Facebook account hacking and profile recovery: Safety Tips

Facebook account hacking and profile recovery

The biggest social media network Facebook has big impacts on the lives of online consumers. These days Facebook account or profile is very common and also a bit important. It is currently our popular means of communicating, keeping updated with friends, families, and news. However, there are many types of people, creeps, enemies, and strangers outside. These negative people can hack your account and get information, blackmail you, defame you or just have fun. Regardless of the motive, the tension that an owner gets is massive. So we want to share story and security tips regarding Facebook account hacking and profile recovery.

We have heard many such cases but never worked on them. It is because most of them went to the police or didn’t care. Facebook can cause serious troubles sometimes. And according to Cybercrime investigation department of Nepal Police, crime related to Facebook profile is one of the biggest cyber crime in Nepal. Be careful because the illegal works which include defaming, blackmailing, extortion and information stealing, etc have high penalties. We have listed some major cybercrime and their penalties according to Nepal’s act and cyber law.

This recovery started when one of my relatives got their Facebook profile hacked. It was a big headache to prevent information stealth within time. I was having nightmares about the defame, blackmailing and every other thing. Going to Police is the last resort option. So I tried to try to focus on recovering the hacked Facebook account on my own. Let’s break down the analysis and investigation into parts so that we can learn it easily.

Possible Causes of Hacking

Website hacking includes SQL injection, brute force attack for login pages, etc. Similarly, some people can steal information including credentials over unprotected web transfers as well.  These tech giants have (HTTP) instead of (HTTP) which is hypertext transfer protocol secure. They use SSL certificate which is insured of protecting the information exchange between server and client. They also have heavily armed protection so the Brute force isn’t easy. Companies like Google, Mozilla, Cisco are working on launching free SSL certificates named Let’s Encrypt in 2015. This has the power to change digital space and improve website security

Brute Force Attack: It is a type of attack where a computer is used to crack the system password. It is done by trying and matching every possible keyword like alphabets, numbers and special characters. This can take a very huge time regarding password length and the computer’s power. This is actually very hard for normal people.

Phishing: It is a very famous way to exploit someone’s credential. It is actually done using a fake page that resembles the look of the original website. When the user inserts their login information their password and username are captured. This is why everyone should be really careful while using someone else’s computer, mobile, and public computers at the Cyber Cafe. Public WiFi is also same way dangerous and it is very important to check the domain name and SSL status.

Keylogging and Social Engineering

Keylogging is the method of targeting a users login info using spy software. They are actually a virus and can see what you are doing. If you are careful you can prevent them. This malware spreads through software, web pages, downloads, cracks, etc. These techniques also include taking advantage of such venerable people by using phishing, scams, etc. Keyloggers record what you type using keyword. Therefore they can record the texts and login credentials. We advise everyone to use the on-screen keyboard while using online banking services.

In our view, Social Engineering is the most sophisticated way to get someone’s credential. It is basically psychological manipulation which is done to trick someone. These people get confidence, study people and get the credentials. For example, someone is a fan of a football club and a player. Then there is a high chance that the user will have a password related to those two objects. Hackers try the possible keywords around those objects and get their way in.

Prevention and Rapid Response

Once you know you have been hacked because and you can’t log in. You must notice that something is wrong. You will have to think of all the factors. Most of the hacking case we see is trust breaking. This includes phishing, keylogging, and people sniffing up the cookies and saved passwords. SQL injection, a brute-force attack is not that common because it needs special skills. It is very essential that you stop using the old device that you were using. This is because that device might be infected. Therefore we recommend resetting the phone, formatting your computer for the best. For recovering try to log in from a new device. This means a device that wasn’t used regularly before for using Facebook.

Recovery Process

Once your Facebook account is hacked the first thing culprit does is changing the password, phone number and email associated. If the email is intact and it is not changed. Users can request a password reset for the account and gain access. However the main problem we see every time is people don’t have access to the email account as well.


If this is the case then go to the Facebook help section for hacked accounts. Then try to log in with old credentials. It will say that your password was changed a few days or weeks ago which is true because the criminal did it.

Step 1: Facebook account Recovery wrong credentials
Step 1: Facebook account Recovery wrong credentials

It is obvious hacker changed passwords and email. You didn’t make the change. Therefore click on the given link and then you are given two options. One of which is to reset the password and other is to lock the account.

Step 2: Account Lock and Password Reset Option
Step 2: Account Lock and Password Reset Option

Apparently, most people can’t reset the account because they don’t have access. So, click on “Lock my account”, this will totally lock down the account. No one can log in to the account and not even the hacker can open the account. It is because it is now pending verification. After locking you should try resetting the account. Select option that says you have no access to the old email address. After that create a new email address with a very strong password.

New Account and Identity Proof

Select the new email address for recovering the profile. After that, you will be provided with a form where you should prove your true identity. The first thing you need is your Name, Date of birth and Facebook profile or timeline URL for example (www.facebook.com/deltadigit). They will ask you to upload a Government issued ID like citizenship, drivers license, Passport, etc. If you don’t have government document you can upload two ID card which matches with the user’s name, DOB and matching picture. The details are available in their help section.


The name on the ID card, photos, DOB needs to match with the information on the profile. Therefore always be careful while putting the information on your profile. Always use your authentic name, date of birth and profile picture. It is because Facebook requires a user to have a genuine account and this also helps in the recovery process. As you are the owner of your profile and have all legitimate documents you can easily get back your account and the hacker can’t.

Prevention and Advice

Never ever click on suspicious links that someone has sent. They can be spam, phishing sites, and keylogging malware. Many of our colleges have been affected by these things from time to time. Always open links from the trusted and authentic site, Facebook pages for information. Use antivirus in computer and clean your history, browsing data and cookies regularly. Be very careful while opening your accounts from public places like Cyber cafe, public WiFi. These networks are vulnerable and maybe spy networks too.

Be very careful while installing and downloading new apps, read the reviews, find the number of users and check the credibility of the developer. Use different passwords for different services and keep them safe. Also, make them strong with using all types of alphanumeric characters as possible. Longer passwords with variations are always better. Always share things carefully with people. It is because we really can’t know what other people actually want.  If things go out of hand and the hackers start defaming, blackmailing you than contact police.

Government agencies like Police have more power. They can highly help in the case of Facebook account hacking and profile recovery. They can track IP address, triangulate the cell phone and catch the culprit. The government agencies can also contact the offices in abroad and ask them for assistance in solving issues. So always be alert and use the Internet carefully. Have a happy and safe browsing experience.


Recommended For You

About the Author: Abhishek Chand

Structural Engineer by profession. Computer and smartphone enthusiast. Tech-savvy blogger and former Gadget reviewer of AP1 HD TV and TechnoNepal.


  1. Hello. I have a complete month missing from my account. It is very important proof of what I was really doing to clear a false charge against me. I know my Internet was hacked into and both of my phones. My new computer locked me out while I was searching for sent email that would expose the true. Is there anyway to get that month recovered so this nightmare can end? I pray that there is a way.

    1. Do you mean that all your account activity were cleared? If yes and you have email notification enabled with your email account still secure, you can see those emails and use it as proof. All the activity are stored in email. I found that while recovering the email account and Facebook profile of my client victim.

      1. Only the month that is in question is gone. Everything else is still there. March 2012 has no activity, posts, messages, comments, games played or photos….ect. it’s as if I just disappeared for a month. It was there until I was informed that I could use it as proof….then I, when I opened my activity log to print off the dates I needed, it was all gone! You say that I can go into my email to retrieve what used to be there? I’m not sure what to do but if I can get back those logs, I will do whatever it takes to learn how or step by step it! Thank you so much for taking the time to reply. I haven’t had much help and I have had to do this on my own…I paid a lot of money that was my hard to earned nest egg, to a lazy lawyer that did nothing but postpone, put off and tell me to take plea. I can’t believe this is happening. It’s like a Tom Selleck movie! I0 months of fear while I am stalked, harassed and hacked by people that (don’t exist). I’m not a crazy person. My life was normal until I was arrested on my birthday, while I was at work- in front of my customers! I thought they were strippers! Ha! That was the day that I began to learn how corrupt the world is and how easy it is to destroy someone, without them having a clue, just to stay in their destructive relm. Sad part is, your parents never taught you how to protect yourself from something like this. Love God, Work hard, do your best, be respectful, love, live and smile alot! Don’t stick your nose where it doesn’t belong and mind your own! If you don’t do wrong, you have nothing to fear. *News Flash! I got arrested for something that I had nothing to do with, they say that someone says was me (3 1/2 yrs ago)! Some young girl I helped to get a bus ticket home. Can you believe that? Anyways, sorry for that vent. Just so …frustrated!
        I will check my email for ,what I think you meant! Hope it hasn’t been deleted too. Thank you again. Sincerely, Ssndie

        1. Really sorry to hear what happened. I also wrote this so many people can be saved and recovered. Many people don’t see their connected email that much and by default Facebook sends email to your account for everything like comments, message, your likes etc. I wish it would be there. Because for my client I found everything that happened with them, every chat, likes, shares, comments, invites, requests. So all history was there. We found 18000 unread emails. I wish you to find all the evidence and get all things back to normal.

          1. So…you are talking about the email that comes with my fb account! Not gmail. Oh yeah, I have never even used that. I pray it’s all there! I was working til 3am and just got up to read this reply. I will find how to get to that email, right now! Keep your fingers crossed! Thank you!

          2. I am really sorry if I wasn’t clear. Actually I meant the email of Yahoo, Gmail, Hotmail etc that people use to create the account. These email address often get all the activity log and notifications. If you have the email account active you can find the log there if the email notification settings was on.

          3. I am screwed then cuz they hacked in through my WiFi at home and any account logged into was at their disposal. They took over my security cameras and covered up anything that exposed them and I watched myself at home, live, while I was at work. How is that possible? I showed a few customers and they were in disbelief til I showed them proof of it being live home footage! It was all gone and put back the way they wanted it to look by the time I got home. They were showing me how helpless I am against them … that is what I’m up against. I have no proof left to clear me. I can’t believe this is happening…nothing iis real or safe . .. I just lost hope

          4. This is the most intense and serious matter in cyber security I have ever heard in my life. I am really sorry to hear this and I pray everything gets okay with you. This thing is beyond normal hacking and spying.

Leave a Reply

Your email address will not be published. Required fields are marked *