Back to Africa Check

No, posting @[4:0] won’t show if Facebook account hacked

A recent Facebook post claims that commenting “@[4:0]” on the social media site will show you if your Facebook account has been hacked. 

It gives these instructions: “Simply type @ [4:0] in the comment box and don't give space, if it shows ‘Mark Zuckerberg’ it means your account is not hacked, if not then you need to change your settings before it's too late.”

We tested it and, with some operating systems, “@[4:0]” in a Facebook post is changed to “Mark Zuckerberg”, the name of Facebook’s founder. It doesn’t work on Apple devices.

Does this have anything to do with hacking, or is it a harmless quirk? We checked. 



What’s happening here?


This is a false claim that’s been around for years. Fact-checking website Snopes debunked it in 2015, as did PolitiFact in June 2019. Other websites have also investigated it. They all found that the effect has nothing to do with hacking.

Each Facebook page has a unique identity number. When a user posts “@[4:0]”, Facebook interprets this as a reference to a page with the Facebook ID number 4. As Business Insider reported in 2011, low numbers often belong to the first users who signed up for the site. So it stands to reason that Facebook’s founder would have one of the first numbers. 

The first ID number tied to an existing account is 4, which is for Zuckerberg’s page. The URL https://facebook.com/4 takes you to his page, and substituting 4 for another number will direct you to other pages. 

For example, https://facebook.com/484978191533810 links to Africa Check’s Facebook page, and “@[484978191533810:0]” will change to “Africa Check”, with a link to our Facebook page, when posted.

It is easy to find Facebook IDs using free tools like this one, and the quirk has been used in other viral posts. But it has nothing to do with account security. 

You’ve been hacked!


What should you do if you’re concerned about your Facebook account security? You can access Facebook’s security and login tools in your account settings, which show you which devices – phone or computer – have recently logged into your account. 

You can also sign devices out of Facebook here and change your security settings to make your account more secure.

Facebook recommends several safety features including creating strong passwords, signing up to be alerted when an unrecognised device logs into your account, and using the two-factor authentication security feature. 

It is also a good idea to use a randomly generated – and long – password and save it using a password manager, rather than relying on a combination you can easily remember. Most web browsers, including Chrome and Firefox, have a password manager built in. More secure free services include Bitwarden and LastPass

You can also use a service such as Have I Been Pwned. It is not associated with Facebook and alerts you if accounts associated with your email address have had passwords or other information leaked online.

Posting “@[4:0]” won’t tell you anything about the security of your Facebook account. Whether or not it changes to “Mark Zuckerberg” depends only on the operating system of the device you are using at the time. – Keegan Leech




 

For publishers: what to do if your post is rated false

A fact-checker has rated your Facebook or Instagram post as “false”. What should you do? First, don't delete!

Click on our guide for the steps you should follow.

Publishers guide

Africa Check teams up with Facebook

Africa Check is a partner in Facebook’s third-party fact-checking programme to help stop the spread of false information on social media.

The content we rate as “false” will be downgraded on Facebook and Instagram. This means fewer people will see it.

You can also help identify false information on Facebook. This guide explains how.

Further Reading

Add new comment

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
limit: 600 characters