Talk to an expert

Help ! My Facebook has been hacked

29 August, 2023

This morning, rather than the alarm gently waking me up, my wife shrieks me awake with the words… “My Facebook has been hacked!”.

As the only cybersecurity expert in the vicinity, my first reaction was “Should we call CPX’s Incident Response team (800CALLCPX)?”. But as a consumer without an incident response retainer, I realized I had to fix this by myself.

So here’s my advice for anyone who encounters a similar situation:

  • Don’t panic. Confirm the hack - is it really a hack or have you just logged on from a different device, or is it a spam email? In my wife’s case, she had received an official email from Facebook (be sure to check the email address this was sent from). She also had her settings adjusted so that she would be alerted by Facebook for any new login activity. Facebook sends a message providing the device details, the date/time and the location logged in from, which in this case was an iPhone in London (she was in Abu Dhabi and asleep).
  • If you can still log in to Facebook, go to ‘Settings > Security and Login’ and look at devices logged in. Log out of any device that you don’t recognise. If you can’t log in, then report it to Facebook at https://www.facebook.com/hacked/
  • Change your Facebook password (and change your passwords on any other site or application that you use where you might have used the same password).
  • If you haven’t already done so (she hadn’t), set up Two Factor Authentication (2FA). This means that when you (or anyone else) logs in, you will need another code to complete the process. In this case it was via an authenticator, but it can also be through SMS.
  • Once the new password is in place and 2FA is set up, select the option to “Log Out of All Sessions” and then log back in with your new password and verification code.
  • Check permissions that applications and websites have for your account in “Settings > Apps and Websites” and remove any that you don’t recognise or that are set higher than you would have set them.
  • Then check through your Facebook for any posts or messages that you haven’t written, ensure that your private content hasn’t been made public or that any other settings haven’t been changed, and also check Facebook messages sent.
  • Inform your social media friends that you’ve been hacked. This may be a tough one to admit, but it’s easy for the hacker to have messaged your family and friends asking for personal details like bank account and PIN details, or transferring money types of scams (luckily the hacker didn’t impersonate her account or spread false news and messages). A lot of false information, messages, and scams today are created through AI technologies.
  • Double-check your privacy settings and change any that might have been altered.

The above is an experience of a personal attack, but how does this apply to a government or a commercial organisation? Do you have an incident response plan in place to deal with similar breaches? Do you have policies that define minimum baseline security levels? Do you have established cyber awareness programmes within the organisation? Do you have cyber solutions in place that identify, protect, detect, respond and recover for similar corporate events e.g., email breaches, malware, etc.?

What happens to individuals also happens to organisations – we all deserve a good night’s sleep. In fact, if an organisation is compromised it affects much more than a singular individual and can lead to breaches of data, financial losses, reputational damage, productivity levels and more. In order not to wake up in a cyber nightmare, the above guidance might help you have a gentler morning wake up.

By Paul Lawson

Continue Reading

write

20 November, 2024

The Modern CISO Playbook: Top priorities for CISOs in 2025

Read now

30 August, 2024

Ask the Right Questions to Get Data Privacy Compliance Right

Read now

29 December, 2023

Navigating Cyberspace in 2024: A Sneak Peek into the Top Security...

Read now

14 December, 2023

Top systems integration challenges every organization must prepar...

Read now

20 July, 2023

Security Product Research in the Lab: A fair chance to prove your...

Read now

20 July, 2023

The Cyber Security Conundrum: Balancing Ego and Expertise

Read now

20 July, 2023

The Internet Never Forgets

Read now

20 July, 2023

Top Cloud Security Risks and How to Address Them

Read now

20 July, 2023

Why Continuous Education, Training and Awareness are Essential fo...

Read now

02 May, 2023

A 5-Star Partner: Priming Your IT and Security Services for Success.

Read now

02 May, 2023

AI and Cybersecurity: A Tale of Innovation and Protection

Read now

02 May, 2023

How to Select a Secure Cloud Model, One Size Does Not Fit All

Read now

02 May, 2023

Making Sense of Public Ratings in Product Selection Process

Read now

02 May, 2023

Privacy Compliance: A Four-Step Approach

Read now

02 May, 2023

Securing Your Website – Gaining Online Customers’ Trust

Read now