Help! My Facebook Account Has Been Hacked

Regain control of your Facebook account

Shocked girl looking at notebook computer

AIMSTOCK / Getty

Facebook and its more than 2.2 billion active users are an attractive target for hackers. Some of the more successful hacks appear in the news, but many hacks are smaller and affect only some Facebook users. Here are indicators that someone may have hacked your account:

  • Your email or password has changed.
  • Your name or birthday has changed.
  • Friend requests have been sent to people you don't know from your account.
  • Friend requests have been sent to people who are already your friends.
  • Posts that you didn't create appear to be from you.
  • Friends receive messages from you that you didn't write.

If any of these telltale signs happen to you or you notice any other unusual activity, take fast action to protect your account.

When you think your Facebook account may have been hacked, change your password before you do anything else. If you no longer have access to your Facebook account, take these immediate steps.

Report a Compromise to Facebook

When you can't access your Facebook account, you can still report a possible hack to Facebook and receive help to reset your password:

  1. Select one of the options from the list that indicate why you think your account has been hacked. Select Continue.

    Facebook page for those worried they've been hacked showing options and Continue button
  2. Facebook explains that you need to change your password and confirm that recent changes to your account came from you to keep your account secure. Click Get Started.

    Get Started button in Secure Your Account dialog page on Facebook
  3. Follow the instructions provided to secure your account and change your password.

Alert Your Friends

Alert your friends that your account was hacked. Warn them not to click on any links that may have come from your account during the time it was hacked and out of your control — hackers who compromise your account may post on your friends' pages or sent links in chat sessions or Facebook messages.

Delete Unknown Apps From Your Account

Eliminate any Facebook apps installed on your account that you do not recognize. While you're at it, delete apps you no longer use. At some point, you may have granted the apps access to some of your personal information.

  1. Open the Facebook menu by clicking the arrow in the top right corner.

  2. Click Settings from the menu.

    Settings menu option on Facebook web site
  3. In the left pane, click Apps and Websites.

  4. Check the box next to active apps and websites that are installed and then click Remove.

    Remove button highlighted on a screenshot of Apps and Websites settings page on Facebook

Clicking View details on the active apps displayed on the Apps and Websites page reveals the level of access that each item has to your account and the information Facebook shares with it.

Also on this page, you can click on the additional tabs to see apps whose access to your Facebook account has Expired (apps that had access at one time, but their permissions have since lapsed), and past apps that have been Removed from your account.

Removed or expired apps still have the information that was previously shared with them while the apps were active, but they can no longer access that information from your Facebook account after they expire or are removed. Clicking on the tile for a removed or expired app tells you the best method to request the app delete your information.

Prevention: Enable Two-Factor Authentication

Don't wait for the next hack to take steps to improve your Facebook security and privacy. To prevent your account from being compromised again, Facebook strongly recommends enabling Facebook's two-factor authentication. Enabling this feature requires an additional form of authentication beyond your password when anyone attempts to log in to your account.

The second form of authentication can be a number code texted to your phone or a code generated by in a separate authentication app on your phone. After entering the code, the login to your account continues.

To enable two-factor authentication:

  1. Click the down arrow in the upper right corner of the Facebook page to open the Facebook menu.

  2. Click Settings from the menu.

  3. In the left pane, click Security and Login.

  4. Click Edit next to Use two-factor authentication.

    Edit button for
  5. Click the Get Started button.

    Get Started button highlighted on Facebook's Two-Factor Authentication page
  6. Select either Text Message or Authentication App and enter your information.

    Next button on Two-Factor Authentication Facebook page showing Text Message or Authentication App as options

    

  7. If you chose Text Message, enter the code in the fields provided. If you chose Authentication App, launch it on your mobile phone and follow the instructions.

    Two-Factor Authentication from Facebook showing 6-digit code fields and Next button
  8. Confirm the message Two-Factor Authentication Is On appears at the top of the screen.

    Finish button for Two-Factor Authentication via Facebook

Prevention: Run Security Checkup

The Security Checkup feature adds additional security to your account. Use Security Checkup to:

  • Log out of Facebook from unused browsers and apps.
  • Receive an alert when someone logs in to your account from an unrecognized mobile device or computer.

Prevention: Change Your Facebook Password Regularly

Resetting your password regularly is a good habit to adopt. You can do it at any time.

  1. Open the Facebook menu by clicking the down arrow in the upper right corner of the page.

  2. Click Settings.

  3. In the left pane, click Security and Login.

  4. In the Login section of the center pane, click Change password.

    Edit button for Change Password system on Facebook's Security and Login page
  5. Enter your Current password. Fill in your New password and enter it again to confirm it.

  6. Click Save Changes.

    Password change fields and Save Changes button on Facebook Security and Login page

How Was My Account Hacked?

There are any number of ways hackers may have gained access to your Facebook account. They could have guessed your password, or they may have set up an Evil Twin Wi-Fi Hotspot at a coffee shop and stolen your credentials through a man-in-the-middle attack. Maybe you left your account logged in at a computer lab at your school or library, or maybe hackers are using your account from a stolen tablet or phone.

Regardless of how they managed to obtain your Facebook credentials, the best thing you can do is move quickly to limit the amount of damage they do and take steps to prevent any further hacks.