Skip to main content

What to Do If Your Facebook Account Is Hacked

"Why would someone want to hack my Facebook account?" That may be the first thing that comes to mind for many non-celebrity users whose Facebook account is suddenly accessed or hijacked by intruders.

Credit: Tom's Guide

(Image credit: Tom's Guide)

In fact, having a Facebook account hijacked is not uncommon. There are many reasons someone might want to get control of your Facebook account. Stealing your personal information, including passwords you might use with banks and online retailers, is one major motivation. Forcing your Facebook account to share spam is another.

Whatever the reason may be, hacked social media accounts are a fact of life. It's important to know what to do when your Facebook account is hacked.

MORE: How to Protect Your Identity, Personal Data and Property

Here's a step-by-step guide to resolving a hacked Facebook account, with input from online security experts.

Check to make sure your account really has been hacked. If you notice suspicious activity on your Facebook account — such as changes to your name, birthday, email address or password; new sent messages or friend requests to people you don't know; posts appearing on your timeline that you did not post — then go to the upper right-hand corner of your Facebook page and click on the arrow there, revealing a drop-down menu.

Click Settings, and a new menu will pop up. Choose the Security option, then Where You're Logged In. If there is a login from a device that you don't recognize, then your account may have been hacked.

End the intruder's session. Click End Activity next to the device login that you don't recognize. This logs the intruder out of your account, at least temporarily. This limits the damage the intruder can do and allows you to continue regaining and securing control of your account.

Alert your contacts. If your account has been compromised, it likely has been used to contact people in your friends list. You'll need to tell them not to trust any links or install any apps that you had sent them — via wall postings, Facebook messages or Facebook email — while the intruder had control of your account.

Change your Facebook password. If the intruder has not changed your password, then changing it is easy. Click the same arrow you did when checking for suspicious logins, choose General on the left-hand menu, and edit your password from here.

"If you use the same password for multiple sites, it is best to change your passwords there as well," said Cosette Jarrett, a web-marketing specialist based in Salt Lake City. "If your password has been compromised on one site, chances are your accounts at other sites are in danger, too."

Reset your password, if the intruder has already changed it. Often, hackers will change your password once they have gotten control of your account, so it's not as simple as just going into your account settings and changing your password.

You'll have to reset your password by clicking the Forgot Your Password link underneath the Facebook login. You will need to provide information to identify yourself, such as the email address you used to register with Facebook, the phone number associated with your account, your Facebook username, or your name and the name of one of your Facebook friends. The last option may be best if you believe the person who hacked your account has changed any of your profile information.

Follow these tips for creating a secure password.

Report your compromised account. If ads or spam are being sent from your hacked account, you must report it as compromised, which you can do at this link. After reporting, you will receive further instructions from Facebook to resolve the issue.

Check for malicious apps. Once you have control of your account again, go to the same Settings menu where you checked for suspicious logins or changed your password, and click on the Apps option in the left-hand menu. Go through the list and check for any apps you did not add yourself, and click the X next to them to remove them.

Secure your Facebook account. Getting your Facebook account hijacked is not the end of the world. Having it happen to you, though, can be a good reminder to make sure your account is as secure as it can be.

Facebook itself offers a number of"security tips. You should use a unique password for Facebook, one that you do not use on any other sites; you should log out of Facebook when using a computer you share with other people; you should run antivirus software on your computer (even if it's a Mac); and you should be careful about the links you click on and the apps and files you download. You can also run a Security Checkup while logged in to your Facebook account.

MORE: How to Use Facebook's Security Checkup

Even if you have not been hacked, shoring up your Facebook security is a good idea. Because many Facebook account compromises are caused by external apps, consider limiting the number of apps you use.

Do not click on suspicious links or ads shared in your news feed, even when you trust the people who are doing the sharing — it's possible they themselves have been hacked. Always make sure your desktop web browsers and mobile operating systems are up to date. And be sure to sign out when you're done using Facebook for the day.

The same goes for other social networks. Twitter, Instagram, LinkedIn and others have all had user accounts compromised in various ways. As always, remain vigilant and be smart about what you do online, and you'll be just fine.