathered from your account while they had access to it.
5. Learn from the experience
One of the most important lessons to learn from the experience is to consider all of the ways that your account could have been hacked and then take appropriate steps to protect yourself from a repeat occurrence in the future.
- Use long passwords that can’t be guessed and don’t share them with anyone.
- Don’t fall for email phishing attempts. If they ask for your password, they are bogus.
- Don’t share your password with anyone.
- Don’t click links in email that are not 100% certain of. Many phishing attempts lead you to to bogus sites that ask you to login and then steal your password when you try.
- If you’re using WiFi hotspots, learn to use them safely.
- Keep the operating system and other software on your machine up-to-date and run up-to-date anti-malware tools.
- Learn to use the internet safely.
- Consider enabling Facebook login approvals where simply knowing the password is not enough to gain access to an unrecognized computer. With this form of two-factor authentication, you’ll need to associate a mobile device which will receive a special code that you’ll need to enter whenever logging into a new or untrusted computer.
If you are fortunate enough to be able to identify exactly how your password was compromised (it’s not common), then absolutely take measures so that it never happens again.
6. If you’re not sure, get help
…you and I are ultimately responsible for our own security.
While you’re at it, find someone who can help you set up a more secure system for your account and can advise you on the steps that you need to take to prevent this from happening again.
And then follow those steps.
The reality is that you and I are ultimately responsible for our own security. That means taking the time to learn and set things up securely.
Yes, additional security can be seen as an inconvenience. In my opinion, dealing with a hacked account is significantly more inconvenient. It’s worth the trouble to do things right.
If that’s still too much … well … expect your account to get hacked again.