Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.
Another month, another Facebook scandal. What rarely makes the headlines is the silent struggle of thousands of users whose Facebook accounts got hacked. Facebook itself doesn’t offer much but a wall of silence and text. Do you know whether your account remains untouched?
If you suspect that your Facebook password was leaked or that your account was breached, you have to act fast. Facebook hackers could lock you out of your account and hassle your friends and family. Secure your Facebook account now or get it back before it’s too late. In this article we’ll show you how.
NB: If you’re using Facebook to log into other applications, like Spotify or Instagram, those applications have been involved in previous data breaches and may be targeted again in the future. So even if you don’t care about your Facebook account, we strongly recommend changing the respective logins or tightening your Facebook security to secure these third-party accounts.
How to Know If Your Facebook Account Was Hacked
So how do you know your Facebook account was hacked if nothing obvious has changed yet? If a Facebook hacker managed to get into your account, they will leave a trace.
Log into your Facebook account and click the arrowhead in the top right to expand a menu. From the menu, pick Settings and go to Security and Login or just use this direct link.
At the very top, you’ll see a list of devices from which you’ve most recently logged into your Facebook account and when they were active.
Click See More to expand that list and review older sessions.
Other signs that your account may have been hacked:
- Your personal data, including your password, email address, or name were changed by a third party.
- Friend requests and private messages were sent from your account without your doing.
- Your timeline contains posts you didn’t add or permit.
If you spot any suspicious activity in your logins or have seen one or more of these other signs, below is what you need to do, in the given order…
What to Do If Your Facebook Account Was Hacked
1a. Change Your Facebook Password
In case your Facebook hacker hasn’t changed your password, you got lucky! This is the time to update your password before you log out suspicious sessions (you don’t want to alert the hacker). If it’s too late, head to step 1b.
Under Settings > Security and Login, scroll down to Login and click Change password. Enter your current password, set a strong new password (possibly using a password manager like LastPass), and click Save Changes.
After changing your password, scroll back up to Where You’re Logged In. Either Log Out of individual sessions by clicking the three vertical dots or click the Log Out Of All Sessions option in the bottom-right after expanding the list. Do this only if you’re sure you can log back in.
We recommend logging out completely, provided your contact details and security settings are up to date. You don’t want to jeopardize your means of logging back in. If you’re unsure, manually log out of all recent sessions that seem suspicious.
From here, proceed to Step 3 if you think that your account has been abused.
1b. Reset Your Facebook Password
If the hacker did change your password and you can no longer log into your Facebook account , act quickly. Try to regain access. There is a Forgot your password? link underneath the Facebook login:
This will let you retrieve your password in several ways. First, you’ll have to Find Your Account. You can either enter the email address you used to register with Facebook or any other secondary email address you added, as well as your phone number.
If Facebook can find your account, you can choose how to Reset Your Password.
NB: If the hacker changed your email address, you should have received a message to the original address. Find this message because it contains a special link that will let you reverse the change and secure your account.
In my case, Facebook offered to send a recovery code to any of the email addresses I added to my account. We highly recommend that you specify multiple backup email addresses. Remember that you must keep those accounts equally secure, at least by using a strong password and ideally by enabling two-factor authentication.
Use the No longer have access to these? link if that’s the case. Facebook will ask how they can reach you to verify your identity. This can take a while.
If you believe that the Facebook hacker who has access to your account has been abusing it, proceed to step 2.
2. Report the Facebook Hack
If your account wasn’t simply hacked, but is sending out ads and spam to your friends, you must report it as compromised to Facebook using Facebook.com/hacked/.
You can also use this in case you have lost access to your account by means of a hacking attack. Facebook will help you recover access to your account.
3. Remove Suspicious Applications
Oftentimes, it’s not an evil person that randomly hacked your account. You may just have granted access to a malicious Facebook application which subsequently hijacked your account.
To remove suspicious applications, go to Settings > Apps and Websites and go through the list. Click Show All on all Active Apps and Websites, set a checkmark on apps or websites you’d like to remove, click the Remove button in the top-right, and confirm whether you’d also like to “delete all posts, photos and videos on Facebook” from these sources.
Alternatively, click the View and Edit link and change the app’s permissions, which includes options like app visibility, access to your personal information, and actions it can take.
4. Engage Damage Control
After doing everything you can to regain control over your hacked Facebook account and preventing further damage, inform your friends and family about what is going on.
This is a precautionary step in case the hacker has been abusing your account. If you presently can’t access your account, contact your Facebook friends through other social networks, by email, or have a mutual friend inform them via Facebook.
Improving Facebook’s Privacy and Security Settings
Once you’re back in control, we highly recommend that you review your Facebook settings.
- Under Settings > General, update your contact details, add additional email addresses or mobile phone numbers you have access to. Likewise, remove those you no longer have access to.
- Head to Settings > Security and Login to set up extra security measures, including alerts about unrecognized logins, two-factor authentication, and choose three to five trusted friends who can help you to recover your account should you get locked out.
- Under Settings > Privacy, choose the privacy settings you’re comfortable with. We recommend letting only friends see your future posts and retroactively limiting visibility of past posts.
Note that the single most important security feature you can enable on any of your accounts is two-factor authentication (what is two-factor authentication? ). We strongly recommend that you lock down all social accounts that offer this feature.
How Do You Keep Your Facebook Account Safe?
Once you get hacked, you’re forced to learn about all the mistakes you made. And hopefully, you’ll never make them again. This is the time to learn how hackers can attack your privacy and how to protect yourself against them. Hackers never stop evolving, so your knowledge of their tactics needs to keep up.
Are you concerned that your Instagram account has been hacked as well? Then follow our guide explaining what to do if your Instagram account has been hacked .