Facebook, being the largest social network, is a haven of hackers. They have been targeting Facebook users for years. A lot of things can be done with a hacked Facebook account—promotion of products, free advertisements, building email lists, and spamming.
You can find out if your account has been compromised through a few symptoms.
One way to know if your account has been hacked is obvious. You spot new people in your friends list; your account sends out spam to your friends; it shows up promoting illicit stuff—drugs, sex toys and pills, spam, etc.; or you have lost access to your account because of a change in password. But there is a chance that the attacker has been working secretly without your knowledge, making it difficult for you to recognize the situation.
In such cases, he does not send out any information from your account or change your password. Instead, he would be gathering information from your account—your personal and financial details and information about your friends.
Finding out If Your Account Has Been Hacked
Okay, the situation is that you are still able to log into the account, and you are able to transact as you normally do. There is also no complaint from any of your friends about any spam activity from your side. Still you can suspect that your account has been compromised. Here’s how to find out.
Go to Account Settings->Security->Active Sessions. In this list, you will find if there is any other active login session. If the attacker has logged into your Facebook account from any other location, you will be able to see it here.
Things to Do About Hacked Accounts
If your account is hacked and you still have access to it, then you should consider yourself very lucky. You are in control and you can easily counter the attack. In this case, immediately change your password and other security parameters, such as security questions.
In case the account is sending out spam, you can report it to Facebook through Facebook Hacked page. This is very important as Facebook may take action on the account by limiting or removing it unless you report it immediately.
In Case Password Was Changed
First of all, as in any web service, the biggest social network also has a ‘Forgot your password’ option. Click on it, and identify your account through certain details. If you still have access to the email under which the Facebook account was registered, you can regain access immediately.
In case you doubt that the email address or phone number may have been changed, go with the second option above (your name and one of your friends’ name).
In case you don’t have access to the email or phone number associated with your account, you can use another email address to get your account back. In this case, you just have to get three trusted friends involved, and get the security codes from them in order to get access to the account.
[Update: The trusted friends method is no longer used by Facebook, it seems. Now you can recover your FB account only with access to your email address. If you cannot access the email, Facebook wants you to take the issue up with the email provider.]
You should know which applications you use on Facebook. Remove any that you don’t use or think is insecure. You can access all application settings under Account Settings. From here, remove any unknown or insecure applications. Check what information on your account each app that you install requires. This can be viewed from Settings->Apps.
From this page, you can easily see which information the app requires to work and which information it has been accessing in the past. In case you think the app is rogue and is taking advantage of the data in your account, immediately remove it by clicking on the ‘Remove app’ button.
In the same way, you should know what information an app requests from your profile every time you install one. Look at this image:
Tips to Stay Safe
1. Change your password every time you doubt that the account may have been hacked.
2. Change your password once in a while anyway.
3. Do not use apps that suspiciously require too much information.
4. At least once in a while check your user sessions and log out any other active session that you logged on to.
5. Enable Login Notifications in order to get a text message or email when your account has been accessed from an unrecognized device.
6. Do not log into Facebook from insecure locations.
It is important that you keep your Facebook account secure as it is the gateway to yourself in the Internet. It may contain a lot of important information, even your important financial information. Moreover, your account’s security also ensures that of your friends (as they trust you and the links you share). So, you cannot afford to be nonchalant about Facebook security.