Skip to main content

What to do if your Facebook account Is hacked

"Why would someone want to hack my Facebook account?" That may be the first thing that comes to mind for many non-celebrity users whose Facebook account is suddenly accessed or hijacked by intruders.

In fact, having a Facebook account hijacked is not uncommon. There are many reasons someone might want to get control of your Facebook account. Stealing your personal information, including passwords you might use with banks and online retailers, is one major motivation. Forcing your Facebook account to share spam is another.

Whatever the reason may be, hacked social media accounts are a fact of life. It's important to know what to do when your Facebook account is hacked.

Here's a step-by-step guide to resolving a hacked Facebook account, with input from online security experts.

Check to make sure your account really has been hacked

If you notice suspicious activity on your Facebook account — such as changes to your name, birthday, email address or password; new sent messages or friend requests to people you don't know; posts appearing on your timeline that you did not post — then go to the upper right-hand corner of your Facebook page and click on the arrow there, revealing a drop-down menu.

Click Settings, and a new menu will pop up. Choose the Security and Login option, then Where You're Logged In. If there is a login from a device that you don't recognize, then your account may have been hacked.

End the intruder's session

Click the three vertical dots next to the device login that you don't recognize, then Not You or Log Out. This logs the intruder out of your account, at least temporarily. This limits the damage the intruder can do and allows you to continue regaining and securing control of your account.

Alert your contacts

If your account has been compromised, it likely has been used to contact people in your friends list. You'll need to tell them not to trust any links or install any apps that you had sent them — via wall postings, Facebook messages or Facebook email — while the intruder had control of your account.

Change your Facebook password

If the intruder has not changed your password, then changing it is easy. Click Security and Login again, then scroll down to Change Password.

"If you use the same password for multiple sites, it is best to change your passwords there as well," said Cosette Jarrett, a web-marketing specialist based in Salt Lake City. "If your password has been compromised on one site, chances are your accounts at other sites are in danger, too."

Reset your password if the intruder has changed it

Often, hackers will change your password once they have gotten control of your account, so it's not as simple as just going into your account settings and changing your password.

You'll have to reset your password by clicking the Forgot Your Password link underneath the Facebook login. You will need to provide information to identify yourself, such as the email address you used to register with Facebook, the phone number associated with your account, your Facebook username, or your name and the name of one of your Facebook friends. 

The last option may be best if you believe the person who hacked your account has changed any of your profile information.

Follow these tips for creating a secure password.

Report your compromised account

If ads or spam are being sent from your hacked account, you must report it as compromised, which you can do at this link. After reporting, you will receive further instructions from Facebook to resolve the issue.

Check for malicious apps

Once you have control of your account again, go to the same Settings menu where you checked for suspicious logins or changed your password, and click on the Apps option in the left-hand menu. Go through the list and check for any apps you did not add yourself, and click the X next to them to remove them.

Secure your Facebook account

Getting your Facebook account hijacked is not the end of the world. Having it happen to you, though, can be a good reminder to make sure your account is as secure as it can be.

Facebook itself offers a number of security tips. You should use a unique password for Facebook, one that you do not use on any other sites; you should log out of Facebook when using a computer you share with other people; you should run some of the best antivirus software on your computer (even if it's a Mac); and you should be careful about the links you click on and the apps and files you download. You can also run a Security Checkup while logged in to your Facebook account.

Even if you have not been hacked, shoring up your Facebook security is a good idea. Because many Facebook account compromises are caused by external apps, consider limiting the number of apps you use.

Do not click on suspicious links or ads shared in your news feed, even when you trust the people who are doing the sharing — it's possible they themselves have been hacked. Always make sure your desktop web browsers and mobile operating systems are up to date. And be sure to sign out when you're done using Facebook for the day.

The same goes for other social networks. Twitter, Instagram, LinkedIn and others have all had user accounts compromised in various ways. As always, remain vigilant and be smart about what you do online, and you'll be just fine.