The first thing to do if you believe your Facebook account has been compromised is to change your password. Then, if you use Facebook to sign in to apps such as Spotify or Instagram, change those logins too. This will block the hacker from accessing these third-party services from your hacked Facebook profile.

Hackers can discover many personal details in hacked Facebook accounts. Hackers could use the information to carry out malicious purposes such as spamming people or sending fake credit card offers. Hackers can also use hacked accounts to send spammy messages or to post on your timeline (as if it was you who did it).

Hackers are most likely to gain access to accounts through exploiting a weakness in the Facebook application’s code. For example, a bug in the iOS Facebook app allowed hackers to hijack cookies and access the iPhone user’s so-called „access token.“ These tokens are digital keys that give the user full control over the user’s Facebook account and, thanks to Single Sign-On, all other websites the person uses their Facebook credentials.

A hacker may also gain access to a user’s account by using brute force attacks. This technique involves guessing passwords, usually the most commonly used ones like 1234567890 or 123456789. Hackers can also gain access to accounts by scanning compromised credentials. There are numerous free tools available to scan for stolen data, including the well-known website HaveIBeenPwned.