Editor's Update: Facebook has responded to our request for comment. The company is attributing the problems to user error and it denies there was a virus or that the site was hacked. Following are our tips on how to keep your Facebook account secure.
Facebook said this week's problem, which had users sending and accepting friend requests they did not initiate, was a result of users using contact importer. Users who clicked on "friend all" sent friend requests to everyone in their address book who had an email address linked to a Facebook account. Spokesman Frederic Wolens said in some cases the requests were held on Facebook's servers as the program processed them, and users may not have connected their use of Facebook's contact importer to friend requests that were processed as much as one week later.
If you were one of those people, it may be too late to stop the friend requests, but you can turn off the sync function on your Facebook mobile app and log into Facebook to cancel out any of the other pending friend requests.
We’re still waiting to hear back from Facebook about the attack we reported yesterday, but the ongoing discussion in Facebook’s Help Center indicates that it's related to a syncing issue involving the contacts in some mobile phones. If you have been hit by the current attack, turn off the sync-contacts function on your mobile Facebook app. We’ll update our earlier post as soon as we get confirmation from Facebook.
In the meantime, here are basic steps you should take whenever you think your account has been hacked.
Change Your Password
This should be obvious. if someone or something has access to your account, end it by changing your Facebook password.
Think of password changes like drug screenings at work: You should do it on a regular basis and after there’s been an accident. If you think someone has obtained your password (most likely through a phishing scam that lured you to a site that looks like Facebook) that's the accident. Time to change.
Reclaim Your Account
It’s possible whoever took over your account will have beaten you to changing the password. Fortunately, Facebook has a process for reclaiming accounts. Follow the steps in the Help Center, which will verify your identity and re-secure your account.
Update Your Security Software
Don’t gamble that the Facebook problem will remain just a Facebook problem. Update your security software (or, if, God forbid, you’re not using one, get a package immediately). To date, most of the major Facebook viruses and attacks have been limited to sending messages and friend requests, but that is likely change.
Trim The App Fat
Go through the list of apps you have installed on Facebook and cut any that you don't use regularly, and certainly any that with hindsight look suspicious. Each of your apps can compromise your security and privacy. Facebook has a primer on how to remove unwanted apps.
Tell Your Friends
Make sure you alert potentially vulnerable contacts as soon as you know your account has been compromised. It’s also a good idea to let them know the steps you took to fix the account and, if you can figure it out, what worked.