How to recover a hacked Facebook account

Tips & tricks
10 mins

Think no one’s going to target your old Facebook account? In September 2023, Vox published an investigative report that uncovered a Facebook hacking syndicate operating in Vietnam that preferred older Facebook accounts because of the wealth of valuable information such accounts contain, like photos, sensitive data, and even credit card details.

Even if your account is disused, getting hacked can be risky, exposing not only yourself but also your contacts to identity theft. Here we have compiled a comprehensive guide outlining what steps to take in case you’ve become a victim of a Facebook hack, as well as measures to prevent getting hacked in the first place.

What does it mean when your Facebook account has been hacked?

For clarity, when discussing a Facebook account being hacked, we mean that it has been accessed without authorization. There are two possible reasons why a hack can happen: 

  1. A data breach: A data breach at Meta could lead to someone accessing your account without your authorization. If account passwords are left unencrypted on Meta’s servers (as they were found to be in 2019), a hacker could use that information to sign in to your account. 
  2. Bypassing account security: Using a weak password or divulging your password to others, while not having multi-factor authentication to strengthen your account security, can allow someone to gain unauthorized access to your account.

How to tell if your Facebook account was hacked 

While every account hack is different, some telltale signs include:

  • You’re unable to log into Facebook despite entering the correct password.
  • You’ve received unrequested password reset emails or emails prompting you to change your password.
  • Friends and followers have been alerting you of suspicious Facebook messages they’ve received from you.
  • You’ve noticed unauthorized changes on your profile, like a change in your Facebook name or other information.
  • You’re suddenly targeted with more Facebook scams and direct messages.
  • Posts, comments, or messages have been created or sent from or through your account—but not by you. 
  • You find sessions in your “Where You’re Logged In” information that you don’t recognize.

What to do if your Facebook account has been hacked

If you think your Facebook account has been hacked, acting quickly to regain control and protect your privacy is important. Here’s a general step-by-step guide on what to do: 

Step 1: Secure your email account 

Since your Facebook account is likely linked to your email address, securing your email first is crucial. Change your email password and enable two-factor authentication (2FA) to prevent unauthorized access.

Step 2: Change your Facebook password 

Once your email is secure, change your Facebook password, if it hasn’t already been changed by a hacker. Avoid using passwords that are easy to guess or that you’ve used in the past. Use a strong, unique password that combines upper and lowercase letters, numbers, and symbols.

Step 3: Log out of other sessions

Check your recent login activity to see if there are any unauthorized logins. If you notice any unfamiliar logins, log out of those devices and remove them from your trusted devices list.

Step 4: Delete unauthorized posts or messages 

Review your recent posts and messages to see if there are any that you didn’t create or send. If you find any unauthorized activity, delete those posts or messages and report them to Facebook.

Step 5: Strengthen your security settings

Check your Facebook security settings to make sure they are up to date. Enable two-factor authentication (2FA) to add an extra layer of security to your account. You should also review your trusted devices and remove any that you no longer recognize.

Step 6: Report the hack to Facebook 

Let Facebook know about the hack by reporting it to their help center. They can provide further assistance and help you secure your account.

How to recover your Facebook account if you still have access

If you’ve still got access to your Facebook account, here’s what to do instead: 

Step 1. Change your password immediately

As mentioned in the tips above, change your password immediately. This will prevent the hacker from reaccessing your account and using it for malicious purposes.

Step 2. Check where you’re logged into

If you suspect your account has been hacked, check where you’re currently logged in. This can help you identify any unauthorized access and take steps to secure your account. Most online services provide a way to view your recent login activity.  

On Facebook, you can go to Settings > Security and Login > See Recent Login Activity. This will show you a list of devices and locations where your account has been accessed. If you see any unfamiliar logins, you can log out of those devices and remove them from your trusted devices list.

Step 3. Report the incident on Facebook 

Reporting a hacking incident on Facebook helps the platform identify and address any security vulnerabilities it might have. Additionally, reporting the hack helps Facebook track the prevalence of hacking incidents and better understand the evolving tactics and techniques used by hackers. This information can be used to develop more effective security measures and raise awareness among users about the potential risks of online threats.

How to recover a hacked Facebook account you’ve been locked out of

While there’s no guarantee you’ll be able to recover your Facebook account if you’ve been locked out of it, Facebook offers specific steps for this scenario.

Head to Facebook’s Find Your Account page. Once there, you’ll be asked to enter your email address or mobile number. You’ll then be asked to reset your password through a code sent either through the email address or phone number. Follow the instructions to reset your password and gain access to your account again. Through a friend’s logged-in Facebook account, you can also go to your account page, select the three dots under your cover photo, select Find support or report profile > Something Else > Next > Recover this account

How to report a hacked Facebook account 

If you can still access your Facebook account and see that some changes have been made to it, you should report the hack to Facebook for investigation. Before reporting, try to gather evidence of the incident. This can include things like screenshots of unauthorized login attempts, unfamiliar posts or messages, or unusual notifications from friends. 

To report the incident, head to and click on “My Account Is Compromised.” You’ll be asked to enter an old or current password for verification. Then, follow the steps provided. You might also be asked for additional information and details about the incident.

Compromised Account
This is the screen you should get if you’re logged out of Facebook.

You’ll then be asked to enter your current or old password to report the hack.

Compromised Account—2
However, if you’re already logged in, you’ll see a different screen and must follow the steps outlined to report the hack.

However, if you’re already logged in, you’ll see a different screen and must follow the steps outlined to report the hack.

Screenshot 2023-12-06 at 4.00.28 PM

How to keep your Facebook account secure

Follow these preventative steps below to keep your Facebook account safe and secure and prevent future hacks.

Step 1: Create and use a strong and unique password 

When creating a password manually for any account, make sure to create one that’s at least 12 characters long and use a mixture of uppercase and lowercase letters, numbers, and symbols. To better protect your password security, it might be worth signing up for a password manager. A password manager stores all your passwords, requiring you to remember only one primary password to access all of them—allowing you to use stronger, more complicated passwords. Full-featured password managers cost money, but ExpressVPN offers one, called Keys, which is built into the app, and included in every subscription.

Step 2: Enable two-factor authentication on your account 

Two-factor authentication adds an extra layer of security to your account by requiring you to enter a one-time code, often from your phone, in addition to your password. This makes it much more difficult for someone to hack into your account, even if they have your password. 

Step 3: Disable third-party app connections

Third-party apps can access your Facebook data and potentially pose security risks. Regularly review the apps connected to your Facebook account and revoke access to any you no longer use or trust. To do this, go to Settings > Security and Login > Apps and Websites.

By disabling unused or untrusted third-party app connections, you can reduce the potential for unauthorized access to your Facebook data and enhance your overall account security.

Step 4: Set up alerts for unrecognized login attempts 

You can change your settings to receive login alerts. These act as early warning signals, notifying you when someone attempts to log in to your account from an unfamiliar device or location. By promptly receiving these notifications, you can be aware that someone is attempting to hack you and take action to protect your account if necessary. 

Step 5: Remove any payment methods linked to your account

Removing inactive or unused payment methods linked to your Facebook account. It eliminates potential vulnerabilities that could be exploited by unauthorized individuals or malicious software. Even if you trust these payment methods, keeping them linked to your Facebook account unnecessarily increases the risk of unauthorized charges.

Step 6: Add a backup email address to your account 

A backup email provides a reliable channel for regaining control of your account if your primary email address becomes compromised or inaccessible. If you lose access to your primary email, you can use the backup email to receive password reset instructions and regain entry into your Facebook account. This prevents you from being locked out of your profile and losing access to your connections, photos, and memories.

Step 7: Limit what people can see

By restricting who can see your personal information, posts, and photos, you minimize the risk of targeted attacks and data breaches. Limiting public access to your profile reduces the exposure of sensitive information to malicious actors who may exploit it for personal gain or identity theft.

Moreover, customizing your privacy settings lets you control who can contact you, send you friend requests, and tag you in posts. This helps filter out unwanted interactions. By carefully managing your privacy settings, you control your online presence and prevent unwanted intrusions.

Should I be worried if my Facebook has been hacked?

Yes, you should be worried if your Facebook account has been hacked. A typical Facebook account usually contains personal information like your name, email address, birthday, and even phone number. These types of information could be used to steal your identity, commit fraud, or even be used to stalk you physically.

Another problem is your account could be used to scam your contacts. For instance, a hacker could use your account to message your friends and family members to ask them for money. And finally, someone could start posting offensive content on your account while pretending to be you, to make you look bad.

What is the first thing to do when your Facebook account gets hacked?

The first thing to do when your Facebook account gets hacked is to change your password if it hasn’t already been changed by the hacker.

How long does it take for Facebook to resolve a hacked account?

According to cybersecurity service Cyrus, it might take between one to two weeks for Facebook to recover a hacked account if it’s without any significant complexities.

What happens if a Facebook hacker gets your phone number?

If a Facebook hacker gets your phone number, they might try to access another online account you might have. For example, since Facebook and Instagram are connected through their parent company, a hacker might then attempt to log into your Instagram account as well.

What does it look like when your Facebook has been hacked?

Some common signs that your Facebook account has been hacked include changes in your profile like your username, birthdate, or even profile description, if there are any. You might also notice things like a recovery email being added to your account, or you might find that posts have been created but not by you.

Can I recover my Facebook account without my email and phone number?

No, Facebook cannot recover your account without the email or phone number associated with the account. The platform needs to verify that it is, in fact you asking to recover your account and will need to send you a verification code to recover the account.

Phone protected by ExpressVPN.
Mask your IP address with a VPN

30-day money-back guarantee

Various devices protected.
Take the first step to protect yourself online. Try ExpressVPN risk-free.
What is a VPN?