How To Recover a Hacked Facebook Account [Step by Step]

Share this:

J.R. Tietsort

Chief Information Security Officer at Aura

In this article:

    Identity theft and fraud protection for your finances, personal info, and devices.

    See pricing
    Share this:

    Was Your Facebook Account Hacked? Don’t Panic!

    When Kelly was notified that someone in Germany had signed in to her Facebook account, she knew something was seriously wrong. The Texas-based content creator doesn’t just use Facebook for keeping up with friends; she runs her business on social media — and the international hackers had put her livelihood in jeopardy [*].

    Despite using security precautions like two-factor authentication (2FA), Kelly got completely locked out of her Facebook account — losing tens of thousands of dollars in potential earnings almost instantly. 

    Unfortunately, Kelly’s story is far from unique. According to the Identity Theft Resource Center [*]:

    There has been a 1,000% increase in social media account takeovers over the past twelve months with Facebook accounting for 1/4 of all compromised accounts.

    Whether you’re a casual user or an influencer who runs a business on the platform, having your Facebook account hacked is a harrowing experience. If you think (or know) that your account has been compromised, you need to act quickly. 

    In this guide, we’ll explain how to tell if your Facebook account has been hacked and what you can do to try and recover it. 

    Here’s How To Tell If Your Facebook Account Was Hacked

    The scary truth is that it’s easier than ever for scammers to take control of your Facebook account. 

    In 2021, hackers stole and leaked personal data from 533 million Facebook users — including phone numbers, email addresses, and more [*]. These security data breaches don’t just put your social media accounts at risk, but also your identity and finances. 

    Cost of hacked social media accounts on the Dark Web
    Hacked social media accounts sell for as little as $25 on the Dark Web. Source: Dark Web Price Index

    If scammers take over your social media accounts, they can use them to scam your friends and followers or find sensitive information that they can use to steal your identity.  

    So, how can you tell if your Facebook account has been hacked? 

    Here are some of the most common warning signs of a compromised account: 

    • You’re unable to sign in to your Facebook account.
    • You receive a “password reset” email that you didn’t request.
    • Your friends and followers tell you that they’re getting suspicious direct messages (DMs) from your Facebook Messenger account that look like phishing scams.
    • You notice changes to your Facebook profile information (such as your name, birthday, address, etc.).
    • There are posts or comments on your Facebook page that you never made. 
    • People you don’t know receive friend requests from you.
    • You find sessions you don’t recognize in your “Where You’re Logged In” settings.
    Take action: If scammers have access to your Facebook account, your online bank and other sensitive accounts could be at risk. Aura monitors your passwords and sensitive personal information, and alerts you in near real-time to any signs of fraud. Try Aura’s top-rated identity theft protection service free for 14 days.

    Was Your Facebook Account Hacked? Here’s What To Do!

    As soon as you see any indication that someone has hacked your Facebook account, start by changing your password and tightening your security settings. It’s also a good idea to inform your friends and followers that your account was compromised, and report the incident to Facebook.

    However, scammers often move quickly to lock you out of a hacked Facebook account by changing your password and updating your phone number and email so that you can’t access your login or 2FA codes. 

    Here’s what to do, whether you still have access to your hacked Facebook account or have been completely locked out. 

    What To Do If You Still Have Access To Your Facebook Account

    If you suspect a hack but can still sign in to your account, consider yourself lucky!

    This is the best-case scenario when it comes to compromised accounts. That said, navigating the recovery process can be confusing.

    Here’s what to do:

    Step 1: Change your password

    Start by locking out hackers with a new password: 

    • On an iOS or Android device: Tap on the “Menu” icon in the bottom right corner of your screen in the Facebook app (right next to “Notifications”). Then, select “Settings & privacy,” and then “Password and security” in the menu that follows. Under the header marked “Login,” select “Change password” and follow the directions to create a new password.
    • From your web browser: Log in to your account at Facebook.com and then click on your profile photo in the upper right-hand corner of the screen. Then, select “Settings & Privacy,” then “Settings,” then “Security and Login.” Scroll down to the “Login” section to change your password.
    How to change your Facebook password on a desktop computer.
    How to change your Facebook password on a desktop computer. Source: TrustedReviews.com

    Step 2: Check where you’re logged in

    Now, it’s time to see if hackers still have access to your account. 

    In the same security settings menu that you just used to change your password, you’ll be able to view all of the locations where your Facebook account is being accessed. 

    Navigate back to “Password and Security” (or “Security and Login” on desktop). Just above the “Change password” option, you’ll see a section that says “Where you’re logged in.” This menu will show all the locations and devices that are logged in to your account. 

    Check your active Facebook sessions on mobile
    Check your Facebook account’s active sessions for suspicious devices. Source: Aura Team

    If you’re using a mobile device, tap on any suspicious logins and select “Secure Account.” You’ll be prompted through a few more steps that will help you protect your account.

    If you see multiple unauthorized logins, it’s a cybersecurity best practice to log out of all sessions at once.

    How to force log out unrecognized Facebook sessions
    Force any unrecognized sessions to log out. Source: SearchEngineJournal

    Step 3: Report the incident to Facebook

    Finally, you’ll want to let Facebook know about the incident. 

    Go back into your “Settings & Privacy” menu, and navigate to “Password and security.” Scroll all the way down to the “Get help” section, and select “If you think your account was hacked.” Follow the prompts to complete the reporting process.

    How to report fraud or hacks to Facebook
    Use Facebook’s internal resources to report the fraud. Source: Aura Team

    How To Recover a Hacked Facebook Account That You’ve Been Locked Out Of

    If you’re unable to get into your Facebook account, hackers may have already changed your account’s email or phone number. At this point, you’re essentially locked out and it will be much more difficult to recover your account.

    Even though Facebook’s official account recovery process is readily available online, many victims of aggressive Facebook account hackers have a hard time getting their accounts back. 

    This is because account recovery protocols are exactly what hackers use to take over Facebook (and other online accounts) to begin with. As a result, companies like Meta (Facebook’s parent company) are forced to make the process long, arduous, and (sometimes) unsuccessful.

    If you’ve lost control of your Facebook account, these are the most effective steps you can take to get it back:

    Step 1: Open Facebook on all of your devices

    If you’re usually logged in to Facebook on multiple devices, open your Facebook app or webpage on all of your devices and see if any of them are still logged in. 

    If the hacker forgot to log you out of each one, you might be in luck. See if any of your devices still open your Facebook page without logging you out first. If not, it’s time to get on with the account recovery process.

    Step 2: Find your account 

    First, make sure to start the process on a computer or mobile device that you typically use to access your Facebook account. 

    If you’re unable to log in to your account to change your password, visit facebook.com/login/identify. The page will prompt you to enter the email address or phone number that you used to create your account.

    How to find your Facebook account
    Facebook will ask you to submit the original email address or phone number that you used to sign up for your account. Source: Aura Team

    You can also enter your name or your Facebook profile URL into the search function if the search isn’t successful using your email address and phone number.

    Once you click “search,” the following page will show a list of Facebook accounts that match your search in some way. If you see your account, you can select it to begin the password reset process.

    Step 3: Change the email address connected to your Facebook account

    If the system is able to locate your account, it will ask to send a verification code to the address or phone number currently associated with the account. If the account or phone number listed do not belong to you, select “No longer have access to these,” and “Cannot access my email.”

    In most cases, Facebook will then start the process of changing the email address associated with your account. 

    If this still doesn’t happen, there are a few more steps you can take: 

    • Visit facebook.com/hacked and select “My account is compromised.” The page will ask you to enter your account’s current password, or a previous one that you used in the past. Once you enter your password, select “Secure my account,” and then, “I cannot access these.”
    Using an old password to verify your ownership over a Facebook account
    Facebook will ask for a current or previous password in order to start securing your account. Source: ExpertReviews
    • If the above steps don’t allow you to change your account’s email address, try using your mobile device. Log in using the Facebook app, select “Forgot password,” and choose the prompts indicating that you can’t access the account’s current phone number and email address.

    If you get far enough, you’ll fill out a form requesting a change to your account’s primary address, and submit a photo of your ID to Facebook support. From there, you’ll get an email to your account’s new address with a link to reset your password.

    Step 4: Set up a recovery email address

    Once you finally gain access to your account, go straight into your “Settings & Privacy” menu. Choose “Settings,” then “General.” From there, you can edit and delete any contact information associated with your account and remove any details that you don’t recognize as your own.

    How to update your contact information after your Facebook account was hacked
    Update your contact information to a secure email or phone number. Source: TrustedReviews.com

    Step 5: Clean up your account settings

    Your next stop is the “Security and Login'' menu. Download an authenticator app on your mobile device and use it to set up two-factor authentication (2FA) for your Facebook account.

    How to add 2FA to your Facebook account
    Set up 2FA with an authenticator app to secure your Facebook account. Source: HotspotShield.com 

    Next, visit “General” and remove the hacker’s phone number, email address, and any other unfamiliar contact information.

    Review the devices and locations listed under “Where you’re logged in,” and make sure everything looks accurate.

    Finally, visit the “Setting up extra security” section and sign up for alerts that notify you whenever Facebook detects a sign-in on an unusual web browser or unrecognized device.

    How To Report Someone Impersonating You on Facebook

    It’s well-known that scammers use fake accounts, fake websites, and fake stories to trick people into falling for their scams. But the deception is even more effective if they use a real person’s profile or identity instead of fabricating one from scratch.

    If you discover a hacker has created a new account using your name, profile picture, and photos, you’re dealing with an impersonation account set up by scammers. They can use it to run various types of scams, including contacting people on your friends list who will think that they’re communicating with you.

    To get rid of the scam account, report the fake account to Facebook. Click on the three dots on the cover photo of the account’s profile, and select “report” on the menu that pops up. From there, you’ll be able to flag it as an impersonation account. 

    To speed up the process, you can ask friends and family members to report the fake account on your behalf. 

    💡 Related: The Worst Social Media Scams of 2023

    How To Protect Your Facebook Account From Hackers

    Recovering a hacked Facebook account is a long and frustrating process. It’s always easier to proactively protect your account against hackers and scammers.

    Here’s how to secure your Facebook account before it gets hacked:

    • Use strong, unique passwords for all of your online accounts. Set up a password manager to generate strong passwords, and keep them in a secure place where you can access them quickly and easily when needed. Aura’s password manager will even warn you if your account is vulnerable or has been compromised in a recent data breach
    • Enable two-factor authentication on all sensitive accounts. 2FA adds an extra layer of security to your Facebook, banking, and email accounts. Don’t rely on SMS for receiving 2FA codes as they can be intercepted or hacked. Instead, use an authenticator app such as Google authenticator or Microsoft authenticator.
    • Disable third-party apps that are connected to your Facebook account. This way, if hackers do get in to your account, they won’t have immediate access to other personal accounts and apps. Visit “Settings & Privacy,” continue to “Settings,” and then click “Apps and Websites” on the menu to the left.
    • Set up alerts for unrecognized login attempts. Under “Setting up extra security” in your “Settings & Privacy” menu, you can turn on alerts that will notify you whenever someone signs in to your account using a new device or browser. If you don’t recognize the activity when you get the alert, you’ll know immediately that your account has been compromised.
    How to set up alerts for unrecognized logins on your Facebook account
    • Remove any payment methods that are linked to your account. While these features are convenient, they present a security risk if your account gets hacked. It’s best to keep all financial information out of your Facebook account entirely.
    • Add a backup email address to your account. If you ever need to recover your account, having an extra email address linked will help you find your account more easily. You’ll also get security notifications sent to more than one place, which increases the chances that you’ll get those alerts in time to take action.
    • Be careful what you post! Limit the amount of personal information that you share on Facebook, especially when it comes to private details including your phone number, home address, hometown, and family members.
    • Tighten up the privacy settings on your Facebook account. Choose the strictest security options wherever possible, and take advantage of Facebook’s “Privacy checkup” feature to get a full picture of your account’s overall security status.
    Facebook's privacy checkup tool
    Facebook’s privacy checkup tool can help you protect your personal information online. Source: Facebook
    • Install antivirus software and a virtual private network (VPN) to protect your device at all times from malware, spyware, and hackers. This is one of the most important digital security measures that you can take. 
    • Use Aura’s free Dark Web scanner to see if your account logins or passwords have been compromised. Aura scans recent data breaches and Dark Web sites and forums for your personal information. If after using the scanner you find any personal information, make sure to update your account numbers, passwords, and security settings. 
    Aura's free Dark Web scanner

    The Bottom Line: Keep Your Social Media Accounts Safe From Scammers

    A hacked Facebook account can quickly turn into a nightmare situation. Do everything you can to proactively protect your account — including tightening your Facebook security settings and practicing good cyber hygiene

    If your account has been hacked, act quickly to recover it. Then, protect yourself from future scams (or even identity theft) by using Aura. 

    With Aura, you get:

    • Proactive digital security tools (antivirus, VPN, Safe Browsing tools, etc.). Aura helps prevent scammers from accessing your passwords and sensitive information with easy-to-use tools like powerful antivirus software, a military-grade virtual private network, and more.
    • Top-rated identity theft protection. Aura monitors your most sensitive information — including all of your passwords — and alerts you in near real-time if any of your data has been compromised. 
    • 24/7 credit, bank, and investment account monitoring with 4x faster fraud alerts. Scammers almost always target your bank accounts and finances. Aura constantly monitors your financial accounts and alerts you of any suspicious activity.
    • $1,000,000 insurance policy for eligible losses due to identity theft. If the worst should happen, you’ll have peace of mind in knowing you’re covered by Aura’s extensive identity theft insurance. 
    Keep scammers out of your Facebook account. Try Aura free for 14 days.

    Related Articles

    My Instagram was hacked. Help!
    Fraud

    How to Recover a Hacked Instagram Account [Step by Step]

    Was your Instagram account hacked? Don’t panic. Follow this step-by-step guide on what to do if your Instagram is hacked and you’ve been locked out.

    Read More
    January 16, 2023
    What to do if a scammer has your email address: Header image
    Fraud

    10 Ways Scammers Hack You With Your Email Address

    Your email address is a precious commodity for fraudsters. Here’s what you should do if a scammer has your email address to stay safe.

    Read More
    December 8, 2022

    Try Aura—14 Days Free

    Start your free trial today**

    This is some text inside of a div block.

    Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

    1. Financial identity theft and fraud
    2. Medical identity theft
    3. Child identity theft
    4. Elder fraud and estate identity theft
    5. “Friendly” or familial identity theft
    6. Employment identity theft
    7. Criminal identity theft
    8. Tax identity theft
    9. Unemployment and government benefits identity theft
    10. Synthetic identity theft
    11. Identity cloning
    12. Account takeovers (social media, email, etc.)
    13. Social Security number identity theft
    14. Biometric ID theft
    15. Crypto account takeovers