While on FB, look at your URL address (the very top box on your screen.) If u see "http:" instead of "https:" then u DO NOT have a secure session & can be HACKED. Go to Account - Account Settings - Account Security - click Change. Check box (secure browsing), click Save. FB has automatically set it on the non-secure setting!
Read more here on the differences of http and https