Discovering that your Facebook account has been hacked can be alarming. It means someone else may have access to your personal messages, photos, your email account, or any platform you used Facebook SSO to log in to. For many, a Facebook account is more than just a social network. It’s a place where important memories and connections are stored, and losing them can be emotionally devastating. That’s why regaining control quickly is essential.
Contents:
How to know if your Facebook has been hacked
Not every login issue means your account has been compromised. Sometimes it’s a technical glitch, or you simply forgot your credentials. However, you can look out for clear warning signs of unauthorized access:
New posts, comments, stories, or messages you didn’t create appear on your activity feed.
Your account name, profile and cover photo, or personal details are changed without your approval.
Friend requests or private messages are sent in your name without your knowledge.
You have difficulty logging in, even if you enter the correct credentials.
Facebook sends you emails or notifications about password resets or security changes that you didn’t initiate.
If you’ve noticed such unusual activity and find yourself saying, “my Facebook account was hacked,” it’s time to act quickly. The longer the attackers have access, the harder it is to recover.
How to recover a hacked Facebook account
If your Facebook account is compromised, you might run into one of two scenarios:
You can still log in to your Facebook account.
You’ve been locked out completely, with your Facebook account hacked and the password changed.
Both situations are manageable if you follow the right steps and use official Facebook support resources.
Immediate actions to take if you still have access to Facebook
If you can still log in, act immediately. Hackers may already be trying to change settings or spread malicious content, so time matters. By securing your login access immediately, you significantly reduce the hacker’s control.
Change your password.
Use a strong, unique password that you haven’t used anywhere else — we recommend it be at least 15 characters long and contain a combination of random letters, numbers, and special symbols.
Check recent activity and log out of all devices.
To make sure criminals don’t override your access, review your login history and check for unfamiliar devices or suspicious activity. To log out everywhere, you need to:
Go to your account’s settings.
In the “Settings and privacy” tab, select “Accounts center.”
Open the “Password and security” section in the sidebar.
Click “Where you’re logged in” to see your full login activity.
Click “Select devices to log out.” You can choose to log out of specific devices or select all to log out everywhere.
Once you’ve logged out, use the new password to regain access to your account.
Review connected apps and devices.
Hackers sometimes exploit third-party apps to maintain access to your data even once you’ve logged them out of your actual Facebook account. Remove apps you don’t recognize. You can review connected apps in the Facebook settings:
Open settings and under the “Your activity and permissions tab,” select “Apps and websites.”
Review the list of connected services.
If you see an unfamiliar app, click “Remove” on the right side next to its name.
You will be asked to confirm this action. Select “Remove.”
Add multi-factor authentication.
Once you’ve reinstated your access to the account, make sure you add an extra security step to your account. To add multi-factor authentication to your Facebook account, you need to:
Open settings and select “Accounts Center”
Open the “Password and security tab” and select “Two-factor authentication.”
You may be prompted to enter a confirmation code or your password to proceed.
Select your preferred authentication method to add. We recommend using an authentication app as a safe option. NordPass’ built-in Authenticator generates one-time codes as a valid verification method for Facebook.
How to recover your Facebook account if you’re locked out
If you can’t log in at all, the situation is more urgent but not hopeless. Facebook usually alerts you by email when it detects a new suspicious login attempt or when your personal information is changed. Even if criminals try to change your email address to theirs, you will receive an alert in your inbox asking if you’ve requested this change. Open the email and click the “This wasn’t me” link to flag the change.
Hacks on Facebook are unfortunately pretty common, so the platform has created a built-in recovery system designed for this precise scenario. In fact, if you can’t log in to any Meta accounts at all — whether it be WhatsApp, Instagram, or Threads — the recovery steps work in a similar way.
Use the official Facebook hacked recovery process to get back in:
Visit Facebook’s official hacked account recovery tool.
Identify your account by entering your email address, phone number, or full name.
If the hacker updated your contact details, add new information so Facebook support can reach you.
Complete the identity verification steps. You may be required to upload an official ID.
Reset your password with the recovery link provided by Facebook.
Log back in securely and check your security settings.
Pro tip: Avoid third parties that promise to recover access to a hacked Facebook account faster — most of them are scams. Stick with Meta’s official process to ensure your data is securely restored.
If your phone number and email address haven’t been updated yet, you can use Facebook’s Find My Account feature to identify your account. Enter your email address or phone number, and Facebook will match the information to the account. Here, you can choose to get a verification code sent to you and trigger the recovery flow.
If the hacker was quick enough to change your phone number and email address, select “No longer have access to these?” on the Find My Account page. You can use a device you’ve logged in on Facebook with before to verify your identity:
Click “Recover” and choose your preferred method.
Enter the verification code you received using the recovery method.
You will see a QR code. Scan it with your phone.
Upload a selfie to verify your visual identity.
Once Facebook confirms that you match your profile, you will be able to regain access.
Keep in mind that if you no longer have access to a device you’ve previously used to access Facebook, the platform will not provide you any alternative way to log in as a safety measure.
What to do after you regain control
Recovery is only the beginning. It can take a while for you to get the email of relief stating your account has been restored, so don’t forget to keep an eye on the spam folder while you wait. As soon as you’re back in, it’s important to strengthen your account so the same issue doesn’t happen again.
Enable multi-factor authentication (MFA)
Multi-factor authentication (MFA) adds a reliable extra security layer to your accounts. Even if someone manages to steal your login details, they won’t be able to enter your account without the additional verification code.
By enabling MFA, you make your Facebook account far less appealing to hackers who rely on stolen credentials alone.
Secure your email
Your email is often the gateway to your Facebook profile. If attackers get into your inbox, they can request log in resets and take control of your social media again. Strengthen your email with a strong, unique password, and turn on MFA there as well.
Just as you would with Facebook, make a habit of reviewing your email’s recent activity log to spot suspicious logins.
Update your recovery information
Keeping your recovery details up to date is one of the simplest but most effective security steps. Make sure the phone number and email address linked to your Facebook account are correct and accessible. This ensures that if you’re ever locked out again, Facebook support can reach you quickly.
Outdated recovery info is one of the main reasons people struggle to recover Facebook accounts.
Notify your contacts
Hackers often use compromised accounts to spread scams or phishing links. After regaining control of it, inform your friends and family that your Facebook account was compromised and tell them not to click on suspicious links.
A quick status update or private message can stop attackers from tricking people in your network. It also reassures your contacts that the problem has been resolved and that your profile is secure.
How to protect your Facebook account from future hacks
Prevention is easier than recovery. Here’s how to reduce your risks.
Use a strong and unique password. Once you’ve set it on Facebook, don’t reuse it on any other account — not even ones that are also on Meta, like Instagram. In fact, reusing a password might just increase the likelihood that your data will be compromised in the future.
Set up a trusted device. Facebook lets you streamline the login steps by marking a device as trusted. Having your phone or laptop set as trusted will help you ensure your account is easily recoverable even if it’s under attack again.
Be cautious of phishing attempts. Hackers often impersonate Meta with fake links. Be mindful of unfamiliar requests to provide information — official Facebook channels will never ask you to reveal your password over an email.
Turn on login alerts. If Facebook detects a suspicious login attempt — or even a legitimate one if you’re logging in after a long while — it’ll send an instant alert to the website and mobile app.
Regularly check connected apps. If you use Facebook as a single sign-on (SSO) option, review the list of connected apps and websites routinely. Some services might get compromised without your knowledge, so keeping an eye on your connections will let you spot something fishy.
How NordPass can help you keep your Facebook account safe
If you ever need to recover your Facebook account access, the process is clear: Verify the signs of compromise first, then use Facebook support tools and secure your login credentials. Facebook knows that account theft is a real risk, and recovery measures are in place to help you as best as possible.
You shouldn’t relax your vigilance even once you’ve recovered from your Facebook attack. Long-term protection requires better login practices and secure storage for your credentials — and NordPass can help with both. Use NordPass to generate and save your new password as well as your one-time codes for authentication. If your Facebook login details ever end up in a breach, you’ll be the first to know thanks to Data Breach Scanner alerts. Whether you’re only on Facebook or have been tangled up in the Meta services ecosystem, keeping your accounts secure is easier with a reliable password manager.