Your Facebook Account Got Hacked: A Step-By-Step Recovery Plan

Last Updated on January 23, 2026 by George

Realizing your Facebook account has been hacked can feel deeply unsettling, especially when you spot posts you didn’t write or messages your friends say they received from “you.” It’s normal to feel panicked. The best thing you can do is move quickly, stay calm, and focus on the next steps.

A lot of seniors blame themselves or assume the damage can’t be undone, but in most cases, you can recover a hacked account if you follow a clear process. This guide lays out what to do as soon as you notice something is off, and how to lock things down so it’s much harder for it to happen again.

*you can recover a hacked account if you follow a clear process*

How To Tell If Your Facebook Account Has Actually Been Hacked

Facebook can act a little odd sometimes, and not every glitch means someone broke into your account. Still, there are a few signs that are hard to explain away. Spotting the difference matters because it helps you act fast without stressing over something harmless.

Posts or messages you didn’t send: You see timeline posts, comments, or DMs you never wrote. Your hacked posts might be asking friends for money or is promoting questionable links.
Friends say your account is messaging them: People reach out because they got weird messages “from you.” They might also got tagged in a spam or saw you sharing posts that don’t sound like you.
Your password suddenly doesn’t work: You can’t log in with the password you’ve always used. In addition, you might get a notice that your email or phone number was changed when you didn’t change it.
Login alerts show places or devices you don’t recognize: Facebook warns you about a login from a different city, country, or device. If you check your security settings, you might see active sessions that clearly aren’t yours.
Your friends get a new friend request from you: Someone may be using your hacked account to send requests. They might have also created a look-alike profile and are trying to trick people who know you.
Your profile photo or cover photo changes: You open Facebook and your picture or banner has been swapped out. It could be something random or unrelated that you never uploaded.
Pages or ads appear under your name: Your account was used to create a page, run ads, or promote a business you’ve never heard of. You may notice it in your activity log or ad settings.
You receive two-factor codes you didn’t ask for: Security codes show up by text or email when you aren’t trying to log in. That usually means someone else is attempting access and hitting the verification step.

How To Regain Access If You Can Still Log In

If you can still get into your Facebook account, that’s a good sign. It means you can lock things down before the person messing with it fully takes control. The goal is simple: kick them out, change what matters, and clean up whatever they did.

Change your Password Now

Go to Settings → Password and security and set a new password immediately. Use something you’ve never used on any other site. A short phrase is fine, just make it long, like four random words with a couple numbers. After you save it, don’t share it by message, even with someone claiming to be Facebook. Write it down somewhere safe.

Sign out of Unfamiliar Devices

Next, force a logout everywhere so the other person can’t quietly stay inside your account. In Password and Security, look for “Where you’re logged in” option. It will show you which devices the hacker is accessing your account from.

Log out all of these sessions, including your own for now. Your priority is to seize back control from the hackers.

Confirm your Email and Phone

A very important step is to clear out any contact details that is unfamiliar to you. Remove emails and numbers you do not control and save immediately. If you left this alone, hackers can get your account back if these contact details are left behind, since they can use it as a recovery method.

Make sure your numbers and email are still here. You will need this for 2FA when logging into your Facebook account across different devices you own.

Turn on 2FA

Two-factor authentication or 2FA adds a second lock that’s hard to bypass. Turn it on right after you change your password, not days later. An authenticator app is usually the safest option, but text codes are still better than nothing. Save your backup codes somewhere private so you aren’t stuck if you lose your phone. Also review trusted devices afterward.

Remove Suspicious Apps and Websites

Some account takeovers start with a connected app that asked for permission weeks or months ago. Go to your apps and websites list and remove anything you don’t recognize, don’t use, or don’t fully trust. If an app name looks random or misspelled, treat it as a red flag and disconnect it. If you’re unsure, remove it anyway.

When hackers takeover an account, they start connecting you with various accounts that requires permissions. These are often windows for criminals to use in taking your Facebook profile. Remove any apps or websites you do not recognize or use.

Clean Up Your Profile

Do a quick cleanup so the damage doesn’t spread. Delete posts you didn’t make, remove strange comments, and check your sent messages for anything you didn’t write. Look at your friends list for new names you don’t know and remove them. Cancel friend requests you didn’t send, then block any obvious spam accounts. Check your profile photo too.

*Some account takeovers start with a connected app that asked for permission weeks or months ago.*

Warn Friends

Let people know, briefly, so they don’t click anything harmful. A short post or message works: “My account was hacked, please ignore recent links.” After that, secure the device you use for Facebook. Update your phone or computer, run a security scan if you can, and avoid logging in through links in emails or messages. Use the official app or site.

What To Do If You Are Completely Locked Out

Being locked out is stressful, but you still have options. Focus on official recovery steps, protect your email, and limit the damage while you work to regain control today safely.

Start With Facebook’s Hacked Account Page

Start with Facebook’s official recovery flow because it’s designed for takeovers like this. Use a browser you trust and search for “Facebook hacked account,” then open the Meta help page and follow the prompts.

Don’t click random links from comments, texts, or “support” messages. If you’re unsure, back out and try again. The safest path is the one that keeps you inside Facebook or Meta pages the whole time.

Try Account Recovery With Your Email Or Phone

On the login screen, tap “Forgot password?” and try the email address or phone number you used for Facebook. If your contact details are still attached, Facebook will send a code or a reset link.

Check your spam or junk folder and use the newest message. Older codes often expire. If Facebook shows multiple profiles, slow down and pick the correct one before continuing so you don’t waste attempts.

Check If Your Email Account Was Also Compromised

If reset emails never arrive, your email account might be the problem. Log into your email and check your inbox, spam, and trash for Facebook messages.

Next, review settings that can hide messages, like filters, rules, or forwarding. If you see unfamiliar sign-ins or strange sent mail, change your email password immediately. Turn on two-factor authentication for email before trying Facebook recovery again.

Look For “Email Or Phone Changed” Alerts

Facebook often emails you when someone changes your password, email, or phone number. Search your inbox for “security alert,” “email changed,” or “phone number changed.”

If you find one, open it and look for the option that says you didn’t make the change. That link can sometimes undo the hacker’s update. Act fast because these links can expire. Also watch for fake lookalike emails that copy Facebook’s style.

Use A Device You’ve Logged In On Before

Recovery works better when Facebook recognizes the device. Try the phone, tablet, or computer you normally use, on your usual home Wi-Fi if you can.

Open the Facebook app if it’s already installed because it may offer extra recovery prompts. Avoid switching devices repeatedly because too many attempts can trigger temporary blocks. If you hit a “try again later” message, retry later on the same device.

If there’s a duplicate profile pretending to be you, have friends report it as impersonation too.

Ask A Trusted Friend To Report Your Account

While you’re working on access, reduce the risk to other people. Ask a trusted friend to visit your profile, tap the three dots, and report the account as hacked or compromised.

If there’s a duplicate profile pretending to be you, have friends report it as impersonation too. Reporting doesn’t always restore your login right away, but it can slow down spam posts and scam messages and create a record that something is wrong.

Watch Out For Recovery Scams And Fake “Support”

Scammers target people who are locked out. Stress and anxiety often make seniors susceptible to more scams. You might get Facebook support messages asking you for remote access to your computer. Some will even ask you for Walmart gift cards before they can even help you.

Ignore messages that will help you recover your account. Facebook support will not know your account has been hacked automatically unless you contact them. These messages are likely from the same criminal group that has stolen your account and is looking to steal money or more information from you.

Conclusion

If your Facebook account gets hacked, the goal isn’t to be take revenge on the hacker. Its to quickly take back control of your profile. Lock your email with a new password and incorporate 2FA into it. Follow Facebook’s recovery steps if you are locked out. You will always have the help of Meta’s support team if you still can’t take back your account.

FAQ: Hacked Facebook Account

How Long Does Facebook Account Recovery Usually Take?

It varies. Some people regain access in minutes if their email and phone number are still attached and working. If contact details were changed, recovery can take longer, especially if Facebook asks for extra verification. If you’re stuck, keep using the same device and method instead of retrying dozens of times.

Should I Tell My Friends And Family If I Was Hacked?

Yes, especially if messages were sent from your account. A short warning helps protect other people from clicking the same scam link or sending money to the hacker. If you asked friends to report your account, let them know once you’re back in so they stop reporting and can re-check anything suspicious.

What If The Hacker Turned On Two-Factor Authentication?

This happens, and it’s frustrating. Start recovery using Facebook’s official hacked-account flow and look for options like “no longer have access to these.” If you’re asked for a code you can’t receive, Facebook may offer identity checks or other verification steps. Keep screenshots of any error messages you see.

Can A Hacker Steal Money Through My Facebook Account?

They usually can’t take money directly unless you have a payment method connected for ads, Meta Pay, or Marketplace-related purchases. Check your payment settings and remove any cards you don’t need saved. Also review Ad Accounts or Meta Business settings if you ever ran ads, since that’s one place where charges can show up.

What’s The Best Way To Prevent This From Happening Again?

Use a unique password for Facebook, turn on two-factor authentication, and secure your email with its own strong password and 2FA. Be careful with login links in messages, even if they look official. Also remove old apps and websites connected to Facebook, since those permissions can be an easy back door.