Skip to main content

Facebook recently announced the largest breach in the company’s history. The breach affected about 50 million users, allowing hackers to take over their accounts. If you use Facebook, you may be wondering what to do next. Here are a few steps you can take.

First, you probably want to know more about the breach. According to Facebook, the attackers took advantage of a weakness in the “View As” feature, which lets people see what their profile looks like to others. The hackers stole digital keys that keep you logged in to Facebook so you don’t need to re-enter your password every time. Facebook says they’ve fixed the vulnerabilities and reset digital keys on 50 million affected accounts, plus an additional 40 million accounts that used the “View As” function.

To better protect yourself after this breach:

  • Watch out for imposter scams. With access to your Facebook account, hackers can get a lot of information about you. That information could be used to impersonate people you know or companies you do business with. If someone calls you out of the blue, asking for money or personal information, hang up. Then, if you want to know for sure if the person calling you was really your family member or was really from a company you know and trust, call them back at a number you know to be correct before you give any information or money. And remember: anyone who demands that you pay by gift card or by wiring money is scamming you. Always.
     
  • Consider changing your password. Facebook says that it fixed the vulnerability, so there’s no need to change your password. But, to be safe, log in and change your password anyway. If you use the same password other places, change it there, too. Don’t forget to change your security questions, as well – especially if the answers include information that could be found in your Facebook account.

For more information about what to do after a data breach, visit IdentityTheft.gov/databreach and watch the FTC’s video on What to Do After a Data Breach.

If you learn that someone has misused your personal information, go to IdentityTheft.gov to report identity theft and get a personal recovery plan. Because recovering from identity theft – and data breaches – is easier with a plan.

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.

The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.

  • We won’t post off-topic comments, repeated identical comments, or comments that include sales pitches or promotions.
  • We won’t post comments that include vulgar messages, personal attacks by name, or offensive terms that target specific people or groups.
  • We won’t post threats, defamatory statements, or suggestions or encouragement of illegal activity.
  • We won’t post comments that include personal information, like Social Security numbers, account numbers, home addresses, and email addresses. To file a detailed report about a scam, go to ReportFraud.ftc.gov.

We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.

FTC
October 03, 2018
thanks, we are living in a very bad time, I have never used the Facebook because I' i hate to type.
Carmen2016
October 03, 2018
Thanks ftc. my facebook had that problem.
'Shambala
October 03, 2018
I would like to know how this egregious company is always embedded in the data analytics that are not typically a place that countless individuals are not even aware of how to get into their own devices. I have never been a subscriber to fb, twit, or any other social media account. Yet every day I go into this area of my device, and I have to delete them each day, sometimes throughout the day. This is an unwanted intrusion into my devices, therefore into my life. If I could, I would sue them all for this breach of my own devices that I would never have subscribed to for anything, ever. So, does this mean that even though I don’t have any subscriptions with any of the social media, that my devices are also compromised too? Thank you for your constant messages that are informative and especially in the current zeitgeist of this nation.
BinkyBoo
October 03, 2018
This week I got a reset code from 'Facebook' which I didn't ask for to reset my password. I deleted it. Only 3 scammer calls yesterday. Didn't bother to answer.
P.J.
October 03, 2018
I haven't used Face Book in a long time, thankfully. It burns your time like television does. My time is too valuable, so I like to stay away from things that rot your time away. I still remember a project our 6th grade teacher gave us teaching us to be deliberate and record when we turn the TV on and off (nowadays that would include websites) for what we specifically want to see and not waste time.
DrBsBFF
October 03, 2018
My Facebook account was hacked by 2 different men after I deactivated my account! I’m not sure about 1, looks like it crossed over at the same time that I deactivated, looks like he had no idea but the other on also hacked all my games and messenger, has his picture in there big time! His username is Rochester Pitts and the other one that seems innocent is Gilberswing Ralph.
zofmui
October 03, 2018
Incredible how such a good thing (the Internet) has become a dangerous place now. It appears that robust and extensive legal regulation may be needed worldwide to make the bad folks think twice about stealing information and people's lives.
Wonderjen
October 03, 2018
A few weeks ago, I suddenly had four or five friend requests pop up from middle eastern men or military men in the middle east. The last was just yesterday. Some of them mentioned my looks in their comments. Is this part of the hack you described above?
Fooled
October 11, 2018

In reply to by Wonderjen

Do NOT reply. Love scammer. I just found out I was Scammed for money. They used another person Facebook page etc. They will even call you. I had several friend requests pop-up week before too.
Neptune#6
July 04, 2019

In reply to by Fooled

this just happen to me. in reverse. my niece just got a text from messenger with my name and account that we were ill and needed money. She called me to verify thanks to that
dawns6
October 03, 2018
I changed my password but I’m having a terrible time with Facebook. It keeps crashing and stops working in the middle of doing something. And takes forever to load. Could this be part of the scam ?
csdfg2
October 03, 2018
Thank you FTC. This is good sense information one needs to see right after their accounts have been compromised!
jen
October 03, 2018
I have had to change my password a few times. One of my "friends" was told I won a windfall of 250,000 dollars,- and that she could do the same -but some "upfront" money was needed. Thank God, she didn't give them any- but I have lost a friend of 40years since-for no reason. There are a lot of merchants selling all kinds of clothing etc., on FB. Shouldn't they be screened for reliability ?????????
lmpearson200
October 04, 2018
Thank you for this recent information. And links to help consumers. Very much appreciated!
Squirrelena
October 05, 2018
This article still DID NOT tell a person how to find out IF THEIR ACCOUNT was hacked. More info PLEASE
eng22
October 06, 2018

In reply to by Squirrelena

FB said they logged everyone out of their acct that was affected and you would have to log back in.so if you went to use your fb and had to log in (if you have it set where you dont have to log in every time) then that was it. you would also have a notification FROM FB as well saying you were logged out. but DONT accept a password reset code with a link in email or a text thats part of the breach. even if it looks like from fb
Zoey
December 02, 2018

In reply to by eng22

What?!? Facebook logged me out, because they said I had to provide ID, which I do not want to do. Then when I try to get back in, tried to reset my password, and email was sent to me with the link and the code. I thought that was legitimate and follow the procedure and of course I still can’t get back in because it still comes up with a message that they are reviewing my documents and I have to wait a few days. So now I’m not sure what is going on and I am a bit concerned. I can’t find any kind of a way to contact customer support about this issue. So is it possible that my account was hacked and then thinking the email code was legit a I got hacked again?
annie58
October 03, 2018
How do you change the security questions? I just went into Facebook to follow these suggestions but do not see where this information is.
TechMom
October 03, 2018
Does enabling code generator in Facebook add sufficient protection? Select the three bars at the upper right of the FB app you can select Settings & Privacy, then select Settings, then Security and Login. Scroll down and select two-factor authentication.
Mrs. G
October 03, 2018
On Facebook I am always getting friend request from strangers. Creepy men that I do not know. Nor do my Facebook friends know them. I have my settings on privacy so only my friends can see my stuff and contact me, yet I am still getting these creepy friend requests from strangers.
nativenyerDon'…
October 03, 2018
with our increasing dependence on all things digital, it comes as no surprise that hackers have moved in, a year ago with Equifax and now with facebook. it was only a matter of time. signals the beginning of the end of the digital age as we know it
Leatherstocking
October 03, 2018
Facebook has always lacked adequate security controls and has too much aggregate data on each individual which makes it a valuable target. Beware of backing up your information, photos, etc to the cloud as well. Server farm security is a major issue with little or no vetting of employees who can reap massive financial gain from accessing your data.
MikeM
October 03, 2018
I haven't used FB for nearly 8 years. I closed my account "but" they said it would take 30 days - in case I changed my mind. My biggest issue was the data mining and selling and later that it took over a year to get them to actually close the account. I don't like social media, I prefer to look at a person I'm speaking with.
Loony
October 03, 2018
I have absolutely no personal information, pictures, etc, on FB. You think I have a trust issue? You'd be right!!
Don't use your…
October 03, 2018
Thanks for the information. I have been having a lot of problems regarding my facebook account.
thebushman
October 04, 2018
GREAT----more to worry about---you would think as big as facebook is that they would never let this happen--
Mark
October 04, 2018
There was a life before facebook and twitter, close your accounts and get back to a safer world.
Scott
October 04, 2018
Delete your Facebook account and choose a different, more responsible social site. Facebook should be allowed to fail on it's own merits and a better company should be allowed to replace it. As a consumer you have a choice. Why choose a company who is reckless with your personal information?
Guantanamo
October 04, 2018
How do I have my Facebook page taken down. Someone hacked my phone several years ago. Cost me over $200 to have Google put up additional firewalls.
DR. BROOKLYN
October 05, 2018
IT HAPPENED TO ME TOO. MY FACEBOOK WAS THE ONLY WAY I COULD CONTACT MY FRIENDS FROM COLLEGE & HIGH SCHOOL, AS WELL AS MY OLD JOBS. MY HOUSE WAS BROKEN INTO AND THERE GOES OUR OLD PHONES, I PADS, ETC. NOW MY FACEBOOK IS HACKED. THANK YOU TO THE FTC
connie2cats
October 07, 2018
I get emails from so called fb friends with links to click but I know they are scams and ads! I clicked one once and it was some doctor talking about belly fat! I don't trust fb anymore! Too many security issues!
ayushiengg
October 08, 2018
Hello sir, few days before i had successfully login my fb account in the evening time but as i again login my account after 3 hours it had shown that your email address has been removed from account. I don't know what has happened. I have searched my name through my friend's fb account. My account and data is visible from there. I am only able to see my username there. Please help me regarding the issue.
ayushiengg
October 08, 2018
My email address has been removed from my account. My account and its data is visible from my friend's account. Issue is beyond my understanding. Help me regarding the recovery of my account.
teah88
April 25, 2019

In reply to by ayushiengg

Hi i seen your comment...My fb got hacked & they changed my email too & i dont know what to do...Did you get it fixed?
Sasha
October 08, 2018
The worst part? I CAN’T GET BACK INTO MY ACCOUNT TO CLOSE IT!!! Facebook has had me running in circles for 4 days now. Still no SMS code texted to me to get back in!! I don’t need this stress in my life! No way to contact any type of customer service via email, text, messenger, etc. Being disabled, I rely on Facebook to keep me engaged with friends and loved ones. I’m helpless, hapless, and hopeless. People in the mental health profession will know what that means. How dare this company play fast and loose with our LIVES?? Shame on you, FB!
capecodder
October 08, 2018
I got a call from my “ credit card company” offering to lower my interest rate. They had the last 4 numbers but needed me to confirm the rest of the numbers and expiration date. I knew something was fishy when he couldn’t tell me which credit card he was referring to. CLICK
BUN BUN
October 08, 2018
I HAVE BEEN TELLING GOOGLE FOR OVER A YEAR THAT I HAVE BEEN HACKED AND I HAVE NOT GOT ONE RESPONSE. IT MIGHT BE THAT THIS HACKER IS BLOCKING MY FEEDBACK BECAUSE THEY CAN BYPASS GOOGLE THEY CAN GET INTO CRICKETS SECURITY THEY CHANGED MY BOYFRIEND PATTERN ON HIS PHONE AND THEY CHANGED MY PIN AND I HAD TO BUY A NEW SIMS CARD. AND ONE TIME MY BOYFRIEND SOMEHOW TALKED TO GOOGLE AND ASKED IF THER WAS A FAMILY SHARE PLAN ON ARE PHONES AND THEY SAID NO BUT THERE WAS. THIS HACKERS CANT BE BEAT
dkamga13
October 10, 2018
Thank you
sickofit
October 09, 2018
what's with all the messenger stuff? it's invasive and messy. getting the weird friend requests is a mess. it takes time away from the social and enjoyable aspect of the site.
Mars
October 09, 2018
How do I close my facebook account?
ttammysheok.
October 11, 2018
My account has been compromised for 3 or more years now, my life is destroyed because everything from my credit report to my health insurance has been compromised.. someone has taken over every aspect of my life..
Leeh
October 09, 2018
Don't use the same password on more than one site. If you have the same password on multiple sites a hacker can just try using a leaked password on different sites and is more likely to get a match.
noc317517
October 10, 2018
I RECEIVED TEXT MESSAGES THAT I WON $100,000. USING A fb FRIENDS NAME AS THEIR REFERRAL! TOTAL SCAM. THEN YESTERDAY A RECORDED MESSAGE, 2X'S, SAYING IT WAS THE IRS AND THEY WERE SUING ME. THAT'S FUNNY I AM RETIRED AND DON'T MAKE ENOUGH TO EVEN FILE A RETURN ANYMORE! I HATE TO ANSWER THE PHONE AND TIRED OF FEELING SO VULNERABLE TO THE CONS OF THE WORLD. CAN'T COUNT HOW MANY TIMES I GET A CALL FROM SOMEONE IN INDIA SAYING THEY ARE MICROSOFT !
billy
October 23, 2018
can facebook ,if they dropped their profile. guy told me they didnt have a number to call .he said I could asjk my question in messanger and he would answer ,iM STILL WAITING.NO WONDER THEY ARE HAVEING ISSUES
Zoey
December 02, 2018
I have been recently asked provide ID to Facebook, the new security they are using to make sure the person using their Facebook account is legitimate. I do not want to send any ID to that. Even if I take a picture of my drivers license in cross out All information except my first and last name. My name on my actual Facebook profile that people see is not my forte is so stainless me. I refuse to do that because I am a member of certain neighborhood watch group’s and other fun groups, nothing inappropriate, but I don’t want people knowing my first and last name as I have an unusual name and then all information except my first and last name. My name on my actual Facebook profile that people say it’s not my fault so stainless me. I refuse to do that because I am a member of certain neighborhood watch groups and other fun groups, nothing inappropriate, but I don’t want people knowing my first and last name as I have an unusual name and can find my address. So for safety reasons I don’t want to do that. How can I get back into my Facebook account? It seems like the locked out now. This is so frustrating because all event information, and group information for medical questions, and hobbies are in there. And now I can’t get to anything.
Ria Davies
May 15, 2019
My 14 year Facebook account was hacked and disappeared. I have contacted Facebook through their help page to report and got a generic response to recover my account. Which advises me there is no account on thier records under the details Iv provided. I have visited the Facebook head office 4 times in London. They advised me my account has 3 people using my email for 3 different accounts. Each time I visited they reported it through thier systems however I get the same generic response. This frustrating situation has caused me allot of anxiety and stress. There is 14 years of photos and memories on the account. Pictures of Deceased family members is the most upsetting and has caused family issues. I have been chasing Facebook for 18 months to resolve the situation and I have got no where. I am happy to go legal on this. Can you please advise what steps I can take outside of Facebook. As Facebook is simply not helping me.
Rayg
July 09, 2019
Apparently they didnt do anything because I have set dual authentication and still got hacked today
Texasgal
August 07, 2019
My facebook messenger was hacked and everyone on my messenger list was sent a scam message. Facebook did nothing about it when i reported it.
rnk444
January 27, 2020
I've been getting robocalls twice a day for four days from the same number - 833-648-3466 - telling me my Facebook account has been breached and I should call that number right away or my account will stop working.
Wayne Rickert
February 19, 2020
Recently my Facebook account was hacked, two phones where associated with this account 6072833525,and 6073453525 I called both numbers .five minutes later my account was changed.