How have they gotten into my Facebook account?
Whilst Facebook security can be very good with lots of advanced security features available, most people still rely on just a single password to login. Even if you have a strong password this can still present a weak spot for criminals - all they need is one password and they're in.
Passwords can be stolen by various methods such as viruses or by intercepting wifi traffic, whilst weak passwords can be guessed (see here how to create strong passwords).
If you're interested, we've also compiled a fairly comprehensive list of methods by which passwords are stolen.
How do I get the hackers out of my account?
Step 1 - Login to Facebook and go to Settings
You'll first need to find the Security & Login settings options in Facebook. Exactly how you do this varies slightly depending on whether you're using a web browser or using the Facebook app on your phone or tablet:
Step 2 - Review current sessions
Whenever you login to Facebook a new "session" is started, with your computer recorded & associated with your login. This allows you to stay logged in without needing to keep re-entering your password every time.
A list of all your account's current sessions can be viewed from within the security settings - just see the section titled "Where you're logged in". Note that it's perfectly normal to see a lot of open sessions in this list; unless you explicitly log out whenever you've finished on Facebook then each session may stay open for a while.
The screen showing all your active sessions
Look through all the sessions listed for any that look suspicious, for example a location or device you don't recognise. You can easily end a session by clicking the "X" next to it (in the app) or "Log Out" (in the web browser, click the 3 vertical dots next to the session to get to this). This will immediately log those sessions out.
You can even end all sessions in one go if you want, although note that you might need to log back in again as you'll terminate your current session too!
Step 3 - Change your password
If an intruder has been in your account then you need to change your password as a priority. From the "Security and Login" menu click "Change Password"; you'll need your old password in order to change it. See our section on passwords if you're stuck for password ideas.
After doing this it's also a good idea to double check the active sessions again. This is just in case the hacker was in your account when you terminated their session & they managed to immediately log back in again.
What else can I do to stop it happening again?
Add Two-Factor Authentication ('2FA')
Two Factor Authentication is a way of strengthening the login process beyond just your password. This is done by also requiring a one-time code to be entered during login, a code that is either generated from within a dedicated app or sent to you via text message.
This feature makes it much harder for any hackers to break into your account again - even if they somehow discovered your password they'd still also need this unique code. It's a much more secure process.
The options for enabling Two Factor Authentication.
Facebook have implemented this in a sensible way, and this extra code is only needed when you try logging in from a device not seen before. This makes it very manageable and prevents you from the hassle of constantly having to enter a new code.
Enabling 2FA is fairly straightforward. From within the Security & Login settings menu find and click on "Use two-factor authentication" - this will bring up the 2FA options.
- If you want to receive codes via text message (SMS) then ensure your phone number is listed (if not then add it) and enabled.
- You can also use a dedicated authentication app on your phone to generate this code - in fact this is even more secure than receiving it by text.
If you want a step-by-step guide to the whole process see our dedicated guide to setting up two factor authentication on Facebook.
Enable Login Notifications
The options for setting login alerts
Facebook also allows you to be notified in the future if anyone logs into your account from a device it hasn't seen before. These can be sent either via the app, SMS, or email, allowing you to respond immediately if someone else accesses your account. It shouldn't ever happen if you have Two Factor authentication enabled, but it does give extra peace of mind.
It's easy to set up, from with the Security & Login menu click on "Get alerts about unrecognized logins" and configure it as you wish.