Hacked Facebook Account: Immediate Recovery Steps

Regain control of your Facebook account

Facebook and its more than 2 billion active users are an attractive target for hackers. Some of the more successful hacks appear in the news, but many hacks are smaller and affect only some Facebook users.

Indicators that someone may have hacked your Facebook account are:

  • Your email or password has changed.
  • Your name or birthday has changed.
  • Fake friend requests have been sent from your account to people you don't know.
  • Friend requests have been sent to people who are already your friends.
  • Posts that you didn't create appear to be from you.
  • Friends receive messages from you that you didn't write.

If any of these telltale signs happen to you or you notice any other unusual activity, take fast action to protect your account.

When you think your Facebook account may have been hacked, change your password before you do anything else. If you no longer have access to your Facebook account, immediately follow the steps described below.

These directions work for any Facebook account. The steps described below require access to the desktop version of Facebook.com.

How Was My Account Hacked?

Hackers may have gained access to your Facebook account in any number of ways.

They could have guessed your password, or they may have set up an Evil Twin Wi-Fi hotspot at a coffee shop and stolen your credentials through a man-in-the-middle attack. Maybe you left your account logged in at a computer lab at your school or library, or hackers could be using your account from a stolen tablet or phone.

Regardless of how they managed to obtain your Facebook credentials, the best thing to do is move quickly to limit the amount of damage and try to prevent any further hacks.

Report a Compromise to Facebook

If you can't recover your Facebook password and access your account, you can still report a possible hack to the company and receive help to reset your password:

  1. Open Facebook's Report Compromised Account page.

  2. Click My Account Is Compromised.

  3. Enter the phone number or email address associated with your account, and then click Search.

  4. Type your current password or an old one, and then click Continue.

    Screenshot of a Facebook user's password
    Jon Fisher 
  5. Select one of the options from the list that indicate why you think your account has been hacked, and then click Continue.

    Facebook page for those worried they've been hacked showing options and Continue button
    Jon Fisher
  6. Facebook explains that you need to change your password and confirm that recent changes to your account came from you to keep your account secure.

    Click Get Started.

    Get Started button in Secure Your Account dialog page on Facebook
    Jon Fisher
  7. Follow the instructions provided to secure your account and change your password.

Alert Your Friends

Tell your Facebook friends that your account was hacked. Warn them not to click any links that may have come from your account during the time it was hacked and out of your control.

Hackers who compromised your account may have posted on your friends' pages or sent links in comments or private messages.

Delete Unknown Apps From Your Account

Eliminate any Facebook apps installed on your account that you don't recognize. While you're at it, delete apps you no longer use. At some point, you may have granted the apps access to some of your personal information.

  1. Open the Facebook menu by clicking the arrow in the top right corner.

  2. Click Settings.

    Settings menu option on Facebook web site
    Jon Fisher
  3. Click Apps and Websites from the left pane.

  4. Check the box next to the Facebook apps you want to remove, and then click Remove.

  5. Click Remove again on the confirmation prompt. You also have the opportunity to delete every post, photo, and video that the apps posted on your behalf.

    Remove button highlighted on a screenshot of Apps and Websites settings page on Facebook
    Jon Fisher

If you click View and edit on an app, it shows the level of access it has to your account and the information Facebook shares with it.

Also on the Apps and Website page are additional tabs at the top where you can find expired apps (apps that had access at one time, but their permissions have since lapsed) and past apps (which have been removed from your account).

Removed or expired apps still have the information shared with them while the apps were active, but they can no longer access that information from your Facebook account after they expire or are removed.

Clicking the tile for a removed or expired app tells you the best method to request that the app delete your information.

Prevention: Enable Two-Factor Authentication

Don't wait for the next hack to take steps to improve your Facebook security and privacy. To prevent your account from being compromised again, Facebook strongly recommends using two-factor authentication.

Activating this feature requires an additional form of authentication beyond your password when anyone attempts to log in to your account. The second form of authentication can be a number code texted to your phone or a code generated by a separate authentication app on your phone, or a smart key inserted into your computer's USB drive.

When you have two-factor authorization in place, someone could have full access to your password, but unless they also have your second means of authentication (like your phone or a physical token), they can't get into your Facebook account.

To enable two-factor authentication on your Facebook account:

  1. Click the down arrow in the upper right corner of Facebook to access the menu.

  2. Click Settings.

  3. Click Security and Login in the left pane.

  4. Click Edit next to Use two-factor authentication.

    Edit button for "Use two-factor authentication" section on Facebook's Security and Login page
    Jon Fisher
  5. You may be prompted to ensure your password. Enter it and then click Get Started.

    Get Started button highlighted on Facebook's Two-Factor Authentication page
    Jon Fisher 
  6. Select either Text Message or Authentication App, and then click Next.

    Next button on Two-Factor Authentication Facebook page showing Text Message or Authentication App as options
    Jon Fisher 
  7. If you choose Text Message, enter the code in the fields provided. If you choose Authentication App, launch it on your phone and follow the instructions.

    Two-Factor Authentication from Facebook showing 6-digit code fields and Next button
    Jon Fisher 
  8. Click Finish when you see the Two-Factor Authentication Is On message.

    Finish button for Two-Factor Authentication via Facebook
     Jon Fisher

Be wary of relying solely on text-message solutions for two-factor authentication. In addition to SIM spoofing (in which someone gets the phone company to reassign your number to a different device), if you lose access to your phone or you change phone numbers, you'll need help regaining access.

Prevention: Run Security Checkup

Facebook's Security Checkup feature adds additional security to your account. Use it to:

  • Log out of Facebook and Messenger from unused browsers and apps.
  • Receive an alert when someone logs in to your account from an unrecognized mobile device or computer.

Prevention: Change Your Facebook Password Regularly

Resetting your password regularly is a good habit to adopt. You can do it at any time.

  1. Launch Facebook's menu from the down arrow in the upper right corner of the page.

  2. Click Settings.

  3. Click Security and Login in the left pane.

  4. Click Edit next to Change password in the Login section of the center pane.

    Edit button for Change Password system on Facebook's Security and Login page
    Jon Fisher 
  5. Enter your current password next to Current, type a new password in the New field, and then type the new password once more to confirm in the Re-type new text box.

  6. Click Save Changes.

    Password change fields and Save Changes button on Facebook Security and Login page
     Jon Fisher
Was this page helpful?