7 Urgent Steps to Take When Your Facebook Account Gets Hacked

Security and hacking issues are rampant in social media. If you have an account on Facebook, or any other social media network for that matter, it’s highly likely that your personal information has been compromised at some point.

In one recent Facebook hack, personal details including the full name, location, birthday, email address, phone number, and relationship status of more than half a billion Facebook users was stolen.

This includes 32 million accounts in the United States, 11 million in the United Kingdom, and 6 million in India.

Facebook has since released a statement claiming this breach was “old data” that was discovered and fixed in 2019.

Was that the hack of 540 million Facebook IDs, comments, and likes discovered in April 2019?

Or the 419 million phone numbers, names, and Facebook IDs exposed publicly in September 2019?

Turns out, it was yet another previously unreported incident:

“We believe the data in question was scraped from people’s Facebook profiles by malicious actors using our contact importer prior to September 2019. This feature was designed to help people easily find their friends to connect with on our services using their contact lists. When we became aware of how malicious actors were using this feature in 2019, we made changes to the contact importer.”

The bottom line? As Facebook gets bigger and more popular, the chances of your account getting hacked grow with it.

Here are your options for recovery and future protection. Check out these 7 steps you need to take if your Facebook account gets hacked.

Why Do Hackers Want Your Account?

There have been cases where unscrupulous types have hijacked accounts on Facebook, Instagram, Twitter, and Linkedin other platforms.

It could be someone you know, playing a practical joke. Or one of your exes out for revenge.

It could even be a case of relationship sabotage, or corporate espionage.

In such cases, your hacker might send nasty messages to your friends, expose private pictures, or delete all your contacts.

On other occasions, the aim is more commercial. You might get blackmailed.

The most common cases of social media-jacking aren’t personal.

There are areas on the Dark Web where people pay for unique usernames. It’s a bit like a digital vanity plate. So someone will hack your account, lock you out, and take it over, and sell it to someone else.

Whatever the circumstances behind your Facebook account being hacked, it’s an immensely personal violation. It feels like a break-in and can be every bit as distressing as a flesh-and-blood burglar.

What are your options for recovery and future protection?

Step 1: Confirm the Hack

The intercept may not necessarily be deliberate.

Maybe you didn’t log out and the next person took a peek. Or maybe someone was playing with your phone and scrolled through your account.

With this kind of “hack,” you can simply change your password and add a screen lock to your phone.

But if you were specifically targeted, or your data was part of a massive Facebook data breach, you need extra security measures.

To figure out if you’ve been hacked, you can visit HaveIBeenPwned.

Can You Still Log in?

If you can still log in, go to Settings > Security and Login. Look at the last devices you’ve logged in from, and check if any are unfamiliar.

You can also cross-check the dates to see which of those log-ins were (not) you.

For example, a log-in while you were asleep is a dead giveaway.

If anything appears suspicious, click the Log Out of All Sessions option in the lower right-hand corner and immediately move to Step 3: Change Your Password.

If you can’t log in, it means the hacker changed your password, which shows potentially malicious intent.

Talk to a trusted Facebook friend. Ask them to log in to their account and click on yours:

  • Has your name, profile picture, or email changed?
  • Are your friends deleted, and are there new friends (or friend requests to people) you don’t know?
  • Are there new posts you didn’t put up?
  • Are your friends receiving private messages that aren’t from you?
  • Has the hacker contacted you?

Step 2: If You Can’t Log In, Report it to Facebook

Facebook has a convenient URL, https://www.facebook.com/hacked/ where you can let them know your account has been compromised, even when you can’t access your own account.

You’ll be prompted to type in the phone number or email you used to open the account.

Using these details, Facebook will help you regain access to your account.

Facebook will also ask how you think your account was hacked. The options included are:

  • Posts/messages on your timeline that you didn’t write.
  • Your private content has been made public.
  • You found a duplicate account with your name and photos.

Based on your answer, Facebook will suggest security measures and “walk” you through them.

Step 3: Change All Your Passwords

The Facebook Reporting tool will nudge you to do so, but even if it’s a benign hack, change the password to be safe.

From a Desktop Computer:

1. Click on the down arrow in the upper right-hand corner and select Settings & Privacy.

2. From the menu, choose Settings.

3. In the upper left-hand side of the page choose Security and Login.

4. Toward the middle of the page, look for the Login options and click Edit.

5. Change your password

From a Mobile Device:

1. Click on the hamburger menu in the lower right-hand corner.

2. Scroll down until you see Settings & Privacy.

3. Choose Settings at the top of the list.

4. Under Security, choose Security and Login.

5. Toward the top of the page, look for the Login options and click Edit.

6. Change your password.

Log Out of All Sessions

At this point, if you haven’t done it already, it’s probably worth logging out of all sessions once your password is updated. Any app where you “logged in via Facebook” is especially at risk.

1. Follow steps 1-4 above.

2. From the Security and Login screen, look for the Where you’re logged in section and click See all.

3. At the bottom, click Log Out of All Sessions.

Change Your Other Passwords

If you’re like me, you probably use your Facebook password for other apps or even your email account. So, while you’re at it, change all your other passwords, too.

Use a password manager (LastPass is my personal favorite) to help.

Step 4: Double-Check Your Permissions

This applies in both cases – whether or not your passwords were changed without your consent.

Go to your apps and review who has access to your account. If there are apps you don’t recognize or no longer use, revoke their access.

You’ll find them under Settings > Apps and Websites.

After removing the apps, search your timeline for any posts those deleted apps had published on your behalf. You may delete them, but only if they bother you.

The apps may still have the data they collected in the past, but they can’t collect any more details from your account.

Step 5: Tighten Your Log-In Access

Facebook now offers two-factor authentication.

When someone logs in, a code will be sent to your mobile phone, verifying it’s you. This only works if the hacker doesn’t have your smartphone as well though.

Facebook has an option to have a pre-selected Facebook friend receive the authentication code on your behalf.

To enable two-factor authentication, go to Setting > Security and Login > Two-Factor Authentication.

You can also run a security check-up. It will log you off from all browsers. It will also notify you if anyone logs in from a phone or computer Facebook doesn’t recognize.

Step 6: Let Your People Know

Memes aside, you do need to inform your friends and followers you were hacked.

The hacker may have used their time in your account to contact your Facebook friends. They may have posed as you and asked for personal details, passwords, or even cash.

This may seem outlandish, but there are documented cases of someone looking through your friends’ list for “dad, mom, spouse” then messaging them something like, “I forgot the bank PIN, LOL, please text me?”

Or “I lost my wallet, please send me cab fare.”

Worse, the hacker may have piggy-backed off your account and used it to hack their accounts, maybe sending them a private message phishing link that infected their device.

Warn them not to open any links “you” sent while you were hacked. Advise them to secure their accounts, too.

Step 7: Review Your Privacy Settings

You probably haven’t reviewed your privacy settings since you set them (if you set them). Now, more than ever, it’s worth reviewing how your data is being shared and how accessible your information is online.

Reviewing Privacy Settings for the First Time

If you’ve never undertaken this exercise, do it from scratch. Facebook offers a helpful privacy shortcut that will help you check a few important settings.

On Desktop, navigate back to Settings and choose Privacy in the left-hand column. Once there, look for Privacy Shortcuts at the top of the page.

The Check a few important settings option will allow you to easily navigate and choose your desired settings for everything from ad preferences to how people can (or not) find you.

From your mobile device, the process is just as easy. Navigate to Settings > Privacy Settings.

Under Privacy Shortcuts, choose Check a few important settings and follow the prompts to choose your desired privacy levels.

Updating Existing Privacy Settings

If you’re familiar with privacy settings or have gone through the process of settings these previously, double-check.

You can control who sees your posts, who can tag you, and other related elements. You can also check for caveats.

For example, in certain cases, if someone comments on a private post, it becomes public, so you can moderate comment permissions, too.

You can switch on/off video auto-play and face recognition, ensuring Facebook doesn’t automatically tag you in your friend’s photos.

You can also confirm automated geotagging (and preferably switch it off).

Stay Safe on Facebook

We’re so used to social media that we rarely think about what we type.

Often, our own actions and the details we share can put us at risk – not just from online hackers, but also from offline stalkers.

Review your Facebook settings to make it just a little harder for people to target you.

Before you hit Post think twice and be sure you’re not painting a bulls-eye on the back of that selfie.

Speaking of selfies, unless you’re running influencer campaigns, turn off the location stamp in your phone’s camera!

Bragging rights aren’t worth compromising your safety.

More Resources:

Image Credits

All screenshots taken by author, April 2021