You’ve probably already heard that Facebook accounts are hacked to gain personal information, but you might not be aware of how easy that just might be for hackers. With hackers increasingly targeting Facebook as a primary source of collecting user information, and corporations using your information to make decisions about your rates (see this article about insurance companies raising premiums of social media users), you really should have a plan for protecting yourself.
Here are some tips to prevent getting hacked:
- Use strong passwords. The names of yourself, your spouse, parents, siblings or dog, or your birthday, do not qualify. Use a mix of letters, digits and punctuation (but not blank spaces). Use both capital and lowercase letters. The longer your password, the better. The shorter your password, the easier it is to hack, especially if it’s a common word or name. A good starting point is six characters, though 8, 10 or 12 are even better. If you have trouble remembering, do something about that, else consider using an unusual phrase or combo of words that only you or a few people might know, then substitute some of the letters with digits and/or punctuation. Humorous combinations might make it easier to remember, but otherwise write your password down in a SAFE place. Or just keep using the “Forgot password?” option to reset your password.
- Change your password regularly. By regularly I mean monthly or even weekly, not yearly. Facebook’s “Forgot password?” option is one way, or you can go to your account’s settings.
- Don’t friend everyone. That “hot chick” whom you don’t know and looks like some Hollywood starlet might be a guy. Avoid the person who doesn’t even have a profile pic, let alone any friends in common with you. If you haven’t met them, be cautious. Also, don’t friend friends whom you know to use weak passwords. If their account is compromised, hackers can still learn certain things about you from your profile, or could send you a message via the friend’s account to lure you to a malware site.
- Don’t click on links willy-nilly. If you click on a status update that a “friend” posted on your wall and it looks fishy, don’t assume they actually did it. Their account could be compromised. If your clicking takes you to a Facebook application that you’re unsure of, there’s no obligation to click through. For example, AllFacebook Editor Nick O’Neill recently posted about a fake ‘Like photo’ application.
- Don’t believe all emails. Don’t forget that honest web services will never ask you to do certain things in an email. For example, Facebook will NEVER send you an email asking you to change your password or enter personal details. If they need you to do that, they will tell you where in your account settings you can go to do that. On a similar note, protect your email account that you registered for Facebook with, else someone can succeed in resetting your Facebook password.
Have any tips on how to protect a Facebook account? Feel free to share in the comments.
Also check our article on 5 Facebook Scams You Should Protect Yourself From.
![[Inside Social Apps 2012]](http://www.allfacebook.com/wordpress/wp-content/themes/allfacebook2/images/ISA2012_336x100_F_RegisterNow.gif)
![[AllFacebook Stats: Facebook Analytics for Your Business]](http://www.allfacebook.com/wordpress/wp-content/themes/allfacebook2/images/stpro_allfacebookstats.gif)
![[How can Facebook change your business?]](http://www.allfacebook.com/wordpress/wp-content/themes/allfacebook2/images/FMB_A_MAY2011_336x100_F.gif)
The biggest offender in this is Facebook itself. Facebook wants you to enter your e-mail account and password and will ask you for this information even if you're not signed in through the protected https protocol. Facebook is asking you to disclose your e-mail logon information over the unprotected Internet. If you do what Facebook asks, don't be surprised when your e-mail account, and every account that uses that e-mail account to recover passwords, is hacked.
Comment by Brent Logan — March 2, 2010 @ 7:05 am
As Facebook passwords aren't encrypted strong passwords are a waste of time. What's more important is to not use an important password which you use for another purpose such as online banking as it's easy for hackers to see your unencrypted facebook password and then try it on all your other online accounts.
Comment by Nuuj — March 2, 2010 @ 1:34 pm
This article isn't all that helpful, because most people who get hacked are breached through their email account.
A friend of mine kicked up a chat the other day, needing help getting home after getting robbed in London. Of course, within moments I was on the phone with him and his wife, who were at work and just fine.
The hacker in question had taken over his Gmail, and used that to force a "lost password" request. He was locked out of both Gmail and Facebook, and his Facebook account is now suspended pending review.
If you follow the five points above, you're still naked if you don't harden your Gmail account. (and pay attention to the bottom of the Gmail page, as it tells you the IP address of the last login for your account…)
Comment by Ike — March 3, 2010 @ 5:18 am
The information on how to protect yourself is all well and good, but once your account has been compromised, what do you do next? My FB account was hacked and my password changed early in January. For two months now, I have been e-mailing FB from my primary e-mail account as well as others linked to my FB account in hopes of regaining access and changing my password. I have not received a response of any kind, and research has shown me that others with the same problem cannot seem to get help either. No direct customer service is available from FB since we don't pay for their service. Fine, I get that. But if FB is this slow to respond via e-mail and/or hackers corrupt their response medium, what can you possibly do to correct the problem?
Comment by Derek — March 3, 2010 @ 6:23 am
Ike – How is tip #5 not relevant then? It says "On a similar note, protect your email account…" Sorry the rest of the info "isn't all that helpful" to you.
Derek – Sorry to hear that. I'll see what I can find.
Comment by Raj Dash — March 3, 2010 @ 6:52 am
Thank you Raj — any information on resolving this issue would certainly be a step forward!
Comment by Derek — March 3, 2010 @ 7:29 am
Log out or sign out anytime you will not be active on FB for more than 10 minutes. Yes, it is a hassle. But it is a small, worthwhile step to take.
My account was hacked last summer. Signed on to find myself involved in a chat with a friend… saw that he was being asked to 'rescue me after I was robbed & mugged in England'. According to FB the hacker was able to get to my account because even though I had closed the FB window and shut down my computer, I was still signed on.
I know that the hacker was a member of a group I owned, a person who allowed NO information about themselves to be displayed. That is another warning sign for me.
Derek – keep after them… I got my account back in 24 hours. And I think I emailed them about 30 times in that period.
Ike – too bad we don't know the hacker's secret to getting a password… my friend just deleted her gmail account from frustration at not being able to reset her password.
Comment by Patricia Swenson — March 3, 2010 @ 10:07 am
People should THINK first when using such a network as FAcebook. Many of its users are just frivole and this is how it ends.
Comment by Pete — March 3, 2010 @ 11:02 am
Raj, just saying that you buried the number one breach.
Comment by Ike — March 4, 2010 @ 3:15 am
Ike, ok good point. I guess since I've been online so long, I think protecting your email acct should go without saying. But I didn't realize that email was a key breach point.
Comment by Raj Dash — March 4, 2010 @ 7:08 am
Another safety measure is to set up an email account with, say, Google, Yahoo, etc., to use just for your social media sites.
Comment by Cyndi — March 13, 2010 @ 12:19 am
Low tech is certainly the safest. Just have a password that you use exclusively for that site, and keep a written or .txt list somewhere for yourself (or have your pc store the password, if you must).
I generally refuse to use any website that requires a login to access any portion of the site, and definitely refuse when they don't even care enough about protecting its users to pay for a cheap SSL certificate. I would never ask my clients or customers to risk their identities the way those sites do. It's fairly infuriating.
Thanks for the article and comments, folks.
Comment by J.D. — May 6, 2010 @ 12:19 am
and how the hell could i know that a friend uses a weak password … ? dumbass
Comment by Hossam Al-Dein Mosta — July 16, 2010 @ 11:52 am
I had both my FB account and the email account associated with it hacked in February. I had a strong password for both accounts; neither password was the same – not even remotely. It did me no good, since whoever hacked my account apparently put a keylogger on my computer somehow. I have antivirus protection, Malware Bytes, etc., and I always keep everything updated. I was able to get my gmail account back by visiting the gmail help forum and only after begging and proving it's really me. 5 1/2 months later, I still do not have my FB account back.
Comment by Cheryl Smith — July 20, 2010 @ 3:05 pm
How else are you expected to get your password reset then?
Comment by Facebook User — August 27, 2010 @ 8:45 am
Another thing– your security questions. When it asks for my mother's maiden name or favorite pet or fav color, whatever, I NEVER give the correct answer. If someone knows you well enough then they know the answer to your security questions. Duh!
Comment by CertainQuirk — September 22, 2010 @ 2:09 pm
Unfortunately a good hacker can gain access to any account regardless of passwords, etc. I have had my FB hacked and have had my bank account compromised twice. All the suggestions help but you have to stay on top of your FB and other important accounts you have online DAILY !!!!! Constant vigilance is the price we must pay in this age of modern technology.
Comment by dan's mom — March 12, 2011 @ 11:46 pm
my fb account has benn hacked
how to know who has done it
Comment by ap0 — March 28, 2011 @ 8:32 am
yes this is terrible my daughter fb is hack in all the time so she report it so many times to fb they dont help
Comment by virginia — April 4, 2011 @ 9:26 pm
oh here is a problem you know how to prevent it but dont know how to safe after profile hacked
Comment by ShanK — July 31, 2011 @ 5:43 pm
speehless009.blogspot.com have step to avoid account fb getting hacked
Comment by shone manner — September 24, 2011 @ 12:56 am
slt
Comment by sameh — November 28, 2011 @ 4:32 pm
Thanks for your detailed write-up on this. Did this Trojan get past your anti-virus software?
Comment by Round Stickers — January 13, 2012 @ 4:49 pm