Facebook account hacked and can’t be recovered, what next?
December 18, 2024 11:22 PM Subscribe
A relative’s Facebook account was hacked. The hacker has changed the associated email and phone number so recovery codes are sent to them and not to relative. What’s next to make sure relative is secure online?
I say “hacked” though it’s possible that relative (or a family member trying to help when they realised they couldn’t log on to Facebook) clicked on a malicious link in an email to “recover your Facebook account”.
We have been through the usual instructions online but can’t receive a recovery code as the associated password, email and ph number has been changed by the hacker. The process ends with a page on Facebook saying they can’t safely proceed further. Messenger and phone app has been logged out, and we can’t log in via the username either. We don’t have Twitter or IG accounts to message meta directly, can’t find any options to send ID to Facebook as other people have in past questions.
I’ve notified mutual friends and family and asked them to report the account (in the hope it will be disabled - it’s already made spammy bitcoin posts) and then to delete “relative” from their friend list. I’ve removed the account from any group chats we were in together.
I’ve changed relative’s email password and will be changing all other account passwords that they can think of. We’ll make a new Facebook account linked to a different email address. (Yes, I would prefer they didn’t use it at all but messenger is pretty important for them).
Is there anything else I should be doing?
I say “hacked” though it’s possible that relative (or a family member trying to help when they realised they couldn’t log on to Facebook) clicked on a malicious link in an email to “recover your Facebook account”.
We have been through the usual instructions online but can’t receive a recovery code as the associated password, email and ph number has been changed by the hacker. The process ends with a page on Facebook saying they can’t safely proceed further. Messenger and phone app has been logged out, and we can’t log in via the username either. We don’t have Twitter or IG accounts to message meta directly, can’t find any options to send ID to Facebook as other people have in past questions.
I’ve notified mutual friends and family and asked them to report the account (in the hope it will be disabled - it’s already made spammy bitcoin posts) and then to delete “relative” from their friend list. I’ve removed the account from any group chats we were in together.
I’ve changed relative’s email password and will be changing all other account passwords that they can think of. We’ll make a new Facebook account linked to a different email address. (Yes, I would prefer they didn’t use it at all but messenger is pretty important for them).
Is there anything else I should be doing?
Just a note, the usual way this happens is that a 'friend' (who has already lost their FB account) messages you and says "I need one of my friends to receive a code on their phone to get me back into my account." Then they send a code to your phone (which is actually for your own account) and you read it back to them and they take over your account.
So it's worth mentioning to your relative that they should never give someone a code that comes to their phone.
posted by mmoncur at 3:17 AM on December 19 [2 favorites]
So it's worth mentioning to your relative that they should never give someone a code that comes to their phone.
posted by mmoncur at 3:17 AM on December 19 [2 favorites]
You should change passwords for all other accounts, especially if they use the same email or password. Also, set up two-factor authentication (2FA) and report the hack to Facebook using their hacked account page. Keep an eye on their email and other accounts for suspicious activity. Run antivirus scans on their devices to make sure there’s no malware.
posted by caro1989 at 6:15 AM on December 19 [4 favorites]
posted by caro1989 at 6:15 AM on December 19 [4 favorites]
« Older Loosing pet, looking for support options for grief... | Brushing teeth with no toothpaste? Newer »
You are not logged in, either login or create an account to post comments
The hacker may well have turned off the ability to tag, but if they haven't (and if Joe Smith allowed tagging in the first place) then all Joe Smith's friends should see the post. If you want to.make extra sure the post gets viewed by all friends include the words "congratulations" or other things that suggest big life things.
posted by If only I had a penguin... at 11:31 PM on December 18 [3 favorites]