Have you been hacked?

A horrifying aspect of Alice's ex-boyfriend's controlling behaviour was to hack into her social media accounts so that he could keep track of what she was doing and saying to her friends.

What should you do if you think your phone might have been hacked? We've put together a few guidelines here.

How can they hack you?

There are several different ways:

  1. If you've logged into an account on a device they own and forgotten to log out
  2. If you've logged into an account on a device they own and you've since changed your password but you haven't told the application to log out all devices currently logged in
  3. If you've told them your password / your password is easy to guess / your password is the same for lots of other things and they've found it out / your password is written down somewhere
  4. If they've put some spy software on your device which records everything you type and this is used to capture passwords
  5. In very rare cases professional hackers, security people (MI5, MI6, GCHQ, or advanced coders) can hack into your devices or the servers hosting these applications

What should you do?

  1. Contact the police
  2. Make sure the App (Facebook, WhatsApp etc) is up to date (this removes security vulnerabilities): iPhone App Store updates; Android Play Store Updates
  3. Make sure the operating system of your device is up to date (this removes security vulnerabilities): iPhone, Android
  4. Ensure your device has a passcode (and make sure no one else knows it and it’s not easy to guess): iPhoneAndroid 
  5. Ensure your device auto locks after a minute or two (this can seem like a pain but it helps secure your device): iPhone, Android.
  6. Always lock your device if you leave it somewhere
    • Always require a passcode to download apps (in case someone downloads spyware while you are away): App Store lockPlay Store lock. Note this is usually the same passcode to access your phone, so keep that to yourself

  7. If someone has had access to your device:
    • backup your photos and other personal data, THEN
    • reset everything and only install the Apps you know about and want on the device,
    • change all passwords, AND
    • log out of all devices associated with the accounts used: examples for WhatsApp, Facebook
  8. Enable 2-step (sometimes called 2-factor) authentication. This means having a trusted device such as a Mobile, Tablet or PC which will get a code when a new device tries to log in for the first time: WhatsApp 2-step verification; Facebook 2-factor authentication
  9. Change your password every month AND log out of all devices (see above). Choose a different messaging tool (for example: TelegramSignalChatSecure; Wickr Me; Silence; SilentPhone) and don't advertise the fact widely 
  10. If you are still really worried, buy another phone (like a pay-as-you-go) and do not share the number widely. Create a new account (WhatsApp for example) and message on a totally different account and phone.