I’m becoming a bit paranoid, but I’m sure someone else is logging in to my Facebook account and messing with things, deleting some of my Wall postings, etc. Nothing obvious, but just weird things going on. Can I figure out if someone’s actually tapping into my account?
Before we do anything else. you need to immediately go and change your Facebook account password. See: How to Change Your Facebook Password. Done? Good. Now, the next emergency immediate change to make is to scan through and probably disable the vast majority of authorized apps that use OAuth (a security protocol) to access your Facebook account. Changing your password doesn’t slow them down. See: What Apps Have Access to my Facebook Account?
Done both of those? Good. Now you can take a deep breath because those should ensure that you have made the road to someone else touching your account quite a bit more difficult.
The third part, however, is the computer you’re currently using. Is it trustworthy? Are you sure there’s not a keylogger, spyware, or something else tracking what you’re doing? If you aren’t sure, switch to a different computer, use some antivirus software or even ask a geeky friend to check it all out, including checking for physical devices connected in-line on your keyboard cable. That’s very unlikely, too, so don’t get too paranoid.
Few people realize it, but Facebook actually keeps track of every location from which you log in to your account, whether it’s a mobile device or a laptop or desktop computer, and you can gain access to this information.
That’s another good place to check, needless to say.
Go to Account Settings (on the top right of your Facebook page):
Scroll down to find Account Security and click on “Change”:
Now you’ll find that there are some pretty interesting things you can request, including having Facebook actually send you a text message every time someone logs into your account. Perfect if you suspect something fishy is happening:
Scroll down just a bit further, though, and you’ll see information on what login locations have been identified and whether they’re still logged in (remember that “stay logged in for two weeks” option? Yeah, Facebook does too):
No worries there, that was me logging in from my MacBook Pro to test these security features. A bit further down, however, it’s a bit more interesting:
You have to read very closely to see “FacebookTouch” in the first one and “iPad” in the second, but they’re big clues: both are from my other devices, the first from my iPhone (though why it’s not identified as such is a bit disappointing) and the second from my iPad. Either way, I don’t really want to leave them logged in, just to ensure that every session requires the newly changed password, so I click on “End Activity” and they’re logged out instantly.
Between all of these steps, I hope you’ll be able to gain better control over access to your Facebook account, and I wish you good luck in your efforts.