It’s a common event on social media these days, the equivalent of adding #JK to a post that may or may not be … an actual joke.
Here’s how it goes.
Someone publishes something strange and uncharacteristic. It might be a naughty comment, inappropriate video, or controversial opinion.
Their next post absolves them of ‘their’ suspect content by claiming they were hacked.
Their fans, friends, and followers may rib them about it. It may even grow into an inside gag among your circles, the online version of claiming your ill-advised words were “driven by drink.”
But sometimes, the damage is a lot more real.
Why Do Hackers Want Your Account?
There have been cases where unscrupulous types have hijacked accounts on Facebook, Instagram, Twitter, and other platforms.
It could be someone you know, playing a practical joke. Or one of your exes out for revenge.
It could even be a case or relationship sabotage, or corporate espionage.
In such cases, your hacker might send nasty messages to your friends, expose private pictures, or delete all your contacts.
On other occasions, the aim is more commercial. You might get blackmailed.
The most common cases of social media jacking aren’t personal.
There are areas on the Dark Web where people pay for unique usernames. It’s a bit like a digital vanity plate. So someone will hack your account, lock you out, and take it over, and sell it to someone else.
Whatever the circumstances behind your Facebook account being hacked, it’s an immensely personal violation. It feels like a break-in and can be every bit as distressing as a flesh-and-blood burglar.
What are your options for recovery and future protection?
Step 1: Confirm the Hack
The intercept may not necessarily be deliberate.
Maybe you didn’t log out and the next person took a peek. Or maybe someone was playing with your phone and scrolled through your account.
With this kind of ‘hack’, you can simply change your password and add a screen lock to your phone.
But if you were specifically targeted, or your data was part of the massive Facebook data breach, you need extra security measures.
To figure out if you’ve been hacked, you can visit this Facebook Help Center page. Scroll to the bottom and, as long as you’re logged in, you should see a blue box at the bottom of the page.
If you were not affected by Facebook’s recent security breach, this is what you’ll see when you visit the page:
Based on what we’ve learned so far, your Facebook account has not been impacted by this security incident. If we find more Facebook accounts were impacted, we will reset their access tokens and notify those accounts.
If you can still log in, go to Settings > Security and Log In. Look at the last devices you’ve logged in from, and check if any are unfamiliar. You can also cross-check the dates to see which of those log-ins were (not) you.
For example, a log-in, while you were asleep, is a dead giveaway.
If you can’t log in, it means the hacker changed your password, which shows potentially malicious intent.
Talk to a trusted Facebook friend. Ask them to log into their account and click on yours:
Has your name, profile picture, or email changed?
Are your friends deleted, and are there new friends (or friend requests to people) you don’t know?
Are there new posts you didn’t put up?
Are your friends receiving private messages that aren’t from you?
Has the hacker contacted you?
Step 2: If You Can’t Log In, Report it to Facebook
Facebook has a convenient URL, https://www.facebook.com/hacked/ where you can let them know your account has been compromised, even when you can’t access your own account. You’ll be prompted to type in the phone number or email you used to open the account.
Using these details, Facebook will help you regain access to your account. Facebook will also ask how you think your account was hacked. The options included are:
Posts/messages on your timeline that you didn’t write.
Your private content has been made public.
You found a duplicate account with your name and photos.
Based on your answer, Facebook will suggest security measures and “walk” you through them.
Step 3: Change All Your Passwords
The Facebook Reporting tool will nudge you to do so, but even if it’s a benign hack, change the password to be safe.
While you’re at it, change all your other passwords, too.
Your Facebook account may have shared passwords with other apps.
Also, any app where you “logged in via Facebook” is especially at risk. Use a password manager (LastPass is my personal favorite) to help.
Step 4: Double-Check Your Permissions
This applies in both cases – whether or not your passwords were changed without your consent.
Go to your apps and review who has access to your account. If there are apps you don’t recognize or no longer use, revoke their access.
You’ll find them under Settings > Apps and Websites.
After removing the apps, search your timeline for any posts those deleted apps had published on your behalf. You may delete them, but only if they bother you.
The apps may still have the data they collected in the past, but they can’t collect any more details from your account.
Step 5: Tighten Your Log-In Access
Facebook now offers two-factor authentication.
When someone logs in, a code will be sent to your mobile phone, verifying it’s you. This only works if the hacker doesn’t have your smartphone as well though.
Facebook has an option to have a pre-selected Facebook friend receive the authentication code on your behalf.
To enable two-factor authentication, go to Setting > Security and Log In.
You can also run a security check-up. It will log you off from all browsers. It will also notify you if anyone logs in from a phone or computer Facebook doesn’t recognize.
Step 6: Let Your People Know
Memes aside, you do need to inform your friends and followers you were hacked.
The hacker may have used their time in your account to contact your Facebook friends. They may have posed as you and asked for personal details, passwords, or even cash.
This may seem outlandish, but there are documented cases of someone looking through your friends’ list for ‘dad, mom, spouse’ then messaging them something like, “I forgot the bank PIN, LOL, please text me?” Or “I lost my wallet, please send me cab fare.”
Worse, the hacker may have piggy-backed off your account and used it to hack their accounts, maybe sending them a private message phishing link that infected their device. Warn them not to open any links “you” sent while you were hacked. Advise them to secure their accounts, too.
Step 7: Review Your Privacy Settings
You probably haven’t done this since you set them.
If you’ve never undertaken this exercise, do it from scratch. If you’re familiar with privacy setting, double-check.
You can control who sees your posts, who can tag you, and other related elements. You can also check for caveats.
For example, in certain cases, if someone comments on a private post, it becomes public, so you can moderate comment permissions, too. You can switch on/off video auto-play and face recognition, ensuring Facebook doesn’t automatically tag you in your friend’s photos.
You can also confirm automated geo-tagging (and preferably switch it off).
Stay Safe on Facebook
We’re so used to social media that we rarely think about what we type.
Often, our own actions and the details we share can put as at risk – not just from online hackers, but also from offline stalkers.
Review your Facebook settings to make just a little harder for people to target you.
Before you hit Post think twice and be sure you’re not painting a bulls-eye on the back of that selfie.
Speaking of selfies, unless you’re running influencer campaigns, turn off the location stamp in your camera-phone!
Bragging rights aren’t worth compromising your safety.
Screenshots taken by author, January 2019
Subscribe to SEJ
Get our daily newsletter from SEJ’s Founder Loren Baker about the latest news in the industry!