How to recover from a Facebook hack
Maybe you clicked a malicious link that infected your Facebook account, or maybe the social network alerted you to suspicious activity. Whatever the cause, you’ve suffered a Facebook hack. What do you do now?
Thanks to beefed-up security, Facebook account hackings are increasingly rare, according to Herve Robert, engineering manager on the company’s antispam team. But they still occur.
“We’re very committed to eradicating bad actors from Facebook,” Robert says. “Over time, we’ve built cutting-edge technology to try to make our product something that’s safer and more secure.”
Some of those efforts include sharing public encryption keys to keep email notifications between the site and its users encrypted, launching a Dark Web version of the social network on Tor, and notifying users of state-sponsored attacks.
“One of the best things you can do is make use of the controls that we offer to protect your account,” Robert says.
If you suspect that your Facebook account has been compromised, navigate to facebook.com/hacked, and click “My Account Is Compromised.” On the next screen, enter your account credentials, then follow the indicated steps.
To further protect your account against spam, malware, and hackers, Facebook suggests taking advantage of the following tools and features, which include performing a security checkup, enabling login approvals, and downloading free antivirus software.
Perform a security checkup
Facebook’s Security Checkup tool, which it launched in July, guides users through a set of security settings to fortify their accounts.
Security Checkup first logs you out of the social network from all other browsers and apps. Next, it helps you set up log-in alerts, which notify you if your account is being accessed from a new device or browser. It then guides you in creating a stronger password.
Turn on log-in approvals
Log-in approvals, more commonly known as two-factor authentication, provide an extra security step whenever you log in from a new device. “If people are only going to make one change to maximize security for their account, this is it,” according to a Facebook representative.
Once you’ve enabled the setting, Facebook asks you to enter a security code each time you try to access your Facebook account from a new computer, phone, or browser. This prevents other people from logging into your account, as they would also need access to your text messages or email account.
To turn on log-in approvals, visit your Security Settings page, click the Login Approvals section, check the box, and click Save Changes.
Run a malware scan
Facebook launched partnerships with anti-malware companies ESET, F-Secure, Trend Micro, and Kaspersky Lab to offer users free computer scans and malware cleanup tools.
“We use a combination of signals to help find infections and get the malware off your computer for good, even if the malware isn’t actively spreading spam or harmful links,” Trevor Pottinger, software engineer on Facebook’s threat infrastructure team, said in a blog post.
If you’re infected, Facebook will point you toward a cleanup tool that runs in the background. When the scan is complete, it details what it found and how to remove it.
Set trusted contacts
Facebook’s Trusted Contacts feature, which it debuted on in 2011 as Trusted Friends, helps you access your account when you forget your password and can’t access your email to reset it. In these instances, friends you name to your Trusted Contacts receive one-time security codes from Facebook that you enter to regain access.
Set your Trusted Contacts by visiting your Security Settings page. Click Trusted Contacts, and select friends on whom you can count.
Control the information you share with apps
Anytime you use your Facebook credentials to log into an application, you grant the app certain privileges such as access to your name, email address, birthday, hometown, likes, photos, or friends list. If you’re uncomfortable with the information the application requests, Facebook gives you two ways to edit the permissions.
Before you log into an app using Facebook Login, click “Edit the Info You Provide.” This brings you to a list of all the information the app is requesting from you. Uncheck the pieces of information you don’t want to share with the app.
If you already used Facebook Login to log into an app, visit your App Settings page to update your permissions. Hover over each application, then click the pencil icon. Uncheck the blue checkbox to revoke access to that piece of information, then click Save.