The first question to ask yourself is how do you know you have been hacked? One clue would be from people who are already friends asking why you sent a second friend request. Another clue would be if any of your data, such as birthday, has been changed. Finally you may notice new friends who you did not add.
You can check to see if anyone is currently logged into your FB account by going to the arrow in the upper-righthand corner of your FB page and selecting SETTINGS. Then select Security and finally select 'where you're logged in.' If you do not recognize any of these you may select END ACTIVITY to temporarily log them out.
Now change your password right away! Be sure not to re-use other passwords you have used since that may have been how you became hacked in the first place. If you do re-use passwords you should go to all accounts with the same password and change them. Each to something different. I know this is a pain, but this is one of the ways hackers turn a single dataset acquisition into many more.
This may be the end of it. But you can also go to the Facebook help page, click on 'I think my account was hacked' and then click on 'secure it.' Faceboook will transfer you to a page where you may further secure your account.
Why do people do this? There are a number of theories. According to one theory, there could be as many as 67 million fake Facebook accounts.
One possibility is to spy on people., or their friends. The DOJ has released a document explaining how to use social media in law enforcement. Hackers may be interested in your open source exposure, possibly to compromise your credit or bank accounts. There is even one report that the NSA mines Facebook data looking for terrorist connections.
Reasons to suspect a friend request may be bogus:
- Account was recently created, person has few friends - none mutual.
- Account has little activity, few pictures
- Profile pictures seem too good to be true (young model for instance).
You might also try a reverse image search to see if they possibly appropriated the image from another person.
Finally, and this goes without saying, limit the amount of personal information you share through Facebook. Better to be safe than sorry.