Facebook Account Hacked? Here's How To Take Back Control

Facebook hacks make you race against the attacker to recover your account before they lock you out. Learn how to win this race.
We receive compensation from the products and services mentioned in this story, but the opinions are the author's own. Compensation may impact where offers appear. We have not included all available products or offers. Learn more about how we make money and our editorial policies.

Facebook's popularity makes it a fertile ground for online scams. Apart from causing stress, these attacks can cost you a lot of time and money. You can stop them by using a good antivirus program and adopting some basic security habits.

If a hacker targets you, acting quickly is essential. You should change your passwords, close unknown sessions, and enable two-factor authentication. If you're locked out of your account, all you can do is report a hack to Facebook. Recovery takes longer in this scenario and has a good chance of failure.

Keep reading to learn how to stop hackers and what to do if your Facebook account has been hacked.

In this article
Has your Facebook account been hacked? Here’s how to tell
What to do if you can still access your hacked Facebook account
What to do if you’re locked out of your hacked Facebook account
How to protect your Facebook account from hackers
Facebook account hacked: What to do FAQ
Bottom line

Has your Facebook account been hacked? Here’s how to tell

Some Facebook scams, like phishing, can be complicated to identify in time. However, every attack has its telltale signs; you just have to learn to recognize them.

Here are the most common indicators that your Facebook account has been hacked:

  • You can’t log in: Hackers will often change your password and lock you out of your account.
  • Unrequested password reset emails: If you get this email, a hacker is likely trying to reset your Facebook password.
  • Alerts from contacts: Hackers will message your friends and ask them for money. They can also use your account to attack your contacts. Attackers will also send friend requests to people you may know, so be on the lookout for those.
  • Changes on your profile: Hackers might change your profile photo or alter your account in other ways.
  • Scam messages: You'll see messages to your contacts that you didn’t send.
  • Strange posts and comments: The attacker will try to impersonate you to scam your contacts. So, they'll likely post something or comment on your friends' posts.
  • Unrecognized active sessions: You'll see suspicious recent login activity and unknown devices on your account.

This is not an exhaustive list; hackers are constantly developing new ways of attacking people. However, all Facebook Messenger scams and Facebook Marketplace scams have red flags, so we recommend staying vigilant. If something feels off, it's always better to investigate and prevent it than deal with the fallout.

What to do if you can still access your hacked Facebook account

If you can still access your hacked Facebook profile, you have some options at your disposal. The situation is not good, but not hopeless either. At this point, you'll race your attacker, who wants to lock you out of your account. The idea is to lock them out first. Here's what to do the moment you confirm a hack.

Secure your email

Securing the email address linked to your hacked Facebook account is crucial. You’ll want to create a stronger password to stop brute force attacks and social engineering. Consider a combination of letters, numbers, and symbols. The process may vary, depending on the email platform.

Here's how to do it on Gmail:

  1. Go to email settings
  2. Under the Security tab, select Signing into Google
  3. Choose Password. Sign back in if needed.
  4. Enter a new password, then select Change Password

Change Password form on Facebook

Using two-factor authentication is another way to protect your email. It adds a security layer by requesting confirmation for each login attempt. This is also located in the Security tab in the Google Account settings.

2-Step Verification set up page on Facebook

Change your Facebook password

You should also change your Facebook password and update your Facebook privacy settings. Here's how to do it:

  1. Go to your profile picture in the top-right and click Settings and privacy
  2. Click Settings
  3. Select Accounts Center, then click Passwords and security
  4. Choose Change password and choose the account to update
  5. Enter your current password and then the new one
  6. Click Change password

Facebook's password and security page

You can also enable 2FA on your Facebook account. If you do, you'll be prompted to enter a special code every time you try to log in from a new device. So, if an attacker tries to log into your account, you'll get a warning, which buys you time to change the password.

Close the sessions you don’t recognize

You can check the devices currently logged in to your Facebook account. If you notice a session you do not recognize, close it immediately. Here’s how:

  1. Go to your Security and login settings
  2. Go to Where you’re logged in
  3. Click See more to view all sessions
  4. Find the session you want to end, click the three vertical dots, and click Log out

Facebook's Security and Login Information page

Inform your contacts

Scammers often use hacked Facebook accounts to attack more people. They'll send messages to your friends, trying to trick them. Since your contacts trust you (presumably), hackers don't have to waste time establishing trust with their new victims. You can protect your contacts by warning them to ignore all messages from your account.

Report the hack to Facebook

One of the most important steps is to report the hacked account to Facebook. Reporting the issue quickly can help Facebook investigate the hack. Here’s what to do:

  1. Go to Facebook's hacked page
  2. Select the option that best fits your situation
  3. Click Continue and follow the instructions

Facebook's hack report page

What to do if you’re locked out of your hacked Facebook account

Having access to your hacked account gives you a significant advantage. If you're locked out, you still have some options, but it's an uphill battle. It takes longer to recover your account, and there's no guarantee.

First, you can go to Facebook's hacked page and follow the instructions. This is what Facebook recommends in these situations. You can also visit Facebook's Hacked and Fake Accounts page and use this tool to solve the problem.

Finally, you can attempt recovery from the Find your account page. It will allow you to locate your account based on the associated email or phone number. You can also use a nickname or get one of your contacts to find the account for you. From here, you can try to reset your password if the scammer hasn't hacked your email.

How to protect your Facebook account from hackers

It's always better to stay proactive with your security than reacting to attacks. Here's how to boost your scam prevention setup in a few easy steps:

  • Create strong and unique passwords: Use passwords no one can guess. Avoid info scammers can find online (your birthday, for example). Use letters (upper and lowercase), numbers, and symbols. Never use a password more than once. Don't share private info hackers can use for social engineering scams (especially answers to your secure questions).
  • Block Facebook ads: Although harmless looking, Facebook ads can contain malicious links. They can infuse your account with malware if you click on them.
  • Enable login alerts: These notifications will warn you when someone logs in to your Facebook account from an unknown device.
  • Avoid linking third-party apps to Facebook: Modern apps ask for all sorts of permissions they don't need to function. Linking them to your Facebook account will share a lot of personal info with third-party publishers. Some of these entities might be malicious and use this data to attack you.
  • Use a password manager: The best password managers will keep your login credentials away from prying eyes. They also make important passwords easier to access since they collect them all in one place. You should never write down your passwords.
  • Don’t link payment methods to your account: Keeping your payment data away from Facebook will secure it from hackers.
  • Use a backup email address: If a hacker changes your Facebook email password, having a backup email is an ideal recovery option.
  • Use reliable antivirus software: A good antivirus program can protect you from malicious software, phishing, and other attacks.
  • Use a secure VPN: A solid VPN service, like NordVPN, can boost your online privacy, hide your traffic from scammers, and prevent accidental data leaks.

The best antivirus software to protect your Facebook account

We can't overstate the importance of real-time malware protection. It lets you detect, stop, and remove threats before they infect your account or system. Each of our top 3 picks can stop hackers in their tracks and protect your Facebook account:

  • McAfee: McAfee has been a trusted name in malware protection for years, with good reason. It includes features like identity and credit protection, a password manager, and a VPN for more security.

    Get McAfee | Read McAfee Review

  • Avast: Avast’s free version can boost your security on a budget. It includes real-time malware protection with a web tracker blocker.

    Get Avast | Read Avast Review

Facebook account hacked: What to do FAQ


What will happen if someone hacks my Facebook account?

If someone hacks your Facebook, they’ll gain access to your private information and anything tied to your account. They can steal anything from your credit card number to your identity. They’ll also use your account to attack your contacts and steal their info.


What are the signs of a hacked Facebook account?

There are many telltale signs of a hacked Facebook account. The most common ones are unknown login sessions, changes to your information, and password changes.


How do hackers get Facebook passwords?

Sometimes hackers get Facebook passwords by using techniques like phishing. Social engineering can be used by scammers to trick you into sharing private data that will lead them to your account. They can also use brute force attacks to try and guess your password.


What is the first thing you should do when you get hacked?

When you get hacked, the first thing you should do is secure the email address linked to your Facebook account. The next step is to change your passwords using strong and unique combinations for better security. Lastly, you should notify Facebook about the hacked account.


Do I have to close my Facebook account if I’ve been hacked?

If you've been hacked, you do not necessarily need to close your Facebook account. You have some recovery methods at your disposal. However, if a hacker locks you out of your account, you might not be able to recover it.


Can I recover my Facebook account without my email and phone number?

You can recover your Facebook account without your email and phone number, but it may not be easy. You can reverse the problem by having a backup email address.

Bottom line

Staying vigilant and acting quickly is essential for recovering a Facebook account. You should learn to recognize attacks and what to do once they happen. If you've already fallen victim to scammers, you must know how to deal with attackers. Finally, you can adopt some basic security habits to prevent future attacks.

We have some tools that can help you with this. Primarily, you should install a VPN and a good antivirus program. Together, they'll boost your online privacy, mask your traffic, and protect you from malware and various popular scams.

No Fuss, Real-Time Online and Mobile Protection
Editorial Rating
Learn More
On TotalAV's website
Antivirus Software
First year discount on paid plans
  • Real-time protection from viruses, malware, and online threats
  • Blocks tracking cookies and ads, proactively monitors for data breaches, and option to schedule smart scans
  • 100% compatible with Windows, Mac, Android, and iOS operating systems on up to 3 devices
  • Lacks firewall protection

Author Details
Patti Croft is a seasoned writer specializing in technology, with three years of experience. With a B.S. in Computer Science and a background as a technical analyst and security specialist, she covers a range of topics like data security and parental control software.