Help! My Facebook Account Has Been Hacked

Regain control of your Facebook account

Shocked girl looking at notebook computer

AIMSTOCK / Getty

Facebook and its more than 2.2 billion active users (as of fall 2018) are an attractive target for hackers. Some of the more successful hacks appear in the news, but many hacks are smaller and affect only some Facebook users.

Indicators that someone may have hacked your Facebook account are:

  • Your email or password has changed.
  • Your name or birthday has changed.
  • Friend requests have been sent from your account to people you don't know.
  • Friend requests have been sent to people who are already your friends.
  • Posts that you didn't create appear to be from you.
  • Friends receive messages from you that you didn't write.

If any of these telltale signs happen to you or you notice any other unusual activity, take fast action to protect your account.

When you think your Facebook account may have been hacked, change your password before you do anything else. If you no longer have access to your Facebook account, immediately follow the steps described below.

How Was My Account Hacked?

Hackers may have gained access to your Facebook account in any number of ways.

They could have guessed your password, or they may have set up an Evil Twin Wi-Fi hotspot at a coffee shop and stolen your credentials through a man-in-the-middle attack. Maybe you left your account logged in at a computer lab at your school or library, or hackers could be using your account from a stolen tablet or phone.

Regardless of how they managed to obtain your Facebook credentials, the best thing to do is move quickly to limit the amount of damage and try to prevent any further hacks.

Report a Compromise to Facebook

When you can't access your Facebook account, you can still report a possible hack to the company and receive help to reset your password:

  1. Open Facebook's Report Compromised Account page.

  2. Click My Account Is Compromised.

  3. Enter the phone number or email address associated with your account, and then click Search.

  4. Type your current password or an old one, and then click Continue.

    Screenshot of a Facebook user's password
    Jon Fisher 
  5. Select one of the options from the list that indicate why you think your account has been hacked, and then click Continue.

    Facebook page for those worried they've been hacked showing options and Continue button
     Jon Fisher
  6. Facebook explains that you need to change your password and confirm that recent changes to your account came from you to keep your account secure.

    Click Get Started.

    Get Started button in Secure Your Account dialog page on Facebook
     Jon Fisher
  7. Follow the instructions provided to secure your account and change your password.

Alert Your Friends

Tell your Facebook friends that your account was hacked. Warn them not to click any links that may have come from your account during the time it was hacked and out of your control.

Hackers who compromised your account may have posted on your friends' pages or sent links in comments or private messages.

Delete Unknown Apps From Your Account

Eliminate any Facebook apps installed on your account that you don't recognize. While you're at it, delete apps you no longer use. At some point, you may have granted the apps access to some of your personal information.

  1. Open the Facebook menu by clicking the arrow in the top right corner.

  2. Click Settings.

    Settings menu option on Facebook web site
     Jon Fisher
  3. Click Apps and Websites from the left pane.

  4. Check the box next to the Facebook apps you want to remove, and then click Remove.

  5. Click Remove again on the confirmation prompt. You also have the opportunity to delete every post, photo, and video that the apps posted on your behalf.

    Remove button highlighted on a screenshot of Apps and Websites settings page on Facebook
     Jon Fisher

If you click View and edit on an app, it shows the level of access it has to your account and the information Facebook shares with it.

Also on the Apps and Website page are additional tabs at the top where you can find expired apps (apps that had access at one time, but their permissions have since lapsed) and past apps (which have been removed from your account).

Removed or expired apps still have the information shared with them while the apps were active, but they can no longer access that information from your Facebook account after they expire or are removed.

Clicking the tile for a removed or expired app tells you the best method to request that the app delete your information.

Prevention: Enable Two-Factor Authentication

Don't wait for the next hack to take steps to improve your Facebook security and privacy. To prevent your account from being compromised again, Facebook strongly recommends enabling Facebook's two-factor authentication.

Enabling this feature requires an additional form of authentication beyond your password when anyone attempts to log in to your account. The second form of authentication can be a number code texted to your phone or a code generated by a separate authentication app on your phone.

When you have two-factor authorization in place, someone could have full access to your password, but unless they also have your phone, they can't get into your Facebook account.

To enable two-factor authentication on your Facebook account:

  1. Click the down arrow in the upper right corner of Facebook to access the menu.

  2. Click Settings.

  3. Click Security and Login in the left pane.

  4. Click Edit next to Use two-factor authentication.

    Edit button for
    Jon Fisher
  5. Click Get Started.

    Get Started button highlighted on Facebook's Two-Factor Authentication page
    Jon Fisher 
  6. Select either Text Message or Authentication App, and then click Next.

    Next button on Two-Factor Authentication Facebook page showing Text Message or Authentication App as options
    Jon Fisher 
  7. If you choose Text Message, enter the code in the fields provided. If you choose Authentication App, launch it on your phone and follow the instructions.

    Two-Factor Authentication from Facebook showing 6-digit code fields and Next button
    Jon Fisher 
  8. Click Finish when you see the Two-Factor Authentication Is On message.

    Finish button for Two-Factor Authentication via Facebook
     Jon Fisher

Prevention: Run Security Checkup

Facebook's Security Checkup feature adds additional security to your account. You can use Security Checkup to:

  • Log out of Facebook from unused browsers and apps.
  • Receive an alert when someone logs in to your account from an unrecognized mobile device or computer.

Prevention: Change Your Facebook Password Regularly

Resetting your password regularly is a good habit to adopt. You can do it at any time.

  1. Launch Facebook's menu from the down arrow in the upper right corner of the page.

  2. Click Settings.

  3. Click Security and Login in the left pane.

  4. Click Edit next to Change password in the Login section of the center pane.

    Edit button for Change Password system on Facebook's Security and Login page
    Jon Fisher 
  5. Enter your current password next to Current, type a new password in the New field, and then type the new password once more to confirm in the Re-type new text box.

  6. Click Save Changes.

    Password change fields and Save Changes button on Facebook Security and Login page
     Jon Fisher