What To Do If Your Facebook Gets Hacked (And How To Avoid It)

So… you have been using Facebook to connect to old friends and family, and you have never felt more in touch. You laugh, share, play, and comment to your heart’s content, but then something new starts to happen. Your Facebook friends begin to get messages and wall posts from you that you did not write. What’s more, the messages have links that could possibly do damage to their computers, and it’s all coming from your account.

What will your friends think of you now? And how will you stop it?

Don’t Panic

If you find yourself in a similar situation as above, and it is happening more all the time, follow the “Hitchiker’s” creed and “Don’t Panic”. This kind of problem preys upon ignorance of Facebook mechanics, but it is usually a simple fix.

Applications Are Usually The Gateway

First thing I want to impress upon the user is that most of these problems happen through a simple mechanism – the Facebook Application. The applications are the features that can make Facebook extra fun, and the makers of these applications want you to spread the word about how terrific they are.

So, when you agree to and install an application in Facebook, you give it a ton of permissions to your account. For popular applications, such as Mafia this and Farm that, you have no choice.

Users Expect To Give Permissions

This action, of agreeing to allow applications to take certain liberties with your account, seems like business as usual when using anything on Facebook.  So, when you sign up for a cool new application, you click yes, without even batting an eye or reading a dialog.

But the problem is not the agreement, which is hard to avoid given the way Facebook is structured. Instead it is the application itself that you have chosen to install. While you have a sincere purpose to sign up for a given app, the app makers have other ideas in mind. But how can you tell?

If It Sounds Too Good To Be True…

There exists two simple rules of thumb to follow when considering an application for your FaceBook account. The first one is this – if it sounds too good to be true, it probably is. Facebook itself spends a lot of time, money, and effort in creating the Facebook environment, and they are constantly rolling out updates to the platform (as any user can attest).

If a given thing was possible, chances are Facebook has by now incorporated at least some of that functionality or will in the near future. It is doubtful that a third party, using only the APIs that Facebook themselves created, is going to have a miracle application that gives you inside information not available otherwise.

Invite Your Friends Or Else

The other rule of thumb is this – if an application requests that you invite at least X (usually half) of your friends before you get full functionality, then run away from it… screaming optional. An application becomes popular on Facebook by being either a niche or being an app of high quality, but never by extortion. If the big players in the game don’t ask you to surrender your friends to play, then why would you expect this one to do it? The app should speak for itself,otherwise steer clear.

Back To The Hacked Problem

Okay, at this point lets assume that you did sign up for that “profile watcher” or “old Facebook” application, only to forget about it and mysteriously have problems appear later. Reactions follow actions, and this is more than likely a reaction of the easy to correct kind. Let’s go through the steps to stop the most common form of application hacking.

Remove Any Suspicious Applications

Chances are the offending application is one that you have long since forgotten about, but it now has kicked in (or been updated) and is behaving badly.

With the latest Facebook version, you get to the applications by going ot the top right of the screen, and going to account / applications (see image below).

Once selected,you will be at a screen like the image below. Please note that you have a dropdown that lists different applications depending on the rights you have assigned (inside red square). Pay especially close attention to the “Authorized” and “Allowed to Post” selections, but you will want to flip through them all, looking for potentially nefarious apps.

Application Lists Will Vary

As a hint, anything that has the name “UnNamed” is no doubt on the kill list. Anything you have not used for a while should be on the kill list as well, but be warned that there are some applications that come default, so you should leave those alone. I have these listed in the picture, but there may be more.

For example, you may find an “iPhoto uploader” if you use a Mac to upload images Facebook, a mobile application if you use Facebook mobile on iPhone or Blackberry, and an Xbox application if you connect via your game console. The thing to note is that the application list may vary by individual, but it should make sense to you.

The Kill Button


Once you have identified the potential problem applications, you need to remove them. This is simple enough, and in the application list you will find an x to do this with (above, in red highlight square).

Go though the application lists by type, removing the suspicious applications as you find them. After you have done this, it is time for the next step in the process – change your password.

Changing Your Password


Now that you have removed the potential culprit from your Facebook account, let’s go ahead and reset your password in case it was compromised (and that too could have been the access point into your account).Go to your account settings again in the top right hand corner (red square in image above), and you should be presented with the account information. Select the password settings, and the section will expand to show the dialog below.

Change your password by providing your original and setting a new one. At this point let me say this – select a password that is at least a little safe. Since Facebook uses the email address as the name on the account, a nefarious person likely already has half the information required to log in to your account. Add to that the information in the typical Facebook account, and it might be easy to figure out the password.

So, make this new password a bit hardened, using a combination of caps, numbers, and even punctuation – the password really is the only protection your Facebook account has. And do yourself a favor- write it down before you forget it, particularly if you are not used to having a more durable password.

Exit It All And Restart

After you have removed potentially nefarious apps and changed your password, then you should exit all browsers instances and restart. For Windows users, this means exiting the app as normal, and be sure to get all instances, even those minimized. For Mac users, make sure that the browser has unloaded by either right clicking on the dock icon and exiting or by exiting from the menu. You should NOT have the process indicator (usually a white dot) on the dock under the browser Icon when it has exited.

After you have exited all browser instances, then you can probably restart it and log back into Facebook with your shiny new password. Hopefully you will find that your problems have gone away, and Facebook is now behaving. And hopefully you will be more careful about what applications you use in the future. Just remember the two rules of thumb – if it sounds too good to be true then it probably is, and if they want your friends up front, then it’s not willing to stand on its own merits – avoid it.  Happy Facebooking!

  24 comments for “What To Do If Your Facebook Gets Hacked (And How To Avoid It)

Comments are closed.