Skip to content

The 7 First Steps To Take After Your Facebook Account is Hacked

Social media has become deeply ingrained in our lives, letting us connect with friends, express ourselves, and share updates on our world. With over 2.9 billion active users, Facebook is arguably the most ubiquitous and influential platform.

But that central role comes with risks. As a cybersecurity professional, I often caution people that where personal information goes, hackers will follow.

Facebook Accounts Are Prime Targets

Recent research indicates just how common Facebook hacks have become:

  • 63% of people use Facebook daily, meaning a huge amount of personal data is stored there
  • Almost 50% of Americans have dealt with a social media account hack
  • 15% have fallen victim specifically to Facebook account theft

With troves of private messages, photos, location check-ins and other intimate details centralized in one place, it‘s no wonder Facebook profiles tempt hackers.

Gaining access hands them ammunition to embarrass, blackmail, stalk or steal identities. Your contacts and reputation also make your account a launchpad to infiltrate others through viral scams.

So what exactly motivates these attacks?

Why Hackers Covet Your Facebook Account

Financial Gain

  • Accessing bank account info used for Facebook Payments
  • Credit card details if stored for ad subscriptions/promotions
  • Leveraging your identity and connections for wider phishing scams

Reputation Destruction

  • Posting inflammatory content to spark backlash from your connections
  • Messaging inappropriate content to contacts to disturb relationships

Spying

  • Monitoring private messages and posts for blackmail material
  • Tracking your posts to gather intelligence on your connections

Malware Distribution

  • Spamming viral links to contacts to spread infections farther

The motives vary, but the outcomes are always invasive and disruptive.

So when a Facebook account hack does occur, knowing how to respond swiftly limits the harm. The sooner you regain control, the less potential damage.

This guide will equip you to decisively act – starting with how to detect unauthorized access in the first place.

Detecting A Facebook Account Hack

Spotting something is amiss early allows you to slam the figurative door on hackers faster. Be alert for telltale signals like:

  • Password no longer working and account access denied
  • Unfamiliar devices or locations in login activity list
  • Strange posts or messages sent from your account
  • Friends receiving spam links or warnings about your profile
  • Emails from Facebook regarding changes you didn‘t request

Any of those suggest your account‘s security has been breached. Now let‘s explore how to decisively respond.

1. Try Logging In To Assess the Situation

Confirm whether hackers have infiltrated your Facebook account or fully locked you out by navigating to Facebook‘s login page and attempting to access your profile as usual.

There are two potential scenarios here:

You Can Still Enter Your Account

If your existing login credentials successfully grant access, hackers likely haven‘t changed them yet. This means vital opportunity to kick them out and do damage control.

Immediately check your session list under Security settings:

Facebook Security Settings Session List

Any unfamiliar devices or locations here indicate active hacker access. Terminate these right away by selecting "Not You?" to sever the session.

Then continue promptly to Step 2a below.

You‘re Completely Locked Out

If your known login credentials fail, hackers have already changed your password for a complete account takeover.

This worst case requires recovering access by resetting credentials rather than simple password change. You‘ll need to prove your identity to Facebook as the legitimate owner.

Facebook Login Reset Password

Select "Forgotten Password?" at the login screen to trigger Facebook‘s account recovery process. Expect to verify your identity via confirmation codes sent to your registered email or mobile number.

With access restored, jump immediately to Step 2b.

Either situation requires urgent action to evict intruders, as I‘ll now detail.

2a. Change Your Account Password

If you regained entry, seizing back exclusive access is crucial. The very first step is overwriting your existing password that hackers could still utilize.

On desktop:

  • Click your profile picture > Settings & Privacy > Settings > Security and Login > Change Password

On mobile:

  • Tap menu > Settings & Privacy > Password and Security > Change Password

When creating your new credentials, ensure they are:

  • At least 12 characters long
  • Completely unique from prior passwords
  • Mix upper and lower case letters, numbers and symbols

Enabling two-factor authentication after this provides important extra protection too.

With fresh login details that only you know, hackers‘ access is cut off. But more action is still needed to fully lock them out.

2b. Reset Your Account Password

Alternatively, if steps 1 revealed your password was already altered without your knowledge, account recovery tools become necessary.

The process will verify your identity and allow password reset via Facebook‘s trusted channels.

Common methods include:

  • Confirmation email link
  • Code sent to your registered mobile number
  • Answering security questions to prove the account is yours
  • Recognizing faces of Facebook friends

Follow all on-screen instructions carefully. Facebook may require multiple forms of identity confirmation given the high security risk.

With account access restored, immediately change that temporary password. Apply the strong, unique new credentials approach advised above.

3. Remove Suspicious Apps and Websites

Hackers often infiltrate Facebook accounts indirectly at first – via apps connected through single sign-on. This grants wide account permissions that can enable takeovers.

Scrutinize authorized apps under Security > Apps and Websites:

Facebook App and Website Settings

Watch for:

  • Anything you don‘t remember ever adding
  • Apps seeking unnecessary account permissions
  • Names similar to popular services attempting to trick you

Remove anything that raises flags by selecting "Remove". This withdraws its access to your account, cutting off a potential vulnerability.

4. Log Out Everywhere

After resetting passwords, any hacker session could still stay authenticated on certain devices. Completely ending all active sessions resolves this.

On desktop:

  • Click Profile Picture > Settings & Privacy > Security > Log out of all sessions

On mobile:

  • Tap Menu > Settings & Privacy > Security > Logged in with Facebook > Log out of all sessions

This instantly expires any lingering unauthorized Facebook logins across all browsers and apps on your phone, tablet or computer.

Double check your session list afterwards. Only devices you intentionally sign back into should now appear.

5. Enable Two-Factor Authentication

An extra safeguard to immediately add once hackers are locked out is two-factor authentication (2FA). This replaces simple password logins with a stronger 2-step verification.

It functions by requiring:

  1. Your password – something YOU know
  2. An additional one-time code – something YOU possess

That unique code is either:

  • Generated by a special authenticator app
  • Sent via SMS text message to your phone

With 2FA enabled under Security settings, only someone holding your physical mobile device can fulfill both steps to access your account. This provides far stronger protection.

6. Caution Friends About Suspicious Activity

Hopefully you‘ve swiftly thwarted hackers before they could create much chaos. But do briefly alert your Facebook friends to be vigilant about any questionable communications from your account anyway.

Politely suggest disregarding them, as hackers may have posed as you. This minimizes damage to relationships if attempts were made to embroil others.

Consider a quick post directly on your Timeline too, which will notify all connections to take caution.

7. Review Privacy and Security Settings

Finally, reassess your overall Facebook security posture for gaps.

Scrutinize who can view your:

  • Basic profile info
  • Posts
  • Friends list
  • Contact details

I‘d recommend only allowing friends. Likewise, verify settings like:

  • Activity status visibility
  • Login alerts
  • Ad interests personalization
  • Facial recognition permissions

Further Strengthen Facebook Security

Emerging from an account hijack warrants getting much more stringent about security going forward too.

As your resident cybersecurity adviser, here are my top tips to keep hackers out for good:

Set Up a Strong Master Password

  • Over 12 characters long
  • Randomly generated
  • Uses upper and lower case letters, numbers and symbols
  • Unique from other account passwords

Enable Login Alerts

Receive notifications whenever an unrecognized sign-in is attempted. This acts an early warning system.

Minimize Overly Broad App Permissions

Strictly limit what account data is exposed. Only authorize apps likely to be safe and reputable.

Routinely Check Connected Sessions

Occasionally review all currently authenticated devices and manually disconnect anything suspicious.

Staying continually security conscious is now a must. But should hackers strike again, this guide has equipped you to respond decisively.

So breathe deep and take comfort in the fact that no Facebook account hijacking has to be permanent, or even last long, armed with this knowledge.

Now go forth and reconnect securely with friends far and wide.

Tags: