Here are some tips to prevent getting hacked:
Use strong passwords
You should not use your phone number,your name, your spouse, parents, siblings or dog, or your birthday as your password. Use a mix of letters, digits and punctuation (but not blank spaces). Use both capital and lowercase letters. The longer your password, the better. The shorter your password, the easier it is to hack, especially if it’s a common word or name. A good starting point is six characters, though 8, 10 or 12 are even better. If you have trouble remembering, do something about that, else consider using an unusual phrase or combo of words that only you or a few people might know, then substitute some of the letters with digits and/or punctuation. Humorous combinations might make it easier to remember, but otherwise write your password down in a SAFE place. Or just keep using the “Forgot password?” option to reset your password.
There are some site that you can use to generate strong password online. One example site is Strong Password Generator.
Change your password regularly
By regularly I mean monthly or even weekly, not yearly. Facebook’s “Forgot password?” option is one way, or you can go to your account’s settings.
Don’t friend everyone
That “hot chick” whom you don’t know and looks like some Hollywood starlet might be a guy. Avoid the person who doesn’t even have a profile pic, let alone any friends in common with you. If you haven’t met them, be cautious. Also, don’t friend friends whom you know to use weak passwords. If their account is compromised, hackers can still learn certain things about you from your profile, or could send you a message via the friend’s account to lure you to a malware site.
Don’t believe all emails
Don’t forget that honest web services will never ask you to do certain things in an email. For example, Facebook will NEVER send you an email asking you to change your password or enter personal details. If they need you to do that, they will tell you where in your account settings you can go to do that. On a similar note, protect your email account that you registered for Facebook with, else someone can succeed in resetting your Facebook password.
Don’t click on Crafted links
Sending link to a victim is a common practice of phishing attack, don't enter password at random site unless you are confirmed, its a facebook login page. Also see the link when you click on a status update that a “friend” posted on your wall and it looks fishy, don’t assume they actually did it. Their account could be compromised. If you're clicking takes you to a Facebook application that you’re unsure of, there’s no obligation to click through.