Facebook account hacked: How to get your account back
With over two billion users, Facebook is a very popular target for hack attacks, mostly to grab users’ personal data. You can recognise a hack attack on your Facebook account by the fact that, for example, posts appear on your profile that you did not make yourself, or that you can no longer log in. Possible solutions are to change your Facebook password, change the email address you have on file with Facebook or, if necessary, notify trusted contacts. If none of this helps, report your account to Facebook support.
- Free website protection with SSL Wildcard included
- Free private registration for greater privacy
- Free Domain Connect for easy DNS setup
Quick guide: Facebook account hacked
- Check your email account to see if Facebook has notified you of a password change that you didn’t make
- Reverse password change via link in email
- Change password on Facebook
- Check if your email account is also affected by the hack, change your email address on Facebook if necessary.
- If you have ‘trusted contacts’ on file, they may be able to change your given email address.
- If these steps fail: Contact Facebook support.
Signs that your Facebook account was compromised
There are several indications that your Facebook account was hacked. If you notice posts or activities on your profile, such as a change in your Facebook profile picture, that are not your own, this is the first indication. Changing personal data such as password, email address, or username without your intervention also indicates a hack attack. After your Facebook account has been hacked and your password was changed you lose access. This is because in most cases, the attackers change the access data in order to take over the account permanently.
In this case, it is especially important to change your password everywhere, especially if you use your password for different logins. Otherwise, other accounts such as your Instagram account could also be hacked.
How did my Facebook account get hacked? Different attack methods
There are a number of cyber attacks that hackers can implement to access your Facebook account. At the same time, most of the attacks lead to the same result: After your Facebook account was hacked, you will no longer have access to it yourself. The most popular hacking methods are the following:
Phishing
The phishing method is mainly characterised by emails in which the sender pretends to be someone else in order to gain the victim’s trust and, on this basis, obtain sensitive data, such as login details for Facebook. Another possibility is that fake login pages are created that look very similar to the real Facebook login page. The login data entered by users is subsequently intercepted by the attackers.
Keylogging
Keyloggers are programs that record users’ keystrokes and save them to a file. This file is forwarded directly to the hacker in the case of malicious keylogging software, which often hides unnoticed in email attachments. This gives the hacker access to all entries made, which may include logins.
Session hijacking
The aim of session hijacking is to access cookies containing sensitive data. For this purpose, the connection between the user and the server is permanently monitored by the attacker. A particularly popular variant of session hijacking is the use of the Firefox add-on Firesheep, which is mainly used in public, freely accessible WLAN networks.
Attacks via mobile phones
Mobile phones can also be the target of hacker attacks. In addition to phishing SMS messages, which are similar to the phishing emails mentioned above, the entire mobile can also be hacked. As a result, the attackers can also access the data they need to log into your Facebook account. If you suspect that your entire phone has been the victim of a hack attack, you need to be extra careful – it’s not just your Facebook account that can be compromised this way. All the apps you have installed on your smartphone can be affected. If you use the Twitter app, for example, you should immediately find out whether your Twitter was hacked too.
Attacks via USB sticks
If attackers have physical access to your computer for some reason, it is worth remembering that malware can also be located on USB sticks. There is software that automatically extracts passwords that you have stored either on your computer or in your browser.
How to regain control over your Facebook account
Access to Facebook is possible
If you can still access your Facebook account, the email address and password you have stored have not been changed yet. Log in with your data as soon as possible and change your password. One option is to delete your Facebook account. Alternatively, look at the email addresses associated with your Facebook account under ‘General’ -> ‘Contact’. If you see an email address you don’t recognise, remove it immediately. You need to do the same for stored phone numbers. In addition, make sure that your email address is not affected by the hack attack.
You can create your own email address at IONOS. With built-in protection against viruses and spam, it is particularly safe.
Access to Facebook is no longer possible
If, after your Facebook account was hacked and the password changed, check your email inbox to see if Facebook has sent you a message about a possible password change. If this is the case, you can change your password again via a link found in this mail.
You may no longer have access to your email address. Maybe you have only forgotten the password, maybe your email account has been hacked. In either case, you can use the ‘Forgot your password?’ button on Facebook’s login page. Follow the instructions. Provided that you have stored ‘trusted contacts’ when creating your account, Facebook offers you the possibility to send these friends a security code. With this, you can access your account and change the email address stored there.
If all of the methods listed here fail, contact Facebook directly. Facebook will help you gain access to your compromised account with a dedicated page.
In Facebook’s Security and Login settings, you can enable so-called two-factor authentication. This requests, as soon as a login from a previously unknown device or browser takes place, a code that you receive either via SMS or through an authentication app.