What to do if your Facebook account Is hacked

“Why would someone want to hack my Facebook account?” may be the first thing that comes to mind for those who aren’t celebrities but have had their Facebook account taken over by cybercriminals.

However, having your Facebook account hacked is actually not that uncommon. There are many reasons why someone might want to gain access to your Facebook account. While stealing your personal information like your passwords and other credentials is one major motivation, forcing your Facebook account to share spam with your friends online is another.

Whatever the reason may be, hacked social media accounts have become a part of life. This is why it’s important to know the steps you can take to recover your Facebook account once you’ve discovered it’s been hacked.

This is a step-by-step guide on recovering a hacked Facebook account along with next steps you should take to ensure it doesn’t happen again with input from several cybersecurity experts. (And don't miss our guides to how to make yourself anonymous on Facebook, how to block and unfriend someone on Facebook, and how to protect your identity, personal data and property.)

1. Check to make sure your account really has been hacked

If you notice suspicious activity on your Facebook account including changes to your name, birthday, email address or password, new sent messages or friend requests to people you don’t know or posts appearing on your timeline you didn’t post – then go to the upper right-hand corner of your Facebook page and click on the arrow there which will reveal a drop-down menu.

Click Settings and Privacy > Settings and a new menu will pop up. Choose the Security and Login option and then Where You’re Logged In. If there is a login from a device or place you don’t recognize, then your account may have been hacked. 

2. End the intruder's session

Click the three vertical dots next to the device login that you don't recognize, then Not You? or Log Out. This logs the intruder out of your account, at least temporarily. This limits the damage the intruder can do and allows you to continue regaining and securing control of your account.

3. Alert your contacts

If your account has been compromised, it likely has already been used to contact people from your friends list. You'll need to tell them not to trust any links or install any apps that you had sent them — via wall postings, Facebook messages or Facebook email — while the intruder had control of your account.

4. Change your Facebook password

If the intruder has not changed your password, then changing it is easy. Click Security and Login again, then scroll down to Login and then click Change Password.

"If you use the same password for multiple sites, it is best to change your passwords there as well," said Cosette Jarrett, a web-marketing specialist based in Salt Lake City. "If your password has been compromised on one site, chances are your accounts at other sites are in danger, too." 

This is why password reuse is such a big problem. Fortunately, you can nip it in the bud for good by using one of the best password managers to generate strong, complex and unique passwords for each of your online accounts. You can also follow these tips to create a secure password.

5. Reset your password if the intruder has changed it

Often, hackers will change your password once they have gotten control of your account, so it's not as simple as just going into your account settings and changing your password.

You'll have to reset your password by clicking the Forgot Your Password link underneath the Facebook login. You will need to provide information to identify yourself, such as the email address you used to register with Facebook, the phone number associated with your account, your Facebook username, or your name and the name of one of your Facebook friends. 

The last option may be best if you believe the person who hacked your account has changed any of your profile information.

6. Report your compromised account

If ads or spam are being sent from your hacked account, you must report it as compromised, which you can do at this link. After reporting, you will receive further instructions from Facebook to resolve the issue.

7. Check for malicious apps

Once you have control of your account again, go to the same Settings menu where you checked for suspicious logins or changed your password, and click on the Apps option in the left-hand menu. Go through the list and check for any apps you did not add yourself, and click the X next to them to remove them. It's worth noting that if you don't use an app for some time, it will expire automatically.

8. Secure your Facebook account

Getting your Facebook account hijacked is not the end of the world. Having it happen to you, though, can be a good reminder to make sure your account is as secure as it can be.

Facebook itself offers a number of security tips. You should use a unique password for Facebook, one that you do not use on any other sites; you should log out of Facebook when using a computer you share with other people; you should run the best antivirus software on your computer (or the best Mac antivirus software if your using an Apple computer); and you should be careful about the links you click on and the apps and files you download. You can also run a Security Checkup while logged in to your Facebook account.

Even if you have not been hacked, shoring up your Facebook security is a good idea. Since many Facebook account compromises are caused by external apps, consider limiting the number of apps you use in general, both on your computer and your smartphone.

Do not click on suspicious links or ads shared in your news feed, even when you trust the people who are doing the sharing — it's possible they themselves have been hacked. Always make sure your desktop web browsers and mobile operating systems are up to date. And be sure to sign out when you're done using Facebook for the day.

The same goes for other social networks. Twitter, Instagram, LinkedIn and others have all had user accounts compromised in various ways. As always, remain vigilant and be smart about what you do online, and you'll be just fine.

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

With contributions from