It’s your fault your Facebook got hacked (and how to fix it)
Several times weekly, I am contacted by friends who swear their Facebook has been hacked when they find their account has sent random posts out about rapid weight loss and easy iPad contests. In reality, it’s more likely YOU have not only caused this to occur, you’ve given someone permission to contact all of your friends! Please take a few minutes to educate yourself and make these small fixes, and you will spare hundreds of your BFFs from having to read these sometime silly, sometimes smutty and almost always mushrooming posts.
Never give any Facebook app permission to make posts on your behalf and access your contacts. This includes seemingly benign and reputable apps such as Birthday Calendar, iPhone for Facebook and Spotify. When installing an app for Facebook, it will ask expressly for these permissions. THEY ARE OPTIONAL. You may have to first accept them in order to install the app (if it won’t allow you to push SKIP and still install), but it is possible to go right back in and recall those specific permissions. Here’s an example of my own permissions for Instagram, which I’m guessing 90% of you use.:
See the red arrow? I have not only given Instagram permission to post on my behalf, I’m allowing them access to my data (including all of my contact info, YOUR email address, photos, likes, etc. Yep, in one click of a button, I have sold both myself and my friends out. And I bet 100% of you who use Instagram have, too.
I’m not picking on Instagram, which I happen to love. This is done by almost every major app — both free and paid –today. Their monetary success depends largely on social sharing, which is much easier to do when they control your account. What that means is that by giving them these permissions, YOU and I perpetuate their ability not only to access our data and post on our behalf, but to dig deeper into the data of our friends and theirs. Of course, some apps won’t post to Facebook without these permissions, such as Instagram, HootSuite and Buffer. So you if you want to share everything in your apps on Facebook, then skip this process with those apps. However, if your account gets “hacked,” know that you have no one to blame but yourself.
Want to redeem yourself? Here’s how:
- Go to HOME and find the arrow next to it
- Click PRIVACY SETTINGS
- Find ADS/APPS/WEBSITES
- Click EDIT SETTINGS
- Find Apps You Use
- Click EDIT SETTINGS
Now, the box should look like this, with the THIS APP CAN field empty. You’ll want to go through each and every app you have attached to Facebook and make these changes.
Lastly, you’ll want to delete any email information you have unintentionally synced with Facebook. This will prevent your Facebook friends from getting annoying emails about Viagra and the likes. Yes, you will no longer be notified if one of these people joins Facebook. But I assume if you want to, you will be be able to find them without Facebook’s help.
Log into your profile and click here. Click REMOVE (ALL IMPORTED CONTACTS), and follow any instructions on the next screen to select and remove imported contacts.
Don’t worry-this doesn’t delete your Facebook friends. It simply deletes the database of email imports hanging out like a sitting duck in your Facebook account. Your final screen should look like this:
Ta Da! You’ve now protected yourself and your friends temporarily from being embarrassed by your own Facebook account. You can’t rest easy-be sure to go through the app permission process every time you install an app, especially from your mobile phone or tablet. And be sure to check all the app settings about once a month, because they seem to like to change on their own (kind of like Facebook…). Your friends will thank you, I promise.
UPDATE: 5/15/12: Ironically (or maybe not), right after this post was made, my e-mail account was “hacked” from Japan. I had just uploaded an app as well as UNLINKED my sbcglobal.net contacts from Facebook. I immediately took measures to prevent this from “mushrooming” by changing both my Facebook and email passwords.