Well, if it's not something you use elsewhere, can you tell us what the old password was?

If not, maybe something similar so we have an idea of what you had.

It's quite possible they got in through a brute force hack, and the reason that Facebook locked up your account was due to the number of tries they went through to get themselves in.

^-.-^

Was an old one I got from my first ISP...

Something like 365595bb
Yeah not great but I couldnt think of a good one when I made the account.

MSE (or for that matter, any AV/anti-malware) won't catch most phishing attacks. Site-hijack phishing exists, and I'd have a hard time believing Facebook doesn't have some kind of exploit that could be used to site-hijack. My best recommendation is to pay very close attention to the address bar when logging in.

Right now though, you should definitely change your password, make absolutely sure the right email address is tied to your account, and get the Facebook abuse people (whatever they call themselves) involved.

Definitely give yourself a much stronger password.

Mine is 18 characters long. And is not a word or made of other words. It's rated as being fairly strong.

There are a number of password strength checkers online that you can use to check how good your password is, as well as articles on how to create stronger passwords that can still be easily remembered.

^-.-^

You can have the best anti-virus in the world it won't protect you computer if your clueless. If it is to good to be true don't click it, I can't remember the amount of viruses my mother has installed because she believed the story or wondered why her friend had pictures from last week, etc, etc.

As far as passwords best bet is to avoid anything in ANY dictionary, I use keypass portable for managing my passwords I have a somewhat secure password to login and get to high strength passwords that are not likely to be cracked easily. ie, uppercase, lowercase, numbers, symbols

Also, I used to be more of a dick and did some question things like breaking into people's accounts to mess with them, nothing major but some things to consider, people who know you are probably able to guess your passwords especially if they know the rules of the password. My university required one upper case and symbol....

most people I knew "Word!", ex used "Tennis!", I used a nickname of mine, because I honestly didn't care about getting hacked, now I use the login password for my highschool electronics server followed by one of my school IDs, sometimes I toss in random letters for fun.

Another thing I hate are those stupid "required" security questions, that don't list many options and if one site is compromised those answers could unlock many more sites. So, sometimes it does pay to lie and write down the false answer.

Question from someone not that familer with Facebook: Is this common? How do they know your account was compromised?

I ask because that sounds kinda like a redirect where you get sent to a site that looks just like the proper site, but is actually run by the scammers who take your password and run with it. I'm suspicious because it doesn't seem to make sense to ask for your password to confirm a compromised account. Wouldn't the person who compromised it have the password too? Usually, reclaiming a suspected compromised account requires other means of verifying that you are the real owner of the account.

If you haven't already, change your password ASAP.

Based on the OP, it looks like he tried to log in directly and Facebook gave him a message that shady things had been happening and had him answer security questions to regain access.

Did you know they keep a log of where your ISPs indicate you're logging in from? My list has my work and home locations listed, tho my home ISP lists a different city entirely. I only found that little bit when I was trying to figure out how to let people post to my Wall because that's what people do when it's your birthday.

^-.-^

I tried to login from my phones Facebook app that I got off the android market. App was made by Facebook.

I think the message might have been a scam to get the information. I can't guarantee it, but it is a common thing to occur.

Somebody gets an email/message. "Your account has been compromised..blah blah blah. We need your password and user name to correct blah blah." Do not answer these directly. Go to the ACTUAL site, use the 'contact us' tab, and speak to the people directly. Find out if there IS an actual problem.

He didn't get an email or a message. He was using the Facebook app to access Facebook directly.

Unless their app was compromised (which would have been big news), it's a legitimate issue with a potentially breeched account.

^-.-^

*nods* Like I said, I could be wrong. Such things are just suspect to me. Even from an App like that. Always go to the main sight, and contact them personally.