Between my sister’s engagement, summer trips and weddings, and my new job training taking up most of my time, the last thing I needed to deal with was my facebook getting hacked. I’d seen it happen to some other people before, where they have to create a whole new account from scratch, but I never thought it could happen to me. I had a pretty strong password and I don’t share it with anyone, and still, some hacker got into my account, started posting a ton of stuff in Arabic, and got me locked out. I don’t have access to my page, my pictures, my messenger account…it’s all gone.  Not to mention, all in the hands of a total stranger who could do whatever they want with it.  I have been doing a lot of research and sending emails back and forth to facebook trying to get it back, and let me just say this is not easy and definitely not fun. I decided to share some of what I learned in this process to help people avoid what I am now going through.  

Never email or text your password: Most email servers aren’t completely secure, and you have no idea who is looking at the screen of the person you sent your password to. Use an encrypted services like to make sure that only your intended recipient gets your password if you absolutely must send your password over a network. However, as much as possible, just don’t send them.

Two-Factor Authentication: When you log in from an unknown computer or phone, two-factor authentication sends your phone number a text with a code that must be entered.  So unless the hacker has your actual cell phone, they will not be able to hack into your account. From your “security and login settings,” you can also choose three to five trusted friends who can help with two-factor authentication in case you’re ever locked out. That way, facebook can contact your friends directly if there’s any suspicious activity, and they can vouch for your identity and facebook.

Be careful with your clicks: Hackers don’t always have to be sophisticated to get the job done — sometimes, all they have to do is prey on your absent-mindedness or curiosity. If you get a friend request from someone you were pretty sure you’re already friends with, don’t click on their profile. If you get a fishy video with little to no context, don’t click on it. Always look at the URL of an article before you click on it, even if it’s from a friend or relative. It doesn’t take much for your account to be compromised, so always act with caution.

Change your password every two months: Life gets so busy that you forget to do this, but it could be the difference between being safe and being hacked. Since most people use the same or similar passwords for all their accounts, once a crook has one password, all your accounts are vulnerable. For the most important ones, like your bank, email, facebook, and a few select others, set a reminder on your phone or calendar to change your passwords every two months or so.

Browse Facebook in “Guest mode” on public computers: Public computers are a great service to utilize in public libraries or hotels, but be careful about how much information you give them and taking it all with you when you leave. On Google Chrome, you can browse the internet in “guest mode,” meaning that as soon as you close the window, all your passwords, browsing history, and cookies are immediately erased.

This one is a little extreme but try not to use public chargers: People have gotten really tricky with how they are able to syphon information from your phone, and one of them is with a jerry rigged charger. A lot of libraries, cafes, and even concert venues will have phone charging stations as a courtesy to visitors, but they’re generally left unmonitored, so criminals can replace the venue’s cables with ones that download all the phone’s information, and they look identical. Instead, make sure you carry your own cable, and if you really want to be safe, bring your own power bank instead of relying on the public ones.
If you think you may have been hacked, you can always check the website to see which social media platforms have had important data (including your own username and password) stolen and sold on the dark net.