Facebook recently experienced its biggest security and data breach ever. Do you think your Facebook account has been hacked? If so, act wisely!
A stranger could have access to your private messages, contact your friends, abuse your Facebook page, and delete your personal information. They could also lock you out of your Facebook account forever. While you can’t get stolen information back, you can prevent them from stealing your account.
The most important thing now is to not panic. If you did some things right, you can regain access to your Facebook account. We’ll show you how.
Note: If you’re using Facebook to log into other applications, like Spotify or Instagram, those may be affected by the 2018 data breach. So even if you don’t care about your Facebook account, we strongly recommend changing the respective logins or tightening your Facebook security to secure these third-party accounts.
How to Know If Your Facebook Account Was Hacked
So how do you know your Facebook account was hacked if nothing obvious has changed yet? If a Facebook hacker managed to get into your account, they will leave a trace.
Log into your Facebook account and click the arrowhead in the top right to expand a menu. From the menu, pick Settings and go to Security and Login or just use this direct link.
At the very top, you’ll see a list of devices from which you’ve most recently logged into your Facebook account and when they were active.
Click See More to expand that list and review older sessions. If you spot any suspicious activity in your logins, here’s what you need to do, in the following order…
1a. Change Your Facebook Password
In case your Facebook hacker hasn’t changed your password, you got lucky! This is the time to update your password before you log out suspicious sessions (you don’t want to alert the hacker). If it’s too late, head to step 1b.
Under Settings > Security and Login, scroll down to Login and click Change password. Enter your current password, set a strong new password (possibly using a password manager like LastPass), and click Save Changes.
After changing your password, scroll back up to Where You’re Logged In. Either Log Out of individual sessions by clicking the three vertical dots or click the Log Out Of All Sessions option in the bottom right after expanding the list. Do this only if you’re sure you can log back in.
We recommend logging out completely, provided your contact details and security settings are up to date. You don’t want to jeopardize your means of logging back in. If you’re unsure, manually log out all recent sessions that seem suspicious.
From here, proceed to Step 3 if you think that your account was abused.
1b. Reset Your Facebook Password
If the hacker did change your password and you can no longer log into your Facebook account, act quickly. Try to regain access. There is a Forgot your password? link underneath the Facebook login:
This will let you retrieve your password in several different ways. First, you’ll have to Find Your Account. You can either enter the email address you used to register with Facebook or any other secondary email address you added, as well as your phone number.
If Facebook can find your account, you can choose how to Reset Your Password.
In my case, Facebook offers to send a recovery code to any of the email addresses I added to my account. I highly recommend that you specify multiple backup email addresses. Remember that you must keep those accounts equally secure, at least by using a strong password and ideally by enabling two-factor authentication.
Use the No longer have access to these? link if that’s the case. Facebook will ask how they can reach you to verify your identity. This can take a while.
If you believe that the Facebook hacker who has access to your account has been abusing it, proceed to step 2.
2. Report the Facebook Hack
If your account wasn’t simply hacked, but is sending out ads and spam to your friends, you must report it as compromised.
You can also use this in case you lost access to your account by means of a hacking attack. Facebook will help you recover access to your account.
3. Remove Suspicious Applications
Oftentimes, it’s not an evil person that randomly hacked your account. You may just have granted access to a malicious Facebook application which subsequently hijacked your account.
To remove suspicious applications, go to Settings > Apps and Websites and go through the list. Click Show All on all Active Apps and Websites, set a checkmark on apps or websites you’d like to remove, click the Remove button in the top right, and confirm whether you’d also like to “delete all posts, photos and videos on Facebook” from these sources.
Alternatively, click the View and Edit link and change the app’s permissions, which includes options like app visibility, access to your personal information, and actions it can take.
4. Engage Damage Control
After doing everything you can to regain control over your hacked Facebook account and preventing further damage, inform your friends about what is going on.
This is a precautionary step in case the hacker has been abusing your account. If you presently can’t access your account, contact your Facebook friends through other social networks, by email, or have a mutual friend inform them via Facebook.
Improving Facebook’s Privacy and Security Settings
Once you’re back in control, we highly recommend that you review your Facebook settings.
- Under Settings > General, update your contact details, add additional email addresses or mobile phone numbers you have access to. Likewise, remove those you no longer have access to.
- Head to Settings > Security and Login to set up extra security measures, including alerts about unrecognized logins, two-factor authentication, and choose three to five trusted friends who can help you to recover your account should you get locked out.
- Under Settings > Privacy, choose the privacy settings you’re comfortable with. We recommend letting only friends see your future posts and retroactively limiting visibility of past posts.
Our previous article on how to secure your Facebook account takes you through all these steps and more. Note that the single most important security feature you can enable on any of your accounts is two-factor authentication. We strongly recommend that you lock down all social accounts that offer this feature.
How Do You Keep Your Facebook Account Safe?
Once you get hacked, you’re forced to learn about all the mistakes you made. And hopefully, you’ll never make them again. This is the time to learn about social engineering attacks and how to protect yourself against them. Hackers never stop evolving.
Concerned your Instagram account has been hacked too? Check out our guide on what to do.