In today’s digital age, hacking has become a common issue. Many of us have experienced the frustration and panic that comes with losing control of our social media accounts.
But no need to worry—there’s always a remedy! In this guide, you’ll learn the steps to regain access to your hacked Facebook account and secure it against future attacks. Whether you’re a first-time victim or you’ve been hacked before, we’ve got you covered.
*Note: If this is an emergency and your account has just been taken over, jump over to this section to start the process of recovering your account ASAP.
Why do hackers hack Facebook accounts?
Access to your personal information
Typically, cybercriminals hack your Facebook account to access your personal information, which they use to steal your identity. A hacker who gains access to your Facebook account can potentially obtain the following information about you (if it’s stored on Facebook):
- Contact info: Names, email addresses, phone numbers and physical addresses of you and your friends.
- Financial info: Credit card numbers, bank account details and other sensitive financial information.
- Login credentials: Usernames and passwords for other online accounts.
- Personal info: Date of birth, gender, interests, hobbies and other personal details.
- Photos and videos: Personal images and videos that you’ve uploaded may reveal details about your life, relationships and activities.
We’ll tackle how to prevent your Facebook account from getting hacked at the end of this article.
But for now, be cautious about the information you share or store on Facebook.
Access to your friends’ personal information
In addition to your data, hackers can also get info about your friends. Here are some of the sneaky methods these cyber villains use:
- Contacts list: By accessing your contacts list, the hacker can view the stored personal details of your friends.
- Private messages: By accessing your Facebook messages, cybercriminals can view conversations between you and your friends, including personal or sensitive information.
- Friends’ profiles: By using your hacked Facebook account, the hacker can potentially access your friends’ profiles and view their personal information—such as posts, photos and videos.
- Apps and services: If you and your friends have connected Facebook to other apps or services, the hacker can potentially access this information.
Be mindful of whom you add and accept as a friend on Facebook—as well as the information you share on the platform—as this can potentially put your and your friends’ info at risk.
Sharing spam on Facebook
Cyber villains enjoy hacking Facebook accounts to spread spam.
Here’s a taste of the sneaky trickery they use:
- Phishing scams: Sending fraudulent messages or posts to your friends, tricking them into revealing personal or financial info (more on that below).
- Malware: Sharing links or files that contain malware, which can infect your friends’ computers or mobile devices.
- False information: Spreading false information, propaganda or misinformation to manipulate public opinion, potentially causing harm to individuals, groups or entire communities.
- Advertising scams: Promoting scams, such as pyramid schemes, chain letters, or investment opportunities, to your friends.
- Political propaganda: Spreading political propaganda or interfering with elections, potentially influencing the opinions or actions of your friends.
How do hackers access your Facebook account?
Hackers have technical superpowers and a mind that never stops solving puzzles, don’t be surprised by the many ways they can hack you, but be alert.
Here’s how they may do it:
Cybercriminals can use emails to hack into Facebook accounts through a process called phishing. Phishing scams are one of the most common scams to access accounts.
In a phishing scam, the hacker sends you an email that appears to be from a reputable source, such as Facebook, asking you to log into your account by clicking a link. The link, however, redirects to a fake login page that looks exactly like the real Facebook login page. The fake page then captures your user’s login credentials, which the hacker uses to gain access to the Facebook account.
Be vigilant when receiving emails that ask you to log into your Facebook account, especially if you didn’t expect to receive the email. Always check the sender’s email address and hover over links to verify that they lead to the legitimate Facebook website before entering any login information.
Reusing passwords can also put your accounts at risk—don’t feel bad, we’ve all done it! If you use the same password for many accounts, and someone gets a hold of it, they can use it to log into your Facebook account too.
It’s crucial to use a unique password for all your online accounts or use a password manager.
Hackers may infect your device with malware that steals your login credentials or records your keystrokes when you enter your password. To protect your device from malware, keep your software and operating system up-to-date and use anti-virus software.
Using social engineering, these tricky technicians con you into revealing your password or other sensitive information through a phone call, email or instant message.
Be cautious of unsolicited requests for personal info, and don’t reveal your password or other sensitive info to anyone.
Watch this video to see a real-life example of how social engineering works. It’s so good that we show it to our employees at IDShield on their onboarding!
Unsecured networks can also put your Facebook account at risk. If you log into Facebook on an unsecured network, such as a public Wi-Fi hotspot, a hacker on the same network may intercept your login credentials. Avoid logging into Facebook or entering sensitive information on unsecured networks.
Signs your Facebook has been hacked
If you’ve experienced any of the following signs, act immediately (but try not to panic!), as you may already be a victim.
Luckily for you, the next section is about what to do if it happens.
Unusual activity on your Facebook account may indicate that it’s been hacked. This could include:
- Unexpected changes to your password or account email.
- Friend requests from people you don’t know or haven’t interacted with lately.
- Changes to your profile info without your knowledge.
If your account has been inactive for a while and suddenly becomes active again, beware! This could also indicate hacking. Finally, if you can’t log in with your usual credentials, you may have been hacked.
Posts and messages you didn’t share
Suspicious posts or messages may also confirm a hacked account—unfamiliar posts on your timeline, messages you didn’t send or posts that contain spam or offensive language from people you don’t know.
If you have friends reporting messages from your account that you didn’t send, it most certainly has been hacked.
If you suspect a password from another account has been compromised, check out this article to check if a password has been hacked.
How to recover a hacked Facebook account
Report your hacked account to Facebook
From Facebook’s instructions, go to the Facebook Help Center and follow the steps to secure your account. The platform will ask you to change your password and review recent login activity.
When you change your password, use a unique, strong password that you haven’t used before. Then, review your recent activity and posts and remove anything that was added by the hacker.
Log out from unusual devices
If you suspect that your account has been hacked, we recommend you log out of all other devices to prevent the hacker from continuing to access your account. Here’s how:
- Go to Settings & Privacy.
- Click on Settings.
- Click on Security and Login.
- Under Where You’re Logged In, click on See More. You’ll see a list of all the devices that are currently logged into your account.
- Log out of any devices that you don’t recognize or no longer have access to.
After logging out, check your applications and remove any suspicious apps from your devices.
Recover your account if you can’t log in
If you don’t have access to your account anymore, there are two things you can do.
First, recover your account using the Find Your Account page:
- From a device that you have previously used to log in, go to the Find Your Account page at facebook.com/login/identify and follow the instructions.
- Search for the account you want to recover, you can search by name, phone number or email address.
- Follow the on-screen steps to reset the password for your account.
Second, you can recover your account from a friend’s or family member’s account.
- From a computer, go to your account’s profile (the one you want to recover).
- Click the three dots below the cover photo.
- Select Find support or report profile.
- Choose Something Else, then click Next.
- Click Recover this account and follow the steps.
Change other online accounts passwords
You must change your passwords for all your online accounts if your Facebook account has been hacked — especially if you use the same password for multiple accounts. If a hacker gains access to one of your accounts, they will be able to get into all of them, exposing your sensitive information.
Also, once a hacker has access to your Facebook account, they may be able to use it to gather info about your other online accounts, such as your email addresses, usernames and security questions. They can use this information to compromise the security of your other accounts, making it imperative to change the password for all your other online accounts.
Changing the password for all your online accounts is vital in maintaining the security of your online presence and protecting your personal information.
Let your Facebook friends know
To prevent your contacts from being affected, contact your family and friends to let them know your account was hacked. Remind them not to click on links or open suspicious messages from your account.
Finally, review your privacy settings and remove any information that you don’t want to be public.
Follow these steps ASAP to secure your account and prevent the hacker from causing further damage.
How to prevent your Facebook account from being hacked
Use a strong password
Use a unique and complex password that includes a combination of letters, numbers and symbols. Avoid using data that is easy to guess, such as your name or birthdate.
Do not recycle passwords, specifically the password you use for Facebook.
Enable two-factor authentication
You’ve heard this before, but it’s the best way to protect a Facebook account. When you enable two-factor authentication, a code is required to log in, in addition to your password. You can enable this feature in the Security and Login section in the Settings menu. This adds a second layer of protection to the account in case your password is ever compromised.
Additional tips to help prevent a hack
We asked our Cybersecurity Analyst at IDShield, Drew Higgins, to give us the best tips to help prevent your Facebook account from being hacked. Here’s his excellent advice:
- Be wary of suspicious links (see above).
- Enable unrecognized login alerts. When you enable unrecognized login alerts in your Facebook settings, you get alerts when someone tries logging in from a device or browser that Facebook doesn’t recognize. Here’s how to do this:
- Go to Security and Login Settings.
- Scroll down to Get alerts about unrecognized logins.
- Click Edit, then choose where you want to receive the alerts.
- Click Save changes.
- Be careful with public Wi-Fi. Public Wi-Fi networks are unsecured and vulnerable to hacking. Avoid logging into your Facebook account from them.
- Regularly check your account for shady activity.
Protect your personal information with IDShield
We know it’s discouraging to hear those rogues can steal your private data and reputation with just a few keystrokes and clicks. But unfortunately, this is the digital reality we live in.
Don’t leave your online data vulnerable to digital thieves! Arm yourself against cybercrimes and reputation hijacking with IDShield’s impressive privacy and reputation management services.
If you use easy-to-hack passwords, reuse them across sites, and save them to browsers, you are handing out the keys to your info to anyone online. Get multiple device protection and privacy for your digital life with our Password Manager service that:
- Helps block dangerous websites.
- Manages and encrypts passwords.
- Saves time.
- Identifies and converts your weak passwords into unique, tough-to-hack passwords.
- Gives you back control.
Access to Licensed Private Investigators
Receive direct access to consultation services provided by our Licensed Private Investigators. If you experience an identity theft incident, an assigned investigator will guide you through the restoration process step-by-step and give you tailored advice specific to your situation.
And there’s more! Our Licensed Private Investigators keep restoration cases open for 120 days to ensure you won’t be targeted again.
Often, it takes you a while to realize you’ve been targeted since you’re not tracking unusual activity on your social media accounts. Our Reputation Manager tool can help you recognize unusual activity as soon as it happens.
This tool scans your social media accounts for content that could damage your online reputation and provides tools for improving your accounts.
VPN Proxy One
Get convenient protection anywhere you connect online as part of your IDShield membership through encrypted communications provided by Trend Micro’s VPN Proxy One:
- Filters that block malicious websites, online fraud and internet scams.
- Full anonymity—no location or online activity tracking. Consider yourself a digital ghost.
- Safeguards when you connect to a risky Wi-Fi network (hotels, cafes, restaurants, etc.).
IDShield is a product of Pre-Paid Legal Services, Inc. d/b/a LegalShield (“LegalShield”). LegalShield provides access to identity theft protection and restoration services. IDShield plans are available at individual or family rates. For complete terms, coverage, and conditions, please see an identity theft plan. This is meant to provide general information and is not intended to provide legal or tax advice, render an opinion, or provide any specific recommendations.