So you think someone has hacked your Facebook Account…

• 03 December 2018
• by: Mark Wigston
• in: From The Developer
• note: no comments

As a website and WordPress developer and in a small community I often get questions and request for help from clients when things go wrong for them on their computers or internet (email).  Recently 50 million Facebook accounts were hacked.  And as such it’s possible that even though you think everything looks normal to you on your facebook that someone on the outside is connecting to your account and sending messages to other people trying to scam them into purchasing something or to get their credit card number via a phishing website.

Recently a client of mine contacted me saying that people they knew were getting messages from her on facebook messenger when she hadn’t sent them anything or even use messenger at all.

A quick check in the security settings proved that someone in the Hamilton area of Ontario was indeed logged into her account and sending messages then discretely deleting them so as to leave no clues.

If this has happened to you, It’s not enough, actually to just change your password in this instance.  A few steps are required and I will explain them here for you.

Here are full instructions on how to secure an already-compromised account:
On your computer (not in your Messenger app), click on the help>settings item in the top right of your Facebook window (seen from pretty much every page except the Help Center) and select Account Settings. Once that has loaded, select Security from the left side menu. Now we’ll go down the list.

 

Steps after entering your facebook settings

1. Skip two-factor authentication for now, but keep in mind for later should it show that someone other than yourself has been continuing to log into your account.
2. In the area “Where you’re logged in” select the “see more” at the bottom if it’s available.  this will give you a list of all devices and computers logged into your facebook account.  This should look VERY familiar.  If it does not you should select “Log out of all sessions”
3. Once you have logged out of all sessions proceed to change your password on the next area down “Login” Then repeat step 2 once you have completed a password change.  Do use upper and lower case letters, do use numbers and at least one special character like @#$&*.  Do not use your pets name or children’s name or anything else you may have mentioned on facebook.  Possibly use a neighbour or siblings pet name if you must.
4. Skip again two-factor authentication and select “get alerts about unrecognized logins.  Turn on that feature so that unrecognized logins are sent to you via messenger, notifications and by email.
5. If you use other apps within Facebook, do a quick Google search about how Login Approvals will affect the use of those apps. If needed, activate App Passwords, but I’d recommend taking care of this after finishing the rest of this list.
6. Trusted Contacts. Right now, you shouldn’t trust anyone with access to your account, so if you have anyone in this list, I recommend removing them.
7. Once you have done this proceed to the menu item on the top left-hand side that says apps and websites.  In there you will see a list of all apps or websites that currently use your facebook login for you to access their services.  You should remove anything that just looks not right.  Or anything outdated that you do not use any longer.  Other websites can also be compromised and have obtained your information through them.
8. Do a review of your privacy settings while you are in there.  I highly suggest that you do not allow anyone but yourself to see your friends list.  If someone comprimises your facebook account or if they go through the process of creating a duplicate account using your main picture and name, they then have access to your friends list and your friends will then begin to get friend requests from these hackers.  This prevents that.
9. Once completed once again head to the Security and login area to view who is logged into your account.  If nothing strange is there, proceed to enter the new password on your other devices like phone and tablet.  Then AGAIN view your recent logins to see that these devices show up.  It’s not a bad idea to take a screen capture of all your authentic device logins in order to compare down the road.
10. check these recent logins frequently over the next week or two to ensure that the problem has been solved.

Now for the most important part: Go to the primary email address you have linked to Facebook (the one you receive notification emails go to), and change its password. If the hacker has access to your email address, they can still change the password of your Facebook and get back in.

Once you’ve done that, give the Active Sessions list one more check to make sure nothing has happened while you were changing your email’s password. If nothing’s changed, you should be in the clear.  I know this seems repetetive.  But it’s very important and effective.

Periodically check that list over the next few days to ensure that nobody else is logging into your Facebook account.  If you see a computer or device has connected to your account that you deem isn’t you, it’s entirely possible that one of your computers or android devices has been hacked into.  Enabling Two-Factor authentication will prevent this for now while you have your computer serviced and viruses or malware removed.  Two-Factor will send you a text message code that you must enter every time you log into your account so only someone with your phone can actually log into the account from that point.  Yes, two-factor is a headache, but it protects you, and your friends from scams and you can disable it once you have everything squared away.

WE’RE HAPPY TO PROVIDE GOOD INFORMATION THAT HELPS KEEP EVERYONE SAFE, WE ASK IN TURN THAT YOU TAKE A FEW SECONDS AND SHARE THIS POST SO THAT OTHERS CAN BENEFIT. 

If you have any questions or would like us to help you fix your facebook account feel free to Contact Us at anytime.