Help ! My Facebook has been hacked

This morning, rather than the alarm gently waking me up, my wife shrieks me awake with the words… “My Facebook has been hacked!”.

As the only cybersecurity expert in the vicinity, my first reaction was “Should we call CPX’s Incident Response team (800CALLCPX)?”. But as a consumer without an incident response retainer, I realized I had to fix this by myself.

So here’s my advice for anyone who encounters a similar situation:

• Don’t panic. Confirm the hack - is it really a hack or have you just logged on from a different device, or is it a spam email? In my wife’s case, she had received an official email from Facebook (be sure to check the email address this was sent from). She also had her settings adjusted so that she would be alerted by Facebook for any new login activity. Facebook sends a message providing the device details, the date/time and the location logged in from, which in this case was an iPhone in London (she was in Abu Dhabi and asleep).
• If you can still log in to Facebook, go to ‘Settings > Security and Login’ and look at devices logged in. Log out of any device that you don’t recognise. If you can’t log in, then report it to Facebook at https://www.facebook.com/hacked/
• Change your Facebook password (and change your passwords on any other site or application that you use where you might have used the same password).
• If you haven’t already done so (she hadn’t), set up Two Factor Authentication (2FA). This means that when you (or anyone else) logs in, you will need another code to complete the process. In this case it was via an authenticator, but it can also be through SMS.
• Once the new password is in place and 2FA is set up, select the option to “Log Out of All Sessions” and then log back in with your new password and verification code.
• Check permissions that applications and websites have for your account in “Settings > Apps and Websites” and remove any that you don’t recognise or that are set higher than you would have set them.
• Then check through your Facebook for any posts or messages that you haven’t written, ensure that your private content hasn’t been made public or that any other settings haven’t been changed, and also check Facebook messages sent.
• Inform your social media friends that you’ve been hacked. This may be a tough one to admit, but it’s easy for the hacker to have messaged your family and friends asking for personal details like bank account and PIN details, or transferring money types of scams (luckily the hacker didn’t impersonate her account or spread false news and messages). A lot of false information, messages, and scams today are created through AI technologies.
• Double-check your privacy settings and change any that might have been altered.

The above is an experience of a personal attack, but how does this apply to a government or a commercial organisation? Do you have an incident response plan in place to deal with similar breaches? Do you have policies that define minimum baseline security levels? Do you have established cyber awareness programmes within the organisation? Do you have cyber solutions in place that identify, protect, detect, respond and recover for similar corporate events e.g., email breaches, malware, etc.?

What happens to individuals also happens to organisations – we all deserve a good night’s sleep. In fact, if an organisation is compromised it affects much more than a singular individual and can lead to breaches of data, financial losses, reputational damage, productivity levels and more. In order not to wake up in a cyber nightmare, the above guidance might help you have a gentler morning wake up.

By Paul Lawson