Chances are that you, like around 2.93 billion others worldwide, use Facebook. And if you’re concerned about your online safety and privacy when you’re on the popular social media site, you’re not alone either. How safe is your profile and all the data it stores, and what should you do if you suspect that your account has been hacked? In fact, how would you even know? If you’re ever wary about whether your account has been compromised, we’ve prepared answers to common questions below. Knowledge is power—plus it’s always worth remembering that it’s often our own behavior that makes us vulnerable.
How do I find out if my Facebook account was hacked?
So, you didn’t post details promoting that dodgy “work from home” scheme? If you see activity you don’t recognize in your account, it’s a sign you may have been hacked. Perhaps your email, birthday, name, password, or other profile information has been changed. You could have new friends that you didn’t send requests to, and your existing contacts are receiving messages that you didn’t write. Posts could also be popping up on your timeline that you didn’t post, and your friends may report a duplicate account in your name that you didn’t create. Emails from Facebook alerting you to login attempts on strange devices are another red flag.
Fortunately, you can easily see a list of the devices which have been used to log into your account. If you’re concerned, do this: Log in to your Facebook account and click on the arrow or profile picture in the upper right-hand corner to open the menu. Then:
- Click on Settings & Privacy -> Settings.
- In the left-hand menu, click on Security and Login and Where You’re Logged In will appear.
- Check all the devices that have logged into your account and from what locations. If you see an unfamiliar device or location, then your account may have been hacked.
- Click on the Not You? option next to the suspicious login and then click on Secure Account and follow the steps.
Remember that a Facebook profile can be hacked just like any other online account, so the same online safety rules apply. Did you sign in on an unsecure network or didn’t sign out of your account on a shared device? Don’t serve up your credentials and make life easy for hackers!
Help! My Facebook account has been hacked? What now?
It’s essential to act fast to recover a hacked Facebook account. Hackers could be reading your private messages, deleting your personal information, or trying to scam your friends. Take these urgent eight steps.
- Check which devices have been used to access your account by following the steps in the previous list above. If anything appears suspicious, immediately click the Log Out of All Sessions option in the lower right-hand corner.
- Change your password and add screen locks to your devices to prevent anyone taking even a quick peek. Follow these steps in the Facebook Help Centre.
- If you can’t log in, report your Facebook account as hacked at https://www.facebook.com/hacked/, because it may mean that you’re the victim of a Facebook hacker’s attack and they have changed your password. Facebook will prompt you to type in the phone number or email you used to open the account and then help you regain access. They’ll also ask how you think your account was hacked and then walk you through the security procedures.
- Warn friends and followers and keep a close eye on your Facebook account. If you don’t have access to your account after a hack, ask a trusted Facebook friend to log in to their account and then click on yours to see if your name, profile picture, or email have changed. Always inform your Facebook friends and followers of a hack! A hacker could contact them to ask for personal details or even send links infected with malware. Advise them not to respond to any messages or posts (not) made by “you” and to secure their own accounts.
- Change your other passwords. Far too many of us use our Facebook password for other apps, so while you’re at it, change all those passwords too. A password manager can help generate strong, unique passwords and even stores them for you. The best passwords contain a random string of upper- and lower-case letters, numbers, and special characters. Stay clear of birthdays, pets’ names, and anything that could be guessed by browsing through your profile!
- Strengthen your login access now to help avoid needing to fix a hacked Facebook account later. Facebook offers two-factor authentication, so when someone logs in, a code is sent to your mobile phone to verify it’s you. To enable two-factor authentication, go to Settings & privacy -> Settings -> Security and Login. Then scroll down to find Two-Factor Authentication.
- Double-check all app permissions. Go to your apps and review who has access to your Facebook account. If there are any apps you don’t recognize or no longer use, revoke their access. You’ll find a list of these apps under Settings & privacy -> Settings -> Apps and Websites.
- Review your privacy settings. Facebook has a helpful checklist to get you started. Navigate to Settings & privacy -> Privacy Checkup.
My Facebook account was deleted after a hacker attack! What are my options?
A hacked account is frustrating enough, but some cybercriminals go further and delete the account altogether. If you act quickly enough, you can resurrect yourself. That’s because Facebook doesn’t kill you off entirely at first but makes your account invisible for 30 days. Use this window of time to reclaim your account. If the hacker has changed your password but hasn’t changed your email yet, you’ll receive an email from Facebook alerting you of a suspicious login. Click on the Secure your account link in the email to recover your account. Alternatively, you can still try and log in. Click Forgot Password in the login screen.
You’ll receive an email with a six-digit code and can use this to log in. You’ll then be prompted to create a new password—and the hacker will be locked out! Once you’ve created a (new, unique, strong) password, you’ll receive a notification telling you when your account is scheduled for deletion. Cancel the deletion. Phew, that was close… If the hacker was more thorough and deleted your email, you can still try and log in using your mobile number and you’ll receive a security code via SMS.
However, if more than 30 days have passed since your account was deleted, then there’s no way to retrieve it. You’ll have to create a new profile and embrace it as a blank canvas and fresh new start… or do a digital de-tox and leave Facebook altogether. It’s worth remembering that if you ever want to delete your own account, the same applies: You’ll have a 30-day cooling off period, but after that it’s gone for good.
Who can hack Facebook and am I at risk?
Anyone on Facebook is potentially at risk. As it’s the world’s biggest social networking site, it’s a popular destination for cybercriminals too. Hackers have several tricks up their virtual sleeves, but the most common way that accounts are compromised is by tricking you into divulging your login details. When a hacker “fishes” for your information by sending out a fake email or message, that’s phishing. A popular phishing technique for Facebook involves sending out an email (ostensibly from Facebook) asking you to log in. When you click on the link, you’re directed to a portal that looks identical to Facebook’s login page. Enter your email and password and you’re handing them to the hacker for future use.
A Messenger message pops up: “OMG! Guess who died?”, with a link. Click on it at your peril as it could be laced with malware like a keylogger program. Keylogging is a particularly sneaky hacking technique. The software infects your device and then records everything that you type, including confidential information like passwords and banking details. These are a potential treasure trove for cybercriminals and a keylogging attack can easily result in identity theft. Another common type of malware are info-stealers and there are no prizes for guessing what they’re up to. Yes, these bugs steal personal information, including your Facebook username and password.
So, we see that some hackers operate as thieves. Others are masters of disguise. Are you a fan of public Wi-Fi? It’s convenient, but beware of sidejacking, when someone steals your legitimate access to a website and impersonates you. To sidejack access, the hacker (or “bad actor”) uses a packet sniffer to obtain an unencrypted cookie that grants access to the site. This cloud has a silver lining though: Once you log off, the hacker loses access, as they never obtained your login details. Potentially uglier is Domain Name Server (DNS) spoofing. This cyberattack redirects online traffic to a fraudulent website that looks like the real thing. Here you’re prompted to log into what you believe to be your account, and then the perpetrator steals your access details.
Attackers can also be silent eavesdroppers. During a man-in-the-middle (MitM) attack, the cyberattacker positions themselves between your device and the legitimate host that you’re connecting to. Here they can disrupt communications, spy on you, and steal login credentials (there goes your Facebook account, again).
That USB drive sitting on your desk may look innocent… but is it? A USB can download an infected file from someone’s laptop, then transfer it to yours. In early 2022 it was reported that a cybercrime group was mailing out USB sticks. Once plugged in, they installed malware onto the target PCs and then moved laterally across networks. Groups of connected, hijacked computers used to carry out various scams and cyberattacks are called botnets. Don’t unwittingly turn your device into a bot that’s possibly helping cybercriminals hack into other people’s Facebook accounts…
How can I protect myself from hacker attacks in the future?
Facebook offers a range of tools to help keep your account safer. It’s a question of remembering to check your current privacy and login settings and switching on the right features. Enabling two-factor authentication is a good start. Even if a thief has your laptop, they’ll need your mobile too if they want to access your Facebook. Always use a complex password that’s not based on information that a hacker might guess and change it regularly just in case there’s been a data breach. It’s worth noting that Facebook’s Trusted Contacts is no longer supported. This means that your chosen friends can’t help you get back on Facebook if you lose access to your account. Make sure that your email address and phone number are up to date in your account settings.
Another vital step is to make sure your Facebook content is only shown to people you know and trust. Browse the Privacy Centre (Settings & Privacy -> Privacy Centre) to set who you interact with and what you share with them.
Also consider cutting off third-party apps to gain greater control over your data. Here’s a reminder: See Settings & Privacy and then click on Apps and Websites to view and amend who gets to see those pictures of your Ibiza holiday, and so much more… And always stay on the ball! Monitor login and account activity so that no-one can sneakily act on your behalf and be ultra-wary of emails and messages. Check and double check the sender before clicking on links or attachments.
Protect your digital life
Safeguarding your Facebook account should be part of your wider cybersecurity strategy.
Use a reputable online security solution, like Avira Free Antivirus, which offers real-time protection against a range of malware, including infected attachments. Plus, make sure that your software and online security are always current, to avoid cybercriminals exploiting vulnerabilities in aging systems. Some providers offer more comprehensive online protection solutions, which include a password manager and the added privacy of VPN. Consider subscribing to Avira Prime as part of your online defense strategy.