Facebook Account Hacked? Don’t Panic.
Anyone who’s received a message from a friend’s Facebook account urging them to click a link or “like” a page to “Win a Free iPad” or “Get a Free Starbucks Gift Card” knows that social media sites are prime targets for spam and data mining. What do you do if it’s YOUR account that’s doing the spamming?
As soon as you discover that your account has been compromised, report it to Facebook at www.facebook.com/hacked. Enter your password and follow the instructions to reinstate the account in your name. You’ll need to identify yourself, either through your e-mail address, phone number, Facebook user name or your name and the name of one or more of your friends.
Once you’re back in control, reset your Facebook password. Click on the little button at the top right-hand corner that looks like a gear and then choose Account Settings. Facebook recommends that you change your password regularly (aim for every few months) to stay secure.
Choose a robust password: 7-10 digits in length, with a mix of numbers, symbols, upper-case and lower-case letters. Be sure to change passwords on any other accounts that may have been compromised (like your email, Twitter, etc). It’s particularly risky to use the same password across multiple accounts. If your Facebook password is compromised, the hacker would be able to take control of your linked email account if you use the same password for both accounts. This would allow him or her to find other logins that you have tied to that email, submit “forgot my password” reset requests and gain access to other your accounts like banking, shopping, etc.
Consider using a password management service like LastPass (www.lastpass.com, free for basic) that will create unique passwords for all your accounts and control your logins so you never have to type your username or password into a site again.
Now you need to determine how your account was compromised and plug any security holes. The most likely culprit is a rogue app that you installed, possibly without realizing you were doing so. For example, if you click a link to “Win a free iPad” posted (probably unwittingly) to your friend’s wall, you’ll be prompted to install an app or provide personal information in order to “register for the contest.” Every time you approve a Facebook app you give it permissions. This can range from access to your friends list, the ability to post to your wall, even personal information tied to your account (like your email account, linked cell phone number, etc).
To review your installed apps, click the little gear icon again and choose Privacy Settings. Do a quick scan here to make sure your privacy settings haven’t been changed to public. Then click on Apps in the menu bar on the left side of your screen.
Remove apps that you don’t recognize or no longer use by clicking on the X to the right of the app’s name. For those you choose to keep, click on the name of the app to review what information the app can access and choose who sees its posts and/or notifications. Change any visibility settings that are set to “Public” to “Friends” or “Only Me.”
Next, notify your friends that your account was compromised. Let them know that they shouldn’t trust anything posted by your account or messages sent to them “from you” within the period that your account was out of your control. Particularly avoid clicking links posted by your account. If you found an app that you suspect was the culprit, let them know to check their installed apps and remove the offender.
Finally, review the information and resources provided by Facebook at https://www.facebook.com/safety/tools/ for tips to keep your account secure.
Andrea Eldridge is CEO of Nerds On Call, which offers onsite computer and laptop repair to homeowners and small businesses. Based in Redding, Calif., it has locations in five states. Contact Eldridge at www.callnerds.com/andrea.