Common reasons someone may try to reset your Facebook password
There are a few common reasons why someone else may be trying to reset your Facebook password:
1. You re-used your Facebook password on another website that got hacked
One of the most common reasons your Facebook password may be targeted is if you’ve used the same password on another website or service that experienced a data breach. When hacks and data breaches occur, usernames and passwords are often leaked online.
Hackers will take these leaked credentials and try them on popular sites like Facebook, knowing that many people re-use passwords across different accounts. So if your Facebook password is the same as a password you used on a breached website, hackers may have obtained it and be trying to access your Facebook account.
2. You entered your Facebook login on a phishing page
Phishing is when scammers create fake login pages designed to steal your username and password. They then try to log into your real account with the credentials they’ve stolen.
If you recently entered your Facebook username and password into a page you think may have been a phishing scam, that could be why someone has your password and is now trying to access your account.
3. Keylogging malware on your device captured your password
Keyloggers are a type of malware that record your keystrokes to steal passwords, credit card numbers, and other sensitive information you type.
If your computer or mobile device has keylogging malware installed, it’s possible it captured your Facebook password when you last logged in, allowing attackers to obtain your login credentials.
4. Your password was part of a known data breach
There are websites like HaveIBeenPwned.com that let you search across major data breaches to see if your email or password has been compromised. If your Facebook password shows up in one of these known breaches, that means it was likely stolen in a hack and is now being used by hackers to try and access your account.
5. Your Facebook account is being targeted for identity theft
Unfortunately, hackers may specifically target your Facebook account because it can provide a lot of personal information useful for identity theft – like your full name, date of birth, hometown, etc.
By resetting your password and gaining access to your account, identity thieves can steal or misuse your personal information for financial fraud and other crimes.
6. You have malware on your phone stealing Facebook session cookies
Rather than stealing your actual Facebook password, some forms of malware will target the Facebook session cookies stored on your phone or computer.
Session cookies allow you to stay logged into Facebook over multiple visits without re-entering your password each time. If these get stolen by malware, hackers can use them to access your account without needing your password.
7. Your Facebook password was part of a site database breach
While less common, in some cases a website or service can suffer a breach exposing their entire user database – including stored credentials. If you used the same or similar password on that site as you have for Facebook, it could allow attackers access.
8. You fell for a Facebook password reset scam
Scammers may also send phishing emails pretending to be from Facebook, telling you that your password has been reset and luring you to a fake password reset page to steal your login info.
If you recently tried to reset your Facebook password after receiving one of these scam emails, chances are your credentials are now in the hands of cybercriminals.
9. You have spyware or a trojan sending your info to hackers
Advanced forms of malware like spyware and trojans are specifically designed to monitor your activity and transmit your personal information and login credentials to hackers.
If one of these more malicious programs made its way onto your device, it very well may have captured your Facebook password and is now being used in password reset attempts.
10. Your password is weak and was guessed or brute forced
If you have a weak Facebook password, like a dictionary word or common number combination, it’s possible hackers were able to guess or crack it through brute force password guessing. Use of your birthday or other personal info can also make passwords easy to guess.
Strong passwords over 12 characters combining upper/lowercase, numbers, and symbols can help prevent this kind of access.
How to secure your Facebook account
If you think someone else may be trying to access your account, there are steps you should take right away to secure it:
Reset your Facebook password
First and foremost, reset your Facebook password immediately. Make sure your new password is completely different from your old one and is as strong as possible.
Turn on two-factor authentication
Enable two-factor authentication on your Facebook account for an added layer of security. This requires you to enter a code from your mobile device when logging in from unknown browsers.
Check where your account has been accessed
In Facebook security settings, you can see details on the browsers and locations your account has been accessed from recently. Look for any unknown or suspicious access locations.
Revoke any active Facebook sessions
You can also revoke any current Facebook sessions to log out anyone currently accessing your account on another device. Criminals may be logged in, so revoking the sessions can kick them out.
Carefully review your privacy settings
Check that your Facebook privacy settings are set to only share information with your friends if you want to prevent identity theft. Disable any third-party app access you don’t recognize.
Run anti-virus scans
Install quality antivirus software on your computers and phones and run full system scans to check for any keylogging malware or spyware that could be stealing your info. Remove anything dangerous it detects.
Avoid using public Wi-Fi
When you log into Facebook on public Wi-Fi, it makes it much easier for hackers to steal your credentials or spy on your activity. Use your mobile data instead.
How to create a strong Facebook password
To keep your Facebook account secure going forward, it’s important to create and use a strong password that’s difficult for hackers to crack. Here are some tips:
Make your password long
Your password should be at least 12 characters, but longer is even better to make it more secure. The longer your password, the harder it will be to guess or brute force it.
Mix upper/lowercase letters, numbers and symbols
Use a mix of these elements to add complexity. Having different types of characters thwarts most dictionary attacks.
Avoid personal info or common words/phrases
Don’t base your password on personal information like your address or birthday, and avoid using common dictionary words and number patterns like “12345” which are easy to guess.
Use a password manager
Consider a secure password manager app which can generate and store long, random and unique passwords for each of your accounts to keep them safe.
Don’t re-use the same password
Make sure your Facebook password is completely different from all your other online accounts, so a breach on one site won’t expose the rest.
Change it periodically
Update your password every 3-6 months to limit how long attackers have to work on cracking your current credentials.
Here’s an example of a strong 12 character Facebook password:
r8ndom!Pass#57
Staying safe on Facebook
Beyond using a strong password, you should also be mindful of the following Facebook security tips:
Watch out for phishing
Be wary of unsolicited emails and messages asking you to login or reset your password. These types of phishing scams are common on Facebook.
Limit app permissions
Don’t allow any unnecessary third-party apps access to your Facebook account. Review permissions regularly.
Limit sharing of personal information
Be thoughtful about the personal details you add to your Facebook profile and status updates to avoid identity theft risks.
Secure your other accounts
Make sure you have strong unique passwords and two-factor authentication enabled on all your important online accounts, not just Facebook.
Keep software updated
Ensure your devices and apps have the latest security patches applied to protect against vulnerabilities.
Use secure Wi-Fi
Never access Facebook on public Wi-Fi. Use your password-protected home network or cell data when using Facebook on the go.
Recovering from a compromised Facebook account
If your Facebook account has already been compromised, here are some steps to help you regain control and recover it:
Report unauthorized changes
Let Facebook know your account has been compromised so they can lock it down if unauthorized changes are being made.
Remove unauthorized posts/messages
Delete any wall posts, messages, or other content the hacker may have sent from your account while they had access.
Alert your Facebook friends
Let your Facebook friends know your account was hacked in case the attacker interacted with them while posing as you.
Change your username
If your regular username was compromised, create a new Facebook account with a fresh username that’s more secure.
Tighten privacy settings
Double check that your privacy settings, login approvals, two-factor authentication etc. are configured to maximize your account security.
Scan all your devices
Run comprehensive anti-virus and anti-malware scans to remove anything used to access or steal your info like keyloggers and spyware.
Change credentials for other breached accounts
If you re-used your Facebook password elsewhere, be sure to change those as well to prevent further misuse of the compromised credentials.
When to contact Facebook support
If the issue persists or you see signs of serious account misuse, it may be time to directly contact Facebook support for additional help:
– If you can’t regain access to your account at all
– If inappropriate content is continually being posted from your account after a password reset
– If you suddenly stop receiving your Facebook emails or texts for login codes
– If money is being stolen via Facebook Payments by the hacker
– If your account gets fully taken over for identity theft
– If you start seeing login emails for unknown locations or devices
Facebook’s help center has contact options to report hacked or disabled accounts. Provide as many details as possible. For severe cases, Facebook may be able to temporarily disable your account until it’s properly recovered.
Should you delete your Facebook account after a hack?
While it’s an understandable reaction after a security incident, deleting your Facebook account is often an overreaction that punishes you rather than addressing the root cause.
Instead, invest your time into properly securing and recovering your account using the steps outlined above. This will allow you to continue benefiting from Facebook while protecting yourself from future unauthorized access.
Only if the account becomes completely unsalvageable or a relentless source of problems should you consider fully deleting as a last resort. And when signing up again, make sure you create a fresh account with brand new secure credentials.
Conclusion
Having your Facebook password targeted or account compromised can be a stressful experience. But in most cases, the issue stems from password reuse or a malware infection which can be contained by resetting your credentials, enabling two-factor authentication, running antivirus scans, and revoking unauthorized access.
Be proactive about Facebook security by using strong unique passwords, limiting app permissions, avoiding phishing scams, and securing your Wi-Fi. With proper precautions, you can feel confident keeping your account safe from the majority of threats. But if issues persist, don’t hesitate to lean on Facebook’s security teams for help recovering your account.