Facebook Hijacking: Recognize, React, and Guard(io)

August 26th · 15 min read

Rotem Tal - Senior Cybersecurity Expert |Writer & Editor|
Rotem Tal - Senior Cybersecurity Expert |Writer & Editor|

Facebook relationship status: Love - Hate

How do you feel when the name Facebook comes up? If you're anything like me, you probably have a love-hate relationship with social media. Deactivating it after getting tired of doom scrolling, then succumbing to FOMO and reactivating it. Whether you use Facebook to stay informed, boost your business, keep in touch with loved ones, or utilize the Marketplace, its impact on your life is hard to ignore.

Facebook boasts 3.07 billion monthly users, making it the most popular social media platform in the world. But with its growth comes a shadowy aspect far more concerning than any ex's photo updates. Surprisingly, not every friend request comes from a real person. Okay, I’m sure it comes as no surprise as we’ve all gotten weird friend requests from someone with 2 friends that has no posts - and thought to yourself, there’s something fishy about this account.

The thing is, fake accounts are just the tip of the iceberg, it gets even worse. A staggering number of Facebook profiles, potentially like yours, have fallen victim to hijacking by cybercriminals. This breach isn't just about losing control of your social media presence; it's an open door to your personal information and privacy being compromised.

| Personal Information of 533 Million Facebook Users Leaked Online

This article dives into the escalating issue of Facebook hijacking, revealing how cybercriminals are increasingly sophisticated in their methods to infiltrate your account. More importantly, we're going to share indispensable tips to keep your account and digital identity protected. Side note, understanding the threat is the first step and having security software like Guardio is the next. Let's tackle this head-on.

Is your Facebook account really secure?

Protect yourself from Facebook hijacking & other online scams, start your free 7-day trial today.

Understanding Facebook hijacking

Essentially, Facebook hijacking is when a hacker gains access or takes control over someone's Facebook account. Typically, a hijacker can gain access by buying credentials on the dark web, through phishing, malware, or by exploiting weak passwords.

Once hackers have taken over one social media account, like Facebook, it’s a hop, skip, and a jump away from getting into other social media accounts as well. That is, if you have similar passwords, but let's be honest, they’re probably all the same, right? What’s even more crazy is that they can use your profile to phish and solicit money from your friends and followers.

Facebook hijacking and data leaks

In the past decade, data breaches and password leaks have struck companies like Home Depot, Yahoo, Target, LinkedIn, T-Mobile and many others. Facebook is not immune and has also suffered several data breaches. The most recent breach happened in April 2021, when personal data connected to 533 million Facebook users was made public on an online forum. The fact that so many huge companies leak data or are hacked makes it very likely that your information has been compromised as well.

What happens if your personal information is stolen in a data leak, you may ask? The short and frightening answer is that it’s usually sold on the dark web. Yep, that’s right, there are online marketplaces that sell stolen credentials for as low as $15. Think of the enormous amounts of personal information stored on your accounts, pictures, addresses, interests, where you went to school, business, and banking info, and that’s just the beginning.

If your personal information lands in the wrong hands, which it probably will - I mean, who else hangs out on the dark web? - it can be used to access your social media accounts and eventually hijack them. So what’s the big deal, a pimpled teenager will have access to my vacation pictures, who cares. Well, your vacation pics are the last thing on the scammer's mind.

Facebook hijacking and phishing

We’ve written about classic phishing attempts before, but as a refresher - this is where scammers create fake emails that look identical to official messages from a legitimate organization. In a Facebook email phishing attempt, it pretty much works the same. Scammers send out emails that seem to be coming from Facebook. The emails have an urgent tone and threaten to close your account becuase you've done something wrong (anything you've posted, or maybe you need to update something like your date of birth). They employ social engineering techniques aiming to make you believe that by acting fast, you’ll be able to save your account. The emails may also contain attachments, malware, or harmful links. Once downloaded or clicked, you’ll either be led to dangerous websites, or malicious software will automatically be installed on your computer. Pretty nasty, right?

Facebook hijacking scams add some spice and malicious techniques to take phishing to the next level. For cybercriminals, it’s like fishing with dynamite. Once they gain access to your account, they can basically lock you out, change passwords, target your friends, steal their credentials and/or money, and move on to the next victim.

Hack→ Steal→ Repeat - Endless times.

Here’s an example of how it plays out. Let’s say your friend Ryan Reynold's (yes, he’s your friend) Facebook account got hacked. Then he starts messaging you about some "amazing new business venture" he's apparently into. There's even a link for a "mind-blowing presentation" he's been "slaving over." Now, Ryan and you are tight, and you know he’s a serial entrepreneur, so you click the link to check it out.

Not a good move. You get sent to a fake Facebook login page - same logo, branding, and colors - you wouldn’t even be able to tell the difference, so you enter your password without a second thought. Next thing you know, your phone is blowing up with texts from Blake Lively and other friends asking why you’re messaging them about needing money. Yep, a scammer using Ryan’s hacked profile just took over your account - and the vicious cycle continues.

Ryan Reynolds Facebook page

I know getting SMSs from Blake Lively doesn’t sound scary, but believe me, Facebook hijacking is no joke. Let’s say you promote your business on Facebook. If your account is hijacked, the scammers can ruin the reputation of your business. They can even use your Facebook Ads account to promote fake ads or porn downloads to entrap other unsuspecting users. Not only will your business be in trouble, but so will you. Unlike the story of Ryan Reynolds and I being friends, sadly, this can really happen.

Post, share, and connect safely, with Guardio

Ensure your profiles and data stay private and secure, everywhere you browse or share.

Dangers of Facebook hijacking

Needless to say, if your Facebook account is in the hands of a scummy cybercriminal, you’re in deep trouble. It has some serious repercussions that go beyond just messing up your social life. Here are some of the consequences of a hijacked Facebook account:

Loss of account control: Once you're hacked, you lose control over your Facebook account. Hackers can change your login info and recovery options, making it a real challenge to get your account back.

Privacy invasion: Facebook is often a treasure trove of personal details. Hackers can snoop through your private messages, photos, and posts. It's not just creepy; it's a full-blown invasion of your privacy.

Phishing attacks: Your hacked account can be ground zero for launching phishing scams. With your profile and information in hand, scammers can personalize messages coming from your account to trick your friends into giving up their credentials or clicking malicious links. Not a good look.

Spread of malware: Imagine your account sending out malware in the form of dangerous files or links - to all your contacts. It can happen, and it can lead to the loss of data and financial info for anyone unlucky enough to click on what you (or, rather, the hacker) sent.

Reputation damage: Any inappropriate or harmful posts can torch your reputation faster than you can say, "That wasn't me." And it might be seen by a lot of people before you manage to regain control.

Financial loss: Scams or fraudulent activities promoted through your hijacked account can result in financial losses, not just for you but also for anyone who falls for these schemes.

Identity theft: Last but definitely not least, the information in your Facebook account can also be used for identity theft. Think about it, there’s a good chance that you use the same password on Facebook for other accounts. Also, what other accounts do you log in to using Facebook? All that info on all of those accouts can easily be used for unauthorized financial transactions or even opening new accounts in your name.

The stakes are high, and Facebook hijacking isn't just an inconvenience, it's a serious threat that can affect multiple facets of your life.

The rise in Facebook hacking concerns

The increase in Facebook hacking is a real cause for concern, and it's not just for social media enthusiasts — it should worry all of us. First off, hackers are getting more sophisticated; their scams are so convincing that even the most savvy people fall victim to them. Plus, your personal data is like gold to these hackers. They can either sell it or use it to commit fraud.

But the risks don't stop at losing your data. Hacked accounts can be weaponized to spread fake news or, even worse, conduct illicit activities. Just think about the potential personal drama and professional damage if someone starts posting crazy stuff on your account. And let's not forget about the domino effect—once they have access to your Facebook, they might try to break into your other online accounts. So, it's more crucial than ever to up your security game. Strong passwords and multi-factor authentication, anyone?

Recognizing the signs of a hijacked account:

Spotting the red flags of a compromised account is crucial for your online safety. Here are some things to look out for:

Unexpected posts or messages: If you notice posts, comments, or messages that you didn't create.

Friend requests: You see friend requests being sent to people you don't know or don't remember sending a request to.

Profile changes: Sudden changes in your profile information, such as your email, name, or profile picture.

Login alerts: Receiving email or text notifications about unauthorized logins or login attempts.

Password issues: If you find that your password has been changed without you knowing or you can’t log in to your account, that's a telltale sign.

Unusual activity: If your account is liking, sharing, or interacting with content you wouldn't normally engage with, be suspicious.

Apps and games: New apps or games are added to your account that you didn’t authorize.

Check-ins: Your account is checking in to places you've never been to.

Removed friends: If you notice that some of your friends have been removed without.

Financial activity: If you notice unfamiliar charges or shopping activity related to your account.

Facebook security walls broken

Immediate steps to take if you've been hacked

If you can still log in, go to Settings > Security and Login. Look at the last devices you’ve logged in from, and check if any are unfamiliar. Compare the dates to pinpoint unfamiliar log-ins. A log-in during your sleep hours? Red flag. See anything off? Hit 'Log Out of All Sessions' at the bottom right, then update your password.

If can’t log in, the hacker probably changed your password, suggesting that some sketchy stuff is going on. Reach out to a reliable Facebook friend. Have them check your profile via their account:

  • Did your name, profile photo, or email switch?

  • Notice any missing friends or unfamiliar ones added?

  • Spot any posts you didn't make?

  • Are your pals getting messages you didn't send?

  • Has anyone suspicious reached out to you?

What to do if you have been hacked on Facebook

Immediately report it Even if you can’t log in to your account you can use Facebook's dedicated page to report a compromised account. You’ll need to enter the phone number or email you registered with.

Change passwords Since we use Facebook to log into multiple accounts like Instagram, Spotify, and various shopping platforms, as well as some work-related tools, a compromised Facebook account can put our entire digital life at risk. So change all those passwords ASAP.

Protecting your Facebook account from future threats:

  • Enable two-factor authentication (2FA): This adds an extra layer of security.

  • Update password: Make it strong and unique.

  • Be cautious: Don't click on suspicious links.

  • Monitor account activity: Regularly check for unfamiliar logins.

  • Limit sharing: Keep personal info to a minimum.

  • Educate yourself: Stay updated on latest scams and threats.

  • Review privacy settings: Control who can see your posts and profile.

  • Use security software: Tools like Guardio can help keep your account safe.

How Guardio shields you from hijacking threats:

1. 24/7 protection - Guardio will detect hidden threats and hijacking attempts and block them.

2. Detect and remove - Automatically eliminate malicious extensions that risk your personal information, install viruses, or change your browser settings.

3. Full scam protection - Guardio will block phishing sites and emails that try to hijack your accounts. It also blocks annoying pop-ups and ads with malicious code.

4. Real-time security - Whenever there are data breaches on the internet that may put your privacy at risk, Guardio will send you a notification so you can quickly take action and prevent identity theft.

5. Security for the whole family - Protect up to 4 additional members from online threats like phishing attacks and scam websites

If you want software that protects your online experience while you do your thing, Guardio is perfect for you. It’s trusted by over 1.5 million users and covers up to five people with one subscription, which makes it more cost-effective for families. The dashboard gives you an easy-to-understand illustration of possible data leaks, suspicious sites you’ve visited, any hijackers blocked, and more.

Stop Facebook Hijacking with Guardio’s Online Protection

Protect yourself from social media scams & other online threats, begin with a free scan.

The stakes are incredibly high when it comes to Facebook hijacking, and no one is immune to the risks. With a staggering 2.9 billion users, Facebook is an attractive playground for cybercriminals. Beyond the surface-level inconveniences like bizarre posts or friend requests, a compromised account can lead to severe consequences like financial loss and identity theft. Your social media account is more than just a virtual space for interaction—it's an extension of your personal and professional life. So, its security should be paramount.

Remember, prevention is better than a cure. Simple security measures like two-factor authentication and unique, strong passwords can make a significant difference. Tools like Guardio can help strengthen your online security, offering real-time protection and a comprehensive security shield.

Facebook has woven itself into the fabric of our daily lives, but that doesn't mean we should be complacent about the risks involved. By taking proactive steps today, you can safeguard your account and, by extension, your personal information from falling into the wrong hands. After all, in the digital age, information is not just power; it's also a gateway to our lives. Protect it wisely.


What is Facebook hijacking?

Facebook hijacking refers to the unauthorized takeover of a user's Facebook account by cybercriminals. This can be achieved through various methods

  • Phishing

  • Malware

  • Session hijacking

  • Forgotten password hack

Once the attacker has control of the account, they can misuse it in various ways, such as sending spam, spreading malware, impersonating the user to scam their friends, or accessing other accounts linked to the Facebook account.

How can I tell if my Facebook account has been hijacked?

These are the red flags you should be aware of:

  • Unexpected posts/messages

  • Unfamiliar friend requests

  • Profile changes

  • Unauthorized login alerts

  • Changed password

  • Unusual likes/shares

  • New apps/games

  • Random check-ins

  • Missing friends (removed from your list)

  • Strange financial activity

If you see any of these signs, take immediate action to secure your account.

Are older individuals more vulnerable to Facebook hijacking?

When it comes to tech, older people can sometimes get a bit left behind. Just as you may no longer follow what's top of the Billboard, or keep up with the Kardashians, at some point all of us stop being up to date with the latest social media or tech trends. They might not be up-to-date with all the tech lingo and security features. Plus, they could be more trusting and click on something they shouldn't. But hey, that's why it's super important for everyone, especially the older generation, to have online security tools and get educated on how to keep their accounts safe!

I believe my account has been hacked. What should I do immediately?

To keep your Facebook account safe from potential threats, here are some quick tips you should follow:

If you can still log in:

  1. Access your Facebook settings and navigate to the 'Security and Login' section.

  2. Look at the list of devices that have logged into your account recently. If you notice any unfamiliar activity, that's a red flag.

  3. To be on the safe side, log out of all other sessions. You can find this option at the bottom of the 'Security and Login' page.

  4. Immediately change your password to something strong and unique.

  5. For added security, enable 2FA to receive an additional code when logging in.

  6. Double-check your posts, messages, friend list, and any financial activity tied to your Facebook account for any unauthorized changes.

If you can't log in: Contact a trusted Friend: Ask a friend to check your profile to see if there is any unusual activity like posts you didn't make or new friends you didn't add.

  1. Go to the Facebook login page and click on 'Forgotten account?' to find your account.

  2. If you can’t recover the account by the usual means, go to Facebook's 'Report Compromised Account' page and follow the prompts.

  3. If you've used Facebook to log into other services, apps, or websites, change the passwords for those as well.

General Precautions

Check email settings: Make sure the hacker has not forwarded your emails to their address, so they can't get the password reset links.

Notify contacts: Warn your friends and family that your account has been compromised and to ignore any suspicious messages or requests.

Download security software: Using an online tool like Guardio can eliminate future Facebook hijacking and keep you protected.

How does Guardio help in safeguarding my online profiles?

Guardio offers a 7-day free trial that includes:

  • System scan and inbox security

  • 24/7 scam prevention

  • Real-time identity theft protection

  • Blocks dangerous links and annoying pop-up ads

  • Cross-platform protection (up to 5 devices)

  • Family protection (up to 5 family members)

  • Protects against Facebook and social media phishing attempts

Stop Facebook Hijacking with Guardio’s Online Protection

Protect yourself from social media scams & other online threats, begin with a free scan.

Be the first to know!

Subscribe to our exclusive mailing list and get the freshest stories from the Guardio team

You may also like