What to Do if Your Facebook Account Gets “Hacked”

A few days ago, I got a strange Facebook message from my uncle. It was clearly out of character for him, so I knew something was up: his account had been compromised. Here’s what to do if this happens to you or someone you know.

Let’s Talk About Getting “Hacked”

The term “hacked” gets thrown around a lot—pretty loosely, to be honest—and has become the popular term for any time an account becomes compromised. Since it has become such a vague term in popular culture, let’s lay down a quick definition: leaving your phone somewhere so your friend/gf/whatever gets access to it is not getting “hacked.” We’ve all seen those posts—“Hacked! Love you baby!” This is not a hack. Not even close. And we’re not talking about that today.

There’s another phenomenon common on Facebook where somebody else creates a new account using your name, and sometimes a profile picture they obtained from your page, and then starts spamming your friend list with invites and other messages. This is also not a hack. Report that fake user to Facebook, and they’ll help you sort it out.

What we are talking about is when your account becomes truly compromised. This is when your account credentials fall into the wrong hands or your account otherwise starts to allow activity that you didn’t authorize. While we wouldn’t always call this getting “hacked,” it’s the term that’s most widely used to describe the situation.

When to Take Action

If you notice (or get notified about) changes to your account that you didn’t make, it’s time to do something. What kind of changes? This kind:

  • Your personal information gets updated: Birthday, email, password, etc.
  • You’re getting new friends you didn’t send requests to: If you notice an influx of new friends that you didn’t send requests to, something is wrong.
  • People are getting messages you didn’t send: If someone tells you they got a weird message from you, you need to look into it.
  • Posts are published that you didn’t share: No one likes spammy crap, especially when it’s coming from your profile.

First, you’ll need to determine what’s going on. Are you locked out of your account? Are posts showing up from you that you didn’t share? Are people getting messages you didn’t send? Most of these things require different steps to resolve, so let’s start with the easiest and work from there.

What to Do If This Happens

If people are complaining about spammy posts showing up in their timeline or getting questionable messages from you, there’s a good chance an app with access to your Facebook account has gone rogue. The same is true if you happen to catch any of the other aforementioned issues, too.

First of all, your account is still probably pretty “safe”—apps don’t get access to personal information like passwords or email addresses. You should probably go ahead and change your password anyway, just to be cautious. You’ll find instructions on how to do that later in this article.

The key here, however, is taking a close look at all the apps that have access to your account. Here’s how.

How to Check App Access on the Web

To check this out from your computer, jump over to Facebook, and then click the little down arrow in the upper right. Choose the “Settings” option.

In the Settings menu, select the “Apps” command.

Now comes the fun part: you get to sort through every app that has access to your Facebook account, which may or may not be a lot. Some (maybe even most) of these app will be legit, but you’ll want to at least run through and revoke access from any app that you no longer use.

To do that, just click the X beside the app name when you hover over it.

When you click that X, a new dialog box pops up asking for confirmation. Smash that “Remove” button, and boom—it’s gone.

Depending on how many apps you’ve allowed access to over the years, this could be pretty time consuming. Godspeed.

How to Check App Access on Mobile

If you’re all about that mobile life and don’t mess with Facebook on the web, the process is slightly different. Slightly.

First, fire up the Facebook app on your phone. The process is basically the same across both Android and iOS, and we’ll provide screenshots for both to make it easy to follow along.

Tap the Menu button on the right side. It’s in the top row on Android (left, below), and on the bottom on an iPhone (right, below).

Now scroll to the bottom and tap the “Account settings” entry. On iOS you’ll have to tap “Settings” first, and then tap the “Account Settings” entry.

From there, scroll down and tap the “Apps” option.

Finally, tap the “Logged in with Facebook” entry.

The nice thing here is that this list is broken down into sections by what the app is allowed to access:

  • Sharing with Public: This means it’s allowed to make public posts on your wall. Anyone who looks at your profile, whether they’re a friend or not, will see this.
  • Sharing with Friends: Only people on your friends list will see these posts. That’s still annoying.
  • Sharing with Only Me: Only you will see these posts. It’ll be interesting if you start to spam yourself.

To remove an app, just tap it, scroll to the bottom of the page, and then tap the “Remove app” button.

And then confirm that you want to remove the app. It’s also worth nothing that you will be able to remove all posts published by apps with Public access.

Note: The iOS Facebook app has an additional step that asks you to report the app if it’s misbehaving. You can do this, or you can skip this step by pressing the back button.

What to do if You’re Locked Out of Your Account

This one can be really scary, but if you get locked out of your account completely, there’s no reason to panic. You can get it back.

First, go to Facebook’s “Hacked” page. It’ll ask some questions—just answer them to re-gain access to your account.

Once you’re back in, change your password. Pick something good, something strong—even better, just use a password manager.

To change your password, jump back into the Settings menu and click the “Security and login” option.

Choose “Change password” under the Login section.

Cameron Summerson is a die-hard Android fan, Chicago Bulls fanatic, metalhead, and cyclist. When he's not pounding keys here at HTG, you can find him spending time with his wife and kids, spinning legs on the bike, chugging away on the 6-string, or being disappointed in the Bulls.