My Facebook was hacked. What do I do?

Here are the steps you can take to protect yourself in the event of a hack

Jonathan Livneh avatar
Written by Jonathan Livneh
Updated over a week ago

First, ask yourself these two questions:

1) Am I 100% sure I have not forgotten my password?

2) What makes me think I have been hacked?

Some typical signs include:

  • Blocked access— You may be suddenly logged out of your account and can no longer access it as your email and/or password are different.

  • Security email from Facebook— You have received an email from [email protected] or from the domain name "facebookmail" with a request for an email address or password change. The email will contain a link that will enable you to reject the request and revert to the original.

    • For best results, you must click this "secure account" link immediately upon receiving it.

  • Unusual login activity— In your account settings you can view the locations and timestamps of any logins, in addition to the devices used. You can log out of any session you do not recognize.

    • From your computer: Open your Facebook settings and go to Security and Login>Where You're Logged In.

    • From your iOS device (iPhone/iPad): Open the Facebook app, select the Menu tab at the bottom of your screen, then tap on the Settings & Privacy icon in the top right corner. Then go to Account>Password and Security>Where you're logged in.

  • High data usage— Like longer screen time, a higher-than-usual data usage on the app can signal an account breach.

  • Suspicious behavior— Any odd posts/comments/shares/direct messages sent from your account that you do not recognize can indicate compromise. This can also include strangers that you follow or who are in your friend list.

    • The best way to review all of your profile information is to access your activity log. It will allow you to examine every update or change made to your account, ranging from logins and logouts to Privacy Checkup interactions. You can find your activity log under Settings & Privacy>Your Information>Activity Log (iOS) or Settings & privacy>Activity Log (computer).

Primary Recovery Options

If you have been hacked, and can no longer access your Facebook:

  • Before you do anything, Secure the email account linked to your Facebook. All of the verification emails and login links to recover your account will be sent to this email address, so this is crucial. This means changing/confirming a unique password to your connected email account and enabling Two Factor Authentication.

  • Submit your ID for Photo Verification (Best method!)

    • This involves uploading a photo of your ID via the app, and is the best possible way to verify you are who you say you are.

    • Facebook usually reviews these within 1-2 business days

    • Once approved, they send you a login link to regain access to your account, and change the password.

  • Report your account as Hacked

    • Go to www.facebook.com/hacked and click on "My Account is Compromised." If you have never logged into Facebook from this device, you will be asked to enter the email or phone number linked to your account, as well as the current or old password.

      • If the password matches and you have 2FA enabled, you will need to provide a verification code to enter your account.

      • If the password doesn't match, Facebook will try to reset your password. Without access to your primary email and no alternate listed, you will be unable to move forward in the recovery process.

        • Facebook will keep prompting you to "Find your account" and "Reset your password" until you either supply your password or decide to create a new account.

      • Use a device and an IP address which are familiar to Facebook. This will speed up the process.

      • If you've enabled your "trusted contacts" feature in your settings, you can have one of these contacts send you a URL to receive a special security code. You must then transmit it to them, either over the phone or face to face, in order to access your account. This ensures that a hacker is not impersonating you.

  • Contact Meta Directly through an Ad Campaign Support Agent

    • This is a Last Resort option, but has been known to work. If you are really desperate, you can create (if you don't have one already) a FB Business Page.

    • Since your primary FB account is hacked, you will need to create another one to execute this option.

    • Once created (the Business Profile), start an Ad Campaign... it can be as cheap as you want.

      • Any paid Ad Campaign (once payment is initially processed) allows you to request Chat Support with a live Agent from Meta. Technically they are not supposed to help with general account issues, but they can if they choose to, so remember to be very kind and ask nicely, showing as much urgency as you can.

    • Once the payment is processed (at the end of whatever campaign term you set up; so don't make it more than a few days), go to https://www.facebook.com/business/help (or Ad Support from the app)

    • Scroll down and locate the ‘Still Need Help?’ section where it says ‘Contact our support team

    • Click either the Chat or Email button.

If you have been hacked, and can still access your Facebook, immediately:

  • Change your account password. Make it strong and unique, and do not share it with anyone. Because of the importance of a Facebook account, it should be changed every 6 months and can be stored in a password manager.

  • Enable two-factor authentication (2FA). You can do this directly from your account settings under Settings>Security and Login>Two-factor authentication (computer) or Settings & Privacy>Password and Security>Two-factor authentication>Use two-factor authentication (iOS). You may choose from an authenticator app, a security key, or SMS verification codes.

💡 Tip: If you already have 2FA activated but you selected SMS verification codes as your backup method, you should switch to a third-party authenticator app instead as the hacker may be able to intercept the code sent to your phone. However, if you use the authenticator app method and lose your phone, you will need to have access to your recovery codes or else you will be unable to enter your account.

  • Log out of devices you do not use. Remember to sign out of your account if you are not on your primary personal device. This not only includes public computers, but also extends to a friend or relative's device.

  • Check third-party access. You should remove access for third-party apps and websites you no longer use or trust. You can review them in your account settings under Security & Privacy>Permissions>Apps and Websites (iOS) or Settings>Apps and Websites (computer).

  • Secure your email account. Change your password so that it is strong and also different from your Facebook one.

Things to keep in mind with Facebook:

  1. You need access to the email address linked to your account, otherwise you will not be able to reset your Facebook password and fully recover your account.

  2. There is minimal customer service, so you will rarely be able to get a hold of a representative and will be urged to consult the Help Center instead.

Did this answer your question?