Updated on 6/29/2023 with current instructions
If you've seen unusual activity on your Facebook account, your account may have been compromised. Either hackers have gotten into your account to access your personal information, or scammers have cloned your account, using your profile photo and other public information, to prey on your friends and family.
With hacking, someone has gotten into your account, often by stealing your Facebook password or your email password. For instance, the "IS THIS YOU?" video scam tricks Facebook users into clicking a link to view a video, but then takes them to a fake Facebook login page to steal their account credentials. Once hackers have access to your account, they can view all of your information and even lock you out of your own account.
Find out if your Facebook account has been hacked
There are lots of signs that your account may be compromised. Here are red flags to watch for:
- You can't log into your account.
- You get an email with instructions on how to reset your Facebook password when you didn't try to reset your password.
- You get an email saying someone logged into your account when you haven't logged into your account.
- You see posts you didn't make, messages you didn't write, friend requests you didn't send, or profile changes you didn't make.
If you don't these warning signs, your account have likely been cloned. Read our story on What is Facebook Account Cloning & What Can You do about It.
How to revoke access to your Facebook account
On your computer:
- Go directly to your Meta Accounts Center Password and security page.
- Select "Where you're logged in."
On your phone:
- Open the Facebook app.
- Select "Menu" (your profile photo in the lower right).
- Select the cog icon in the upper right.
- Select "Password and security" in the Meta Accounts Center box at the top.
- Select "Password and security."
- Select "Where you're logged in."
The "Where You're Logged In" section of the page will list every device you've logged on to Facebook with, as well as their locations. If you see a device or location you don't recognize, it's a good sign someone else has access to your account. You can kick them out immediately by clicking on "Select devices to log out." Click on the circle next to any logins you don't recognize and then click the "Log out" button.
Secure your Facebook account from hackers
While locking a potential hacker out of your account throws them offline immediately, they may be able to log right back in. To keep them out, you need to take a few more steps to secure your account.
If you aren't already there, start by going to your Meta Accounts Center Password and security page as outlined above.
1. Change your password
Select "Change password," then enter your current password and a new, unique password. Having a password you don't use on any other site will ensure that no one can get into your Facebook account if your password was stolen from another site.
2. Turn on two-factor authentication
Select "Two-factor authentication" and then click on your account. Select the type of two-factor authentication you'd like to use – an authentication app, a text message, or a security key. You'll have to enter a code (or use your key) as well as your password to log on when you use a new device or browser. This means even if a hacker gets your password, they can't get into your account. After you enable two-factor authentication, make note of your Recovery codes, which will let you into your account if you lose access to your authentication app, phone or security key. You can find them by selecting "Additional methods" and then "Recovery codes" from the two-factor authentication page.
3. Set up alerts for unrecognized logins
In the "Security check section, select "Login alerts," then select whether you'd like to be notified by email or in-app notification. This way you'll get an email if anyone logs into your account other than you.
Once you've done that, it's a good time to review the security on your email account – because if a hacker has access to email associated with your Facebook account, they may be able to get back in. We recommend changing your email password and setting up two-factor authentication.
With these changes, any hackers should be locked out of your Facebook account – and you've made it harder for them to get back in. And while you're at it, take the time to review our suggestions on how to manage your Facebook Privacy settings.
Recover your Facebook account from hackers
If a hacker has access to your Facebook account, you can run into a snag: they may have changed the password so you can't access it. If you're trying to log on to Facebook and find your password doesn't work, you should see a "Forgot Password?" option. Facebook will be able to send an email to any of the email addresses associated with your Facebook account or a text to your phone. From there, follow Facebook's instructions.
Once you have your account back, you should follow the instructions above to add extra security to protect yourself from hackers in the future. Or if you're fed up, here's how to delete your Facebook account permanently.
[Image credit: Screenshots via Techlicious, image of laptop on wooden table via Smartmockups]