UKH

My Bro just tells me his wife's facebook account has been hacked and the mobile / email un-linked so they can't get it back.  Any idea's what can be done?

You could start here... no idea how good it is but the first link offers a 'guided help' tool for this situation:

https://www.facebook.com/help/1216349518398524

Happened to a friend of mine. ASAP contact everyone they know and make them aware. most likely hijacker will send messages to all their friends with some plausible reason why they need them to send money urgently (you'll be amazed how good they are at this. they can see your previous conversations). Check things like paypal accounts and change all passwords

Rather bizarrely the account seems to have disappeared off the face of the earth. It's disappeared of both mine and my brother's friends lists, and my burner account can't even find it on a search. I can't think of the reason for this, surely the whole point of hijacking an account is to gain access to the groups it's in or it's friends?

I heard an IT security expert on R4 about 3 years ago talking about this. He recommended that lsteners NEVER use social media because, as he said, once the information is out there, it's there forever and we have no idea how it will be abused in the future.

I'm always bewildered by these suggestions. Yes, your data could be abused. That's why you should only put on social media parts of your life that you would consider to be public. Ignore privacy settings and what not, if you do not want *the world* to know something about your life, don't put it there, plain and simple.

If you are worried about your private communications becoming public, then take security seriously, because the only other solution is to literally use no online services at all. At some level you have to trust the security of some third party behemoth, whether that is Google, Facebook or even your ISP. Without you will just have no online service at all. No email, no chat, nothing.

Yes, nothing can be hacked if you have no accounts on anything. This is going to be increasingly impossible, with government services requiring you do have some. It is also worth noting that the vast majority of all account breaches are either social engineering or cracking crap and reused passwords. Do not reuse passwords.

Since a lot of websites have moronic password policies that put no weight on the password length when determining password strength, use a password manager.

Yes, using mixed case letters, numbers and symbols increases the search space for a password, but a 40 character lower case sentence that is entirely absurd and not a common phrase or anything is hell of a lot more secure than an 8 character random string and infinitely easier to remember, it can even be wordplay about what the password is for. Unfortunately, since a lot of websites will actively reject such passwords and some even have a max (!!!!) password length, automatically generated random string it is. Use 1Password, Dashlane, whatever.

I am pretty sure there is a way to contact Facebook about this stuff.

Yes tell her be thankful and go on with your life secure in the knowledge you are no longer being datamined and fed fake news on a daily basis.

Facebook, Google and co data mine non-users constantly.

You can hide and un-hide your account at will. This might be a way for you and anyone you have warned to think that the problem has disappeared. Then a few months down the line, the account comes back and starts messaging people, asking for money etc once your contacts have forgotten about the hacking warning you gave them.