Helping people with computers... one answer at a time.

How did someone else manage to log into this account? We can only look at the basic steps for good account security.

I recently got notice from Facebook that someone in Chicago used my Facebook password to get into Facebook. I changed my password. What I need to know is how this happens? What can I do to keep it from happening again?

In this excerpt from Answercast #46, I look at a case where a Facebook password seems to have been used by someone else. Luckily, the account has been recovered: but how did it happen?

Facebook hacked?

The single most important thing you can do is to choose a strong password that someone isn't going to guess. After that, it boils down to following what I would call standard security protocols:

  • Know how to use an open Wi-Fi hotspot if you happen to be doing that;

  • Never, ever, ever share your password with someone else;

  • Have account recovery questions that a) you know the answers to and b) that someone else would not.

Those kinds of things... basically the standard steps to secure your account.

How did it happen?

The question here is, "How did it happen?" To be honest, there's really no way for me to know.

  • It is possible that you had a guess-able password;

  • It is possible that there was keylogging software installed on your machine, and you typed in your password and someone else then was able to retrieve from it from the keylogger saved information.

  • It is possible that that you managed to tell it to someone, and someone told someone, who told someone, who told someone – who got it into the wrong hands.

There are just too many ways, too many possibilities without knowing exactly what was going on here, to really say what did or did not happen.

All I can do (and the reason that I'm responding to this question in an AnswerCast) is that I really want to stress the importance of those things that we consider to be basic security steps:

  • Strong passwords,

  • Good account recovery information,

  • Account recovery information that you maintain,

  • Never, ever share your password with someone else,

  • Keep your machine free of malware,

  • Keep your machine up to date and so forth.

Article C5728 - August 23, 2012 « »

Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

August 24, 2012 9:15 AM

Another security suggestion would be to use a different password for every site. In this case, the user may have had an account at different site with the same user name and password, and this other site was compromised. With the user name and password from the compromised site, the attacker could have tried to access the user's Facebook account with the same credentials from the compromised site hoping to gain access to the Facebook account.

August 24, 2012 10:47 AM

there may be another problem like when you use another 3rd party application to access facebook i experienced this when using ebuddy on my mobile and saying that it is accessed from california

That's an excellent observation I hadn't thought of. Quite plausible. Thanks!
Just Me
August 26, 2012 3:13 PM

further to what "prince" said about third party apps.,

there is also the ISP and how you are connected to the ISP:

I have a 3g/4g cell modem / aircard device
and depending on the time of day I use it
the city I "appear" to be located can be any of the locations where my ISP has a major hub, exchange, etc.

thus, on a regular basis, my location is not where I actually am but another city anywhere from 180 - 3,400 miles away

September 3, 2012 1:12 PM

That can't possibly be the case - that someone else is logging in to my fb acct with my password. This has happened to me several times, that is that fb has me to log in, save my device with a name, then automatically I get an email that someone has tried to login to my account from such and such a town, not mine and using such and such an ip address. At first I a was alarmed and I did change my password, then it started happening really everytime I logged into my laptop. So something else weird is going on with fb. I don't know what.

Mark J
September 3, 2012 1:28 PM

Changing your password is almost never enough. This article explains the measures you need to take when your account is hacked. It was written about email, but it is applicable to any kind of account you may have.
Email Hacked? 7 Things You Need to do NOW

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to to ask your question.