How to avoid getting your Facebook account hacked

I am a tech-savvy person, and of no importance or influence, haha; so I was very surprised (and annoyed) to have become a victim of a recent Facebook hacker. No idea if this was an individual, bot, organization, whatever. All I know is I already had 2-factor authentication set up (which means, you need to confirm your identity on a separate method when logging in on a new device), but my backup method was by SMS text message, which apparently can be intercepted and used by the hacker to gain access to your account.

I received an email overnight that said someone was trying to log in from a new location, followed by a text at 3:30 AM with a confirmation code. They somehow used that code to get access to my account, add their email as a secondary email (I see it when I try to log in, but it’s mostly obfuscated so I don’t know the actual email address), and changed the 2-factor authentication to use a separate encrypted app, so now I no longer receive the codes to log in; they do. They also cleared my recent logins, so I don’t have any active logins anywhere to reset my settings, and everything is treated like a new device.

First, if this happens to you, report it and secure your account immediately, so they can’t continue logging in. It then has you send them a picture of your Photo ID, but it says it can take weeks to review (if they decide to review it at all).

To avoid this happening, on your Facebook app (not web version), go to your privacy & security settings; under Settings, find the option for 2-factor authentication, and turn it on. Set the Authentication type as Authentication App (NOT SMS).

To finish this process, you’ll need to download a 3rd party encrypted authenticator app. Microsoft has a good one (Microsoft Authenticator), or you can use Google Authenticator or LastPass Authenticator, etc. One that you trust or already use.

Then you say on Facebook to show you a code, copy that code, and paste it into your authenticator app as a new account.

Now, when you log into Facebook for the first time from a new device, you will have to open up your separate Authenticator app to get the 6 digit code to enter. It is far more secure than receiving it over SMS.

NPR had a story about this issue recently; it’s happening to a LOT of people lately so please take a few seconds to upgrade your security, or your account is at risk and you may not get it back.