Your Facebook account's been hijacked. Here's how to recover it and keep it safe

Your Facebook account tells a lot about you and your social circle. You need to keep control of it.

facebook logo crop

Martin Anisko fell for a phishing attack, and a hacker succeeded in taking over his Facebook account.

If a crook succeeds in stealing your Facebook account, they can masquerade as you, find out a good deal about you, and get access to your friends.

If the email address and/or password on your account has changed--and you didn't change it, your account has been hacked. Other possible symptoms that should worry  you include new "friends" that you never approved, and status updates and messages allegedly going out from "you" even though you didn't send them.

The following instructions assume that you're accessing Facebook from a full, desktop-oriented browser rather than a mobile browser or app.

[Have a tech question? Ask PCWorld Contributing Editor Lincoln Spector. Send your query to answer@pcworld.com.]

First, try to change your Facebook password:

  1. Click the little white triangle near the upper-right corner or the Facebook webpage  and select Settings.
  2. This brings you to the Settings page's General tab. Click Password.
    0503 select password
  3. Enter your current password in the Current field.
  4. Type a strong password in the New and 'Re-type new' fields. This should be a password you've never used before. I strongly suggest you use a password manager.

When you click Save Changes, Facebook may reject your current password. If it does, whoever hacked your account has already changed it.

0503 password rejected

Go to Facebook's Report Compromised Account page, click the My Account in Compromised button, and follow the wizard.

0503 compromised account

But if Facebook accepts the old password (and the new one, of course), you can sigh with relief. You've recovered your account. Facebook will ask if you want it to log off of other devices; take them up on that offer.

0503 log off other devices

Once you've got your Facebook account pages, take some steps to make sure this never happens again:

Back on the Settings page, click the Security tab on the left, then click Login Approvals (also known as 2-step verification). Check Require a security code to access my account from unknown browsers. If you haven't given Facebook your cell number, you'll have to enter it here.

Once you've setup Login Approvals, enable Login Alerts. That way,  Facebook will notify you via email if your account is accessed by a browser, app, or device that has never accessed your account before. If you didn't do the logging in, you'll know you have a problem.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.