Over the years I have helped friends, family, and colleagues deal with Facebook security issues. Figuring out what went wrong, and preventing the same thing from happening in the future, can be a frustrating experience. If ever you believe your account has been compromised, then here is a guide to recovery.
During the process of account recovery, you need to try to ask the question: “How was my account hijacked in the first place?”. The most common answers are:
- Poor password security
- Lack of 2-Factor Authentication
Check Login History
In your Facebook Security Settings, there is a menu that will tell you “Where You’re Logged In”. Look at the various devices you are signed in through, and see if anything is out of the ordinary. If, for example, you have an iPhone and there is someone logged into your account from “Facebook for Android”, then there might be someone accessing your account from a device that isn’t your own. You can click “End Activity” on that device to stop them. Each device will also list other helpful identifying information, such as: Date and Time of last access and City/State location.
If you don’t find anything suspicious, that doesn’t mean your account is necessarily secure. Malware or other abusive applications in your browser or on Facebook could also be to blame.
Change Your Passwords
I emphasize passwords, plural, because there is more than one way into a Facebook account. Your email is the primary recovery method for resetting your Facebook password. Therefore you should update your email password as well as Facebook.
For tips on making strong passwords: Guide to Creating Strong Passwords
Turn on 2-Factor Authentication (2FA)
I have written at length about the importance of 2-Factor Authentication in the past. Simply put, it is the best optional security layer you can implement to secure most consumer apps and services. Facebook refers to this process as “Login Approvals” and has integrated the feature directly into the Facebook mobile app.
Scan for Malware
Scan your computer and mobile device to look for any Malicious Software. I recommend using Malwarebytes on your computer. Facebook offers their own list of partnered security services in their help documentation.
Check Your Facebook Activity Log
Facebook’s Activity Log documents everything you do on Facebook. If you are concerned that someone may be in control of your account, this is a very useful tool to use to determine when you lost control, and what has happened since that moment. Some common signs of illicit activity include:
- Change to your name
- Change to date of birth
- Posting spam links to your wall
If you find unwanted activity, you can delete or undo most of those actions in the Activity Log.
Follow-Up with Friends
Once you have looked through the activity log, take a look at Facebook Messenger. Between the two, you should have a sense for what the attacker did while using your account. If they contacted any of your friends, make sure to follow-up with them (ideally through something other than Facebook) to let them know that you are back in control. People are generally sympathetic, but it is important to let them know which actions were you, and which were not.
- Kick the attacker out
- Change password to Facebook and your email
- Turn on 2-Factor Authentication
- Scan for Malware
- Try to undo any actions taken by the attacker
- Follow-Up with Friends