How to Recover a Hacked Facebook Account
Even technically sophisticated friends are currently being ‘hacked’ on Facebook – here’s how to avoid it and how to make sure your hacked account is fully restored.
Usually, accounts are “hacked” because someone somehow gets hold of your password. It’s especially bad for Facebook, because people often use Facebook to log into other things – so if someone gets into your Facebook account, they have access to a bunch of other things too.
If your account has been hacked
Your account being “hacked” can take many forms. Maybe someone is sending messages on your behalf, posting as you, or doing something else weird.
If you can still log in, you’re in luck; here’s what to do:
Change your password right away – that’s your first step, if you still have the power to do so. If you cannot log in, request a password reset. If it doesn’t work, it’s possible that someone has changed the email address on the account. There is also a way to deal with it.
Report the strange behavior to Facebook so they can help prevent it from happening to others.
Go to your security settings and see if you are recognized everywhere you are logged in. If you don’t recognize a location or device, tap the three-dot menu and select “not you?”. This will log you out and help you further secure your account.
Check that you recognize all apps and websites that have access to your Facebook account. Same as above; if there is something you don’t recognize, press “remove”.
In your general settings, check the email addresses Facebook has listed for you. If there is anything there that is not yours, remove it.
Change your password one more time, now that you know hackers (in theory) can no longer access your account. It must be a secure password (with letters, numbers and special characters). Do not reuse your password from another location. Ideally, you can use a password manager to ensure that you can keep track of all your different passwords, and use higher quality passwords in general.
Turn on two-factor authentication. That means even if your password was somehow stolen, they can’t log in without also having access to your phone or authenticator app.
And finally, every time something weird happens with your security and/or social media, change your email password. It’s bad enough to lose access to your social accounts, but your email is the holy grail for hackers, so it’s a really good idea to rotate your password regularly (every 1-3 months) and change it when something weird happens happens.
How to avoid getting hacked
The most common way a Facebook account is compromised is by tricking you into giving the hackers your password. You might get a Messenger message from a friend on Facebook that says something like, “OMG, did you see who died?” with a link. You click on the link, it looks like Facebook, but suddenly you are asked to log in again. You think nothing of it and you enter your email and password… Uh-oh. Problem: The site you just gave your password to isn’t actually Facebook, and now the have your password.
The best way to avoid this is to follow the steps above and turn on two-factor authentication. So beware: When you sign in, you’re signing in to a site that starts with If not – if it looks like ffacebook.com or facebook.this-is-a-security-notification.com – don’t enter your password. The safest bet is usually to manually type Facebook.com into the URL bar if you’re using a web browser.
Remember that the Facebook app has a built-in browser. So it’s possible you’re “in” the Facebook app, but it might ask you for a password. It looks legit – how could it not be, this is the Facebook app – but use your head; if you are already in the app why is it asking you to sign in? In short: If it seems strange, it is strange – don’t enter your password!
Check the apps that have access to your Facebook account (see above) semi-regularly. If you recognize an app, but you haven’t used it in a while and you don’t think you need it – delete it. You can always add it back later.