No need to say “quit Facebook” in the comments on this one. For those sticking around on the social service—and there are many of you, it seems, considering the company’s total number of active users ain’t exactly trending down—there’s a lot you can and should do to secure your account. However, if someone breaks into your digital kingdom, it can be a real pain in the ass to get back your online persona, if you even can.
Lifehacker reader Tim shares some grim news in this week’s Tech 911 Q&A:
“What can you do when your Facebook account has been hacked? My husband’s account was hacked. The e-mail address, password and phone numbers for the account were changed, so he can’t use any of the recovery Help Center recovery options. I’ve reported the account and there has been no response.”
Turn to Facebook’s tools, then get annoying
I feel for you, Tim, and I’ve read plenty of stories of people experiencing this exact situation. An attacker gets into someone’s account, changes all the information, possibly even switches 2FA to their devices, and basically screws someone out of their Facebook experience. As for getting it back, well, I’m also sad to report that I have’t read many stories of success on that front.
That’s not to say that this is an impossible task, just an improbable one. Let’s go over a few potential solutions you can try.
You used to be able to get your friends to report a Facebook account as hacked, but that option seems to have gone away. Instead, Facebook has added a “Hacked Accounts” section to its Help Center. Visit that website, and you should be able to walk through a guided tool that will give you various prompts you can pick from. You can also visit this website to attempt to start regaining access to your account. (I’d try both options, in case one gives better results than the other. Heck, you can even try this page, too.)
Theoretically, your husband should be able to use either tool to get back into his account, though the process might ultimately require him to submit physical proof of ID to Facebook. And, honestly, it’s a good thing if you get to that step, because it’s probably the best chance you’ll have of regaining access.
I would also have your husband check his email address for any notifications from Facebook about an email/password change. You should receive an email at the previous address whenever a new address is added to an account. As Facebook notes:
“If the email associated with your Facebook account has changed, you can reverse this. When an email is changed, we send a message to the previous email account with a special link. You can click this link to reverse the email change and secure your account.”
Facebook’s tools should allow you to reset your email and/or the phone number associated with your account. If you’re asked to provide a login code because someone has set up two-factor authentication on your stolen account, make sure you select any “help me” options present instead of firing off that code to someone else’s device. This should eventually lead you to the mechanism you’ll need to use to prove to Facebook you’re actually you, but there’s no guarantee that regaining access to your account will be a quick process.
Going forward, make sure your husband sets up two-factor authentication on his Facebook account—whether he regains access to his existing account or gives up and makes a new one. That way, it will be virtually impossible for someone to break into his account unless they have physical access his smartphone or perform some kind of SIM-spoofing attack. And, as always, it’s critical to use a unique, strong password for Facebook that isn’t used with any other service. Ideally, one that will be kept safe via a dedicated password manager.
I wish I had better advice for you—or even some way to contact Facebook to get personal assistance with the problem. Unfortunately, Facebook’s automated tools are the best you’re going to get. Make sure he’s thoroughly exhausted all the options, even if it takes running through them multiple times, clicking all the various “help me” links along the way. He might even have to pester Facebook elsewhere. (Twitter DMs? Maybe even Oculus support, if he pretends to be a customer who needs access to his Facebook account to use one), or submit his ID multiple times (alongside increasingly snarky comments) before he regains access to the account.
Is this annoying? A hundred times yes. However, persistence will (hopefully) pay off.