Article Hero
How-To7 minutes read
June 1, 2022
  • telegram
  • facebook
  • twitter
  • github

How to Recover a Hacked Facebook Account

If you're one of the nearly three billion active users of Facebook, there's always a risk of your account being hacked. If you're here, perhaps this has happened to you already, or maybe you're just after some information. We'll walk you through the steps to recover a hacked Facebook account below, along with some other useful tips to protect your account.


Why Was My Facebook Hacked

Hacking has been around since the early days of computing, and these days, a hacker is just as likely to be a bot program sweeping through a mass of accounts. Motivations can vary; perhaps a malicious person simply gets a kick out of stealing and defacing accounts or wishes to harm the owner's reputation with fraudulent posts.

More often, hackers are after personal information which can be sold or used for identity theft. In the case of Facebook and other social media sites, a hacked account can be an inroad to everyone connected to the compromised person's account, sending messages under the guise of the account owner to trick friends into giving away information or clicking on phishing links.

The password associated with your Facebook account may be the most valuable piece of information gained by a hacker, as many of us--despite knowing it's not a good idea--use the same password for multiple accounts. Between stealing your password and knowing your email, a hacker might have a field day with your stolen info. Facebook also serves as a connection platform for other websites, and if you've used it as a means of authentication anywhere, a hacker gains access to those accounts too. Worst of all, if you've connected a credit card to your Facebook account or any account which you've used a Facebook login for, that information can be stolen through a hacked Facebook account.

How Can a Facebook Account be Hacked

Hackers have a lot of tools in their toolbox, and breaking into a Facebook account is nothing special. With a myriad of scripts and tools at a hacker's disposal, brute-forcing passwords might happen on any given site. Using complex passwords helps against these, but there's always a chance of a hacker getting lucky on your account.

Phishing sites pose a common threat: be wary of suspicious emails containing links asking you to log in to your Facebook account, or of any unfamiliar website that asks you to do so. If you have any doubts about a site's validity--or even if you're fairly confident--it's a good idea to mouse over and check the address bar for a padlock symbol and either the "https://" prefix. Also, check the spelling of the website domain--phishing sites impersonating real sites will often use domains with tiny changes that are hard to notice at a glance. This may not be proof positive of legitimacy, however, and it's a good idea to scan the site carefully to assess if it's official before entering any information. Misspellings or grainy images are likely red flags of a fake site. Some browser extensions can also help protect you from phishing sites, and like most cyber warfare, it's an ongoing game between those who want to steal your information and those who try to help protect it.

Another common technique for stealing account information is through malware such as keyloggers. If your device has been infected by a keylogger, you have larger problems than just your Facebook account. As always, be wary of what you download, and it's a good idea to maintain robust anti-virus software. There's no easy way to tell if a keylogger has stolen your information of course, so if your account is compromised and you're unsure how, a fresh sweep of your devices should form part of your recovery process.

Databases are an increasingly desirable target for hackers, particularly those who look for personal information to steal. Breaches of any large database might reveal a common password or email, and of course, Facebook itself experienced a recent database breach that exposed user information.

Lastly, impersonation of friends, co-workers, or official Facebook personnel might be another tactic for hackers, especially if someone you know had their Facebook hacked. The best practice is to never give an account password away to anyone online via text--if you need to give a password to someone you know for any reason, it's best to do so in person or over voice where you can confirm the other party's identity for certain. Facebook personnel will never ask for your password via email or Facebook messaging, so take any communication you receive claiming to be from Facebook with due caution.

How to Know if Your Facebook Account was Hacked

Unfortunately, most hackers won't have the courtesy to message you and let you know that they've gained access to your account. If you don't use your Facebook account frequently, it may not be readily apparent that your account has been hacked. One of the most obvious indicators is if your account password is changed, locking you out. Usually, you will be notified by email from Facebook if this happens, though depending on your spam filters, it's possible you might not receive the message. Even if you don't use your Facebook account often, it's a good idea to log in periodically to check, as the site makes it a popular target for hackers.

Beware if you do happen to receive a message stating your password has been changed, however, as this is another common phishing scam. Such emails typically contain a link to secure your account in the event of a breach, and sneaky hackers use fake versions of these official emails to obtain login data under the guise of protecting your account from a hack. If you received an email like this, check the sending address carefully and compare it to prior emails you've received from Facebook. Also, look at the spelling of the email's text and hover over the link in the email to see the URL. If anything looks suspicious, do not click the link under any circumstances. The best practice is to attempt a manual login via your web browser to confirm if your password was changed without your knowledge. If the email proves false, report it as spam and move on.

Some hackers may not bother to change your account password, making their activities harder to detect. Facebook has built-in tools to alert users to suspicious activity, but they need to be enabled. On your Facebook page, head to the top right and click the down-facing arrow. From there, click Settings and Privacy> Settings> Security and Login, and scroll down to 'Setting up Extra Security'. Click 'Edit', and you can set up email or text alerts for logins from unrecognized browsers or devices. We'd recommend turning this on, as this will alert you to account breaches.

From the same Security and Login page, you can view your active Facebook logins (second drop-down heading from the top of the page). This is another way you can detect unauthorized activity, and by clicking the three dots next to any given instance, you can log out of the device and report the activity as not your own. If you don't recognize an instance of a particular location or device, your account may be compromised.

Another indicator that your Facebook is hacked could be suspicious posts or shares appearing on your timeline, or friend requests sent to people you don't know. Similarly, your friends may alert you to bogus messages coming from your account. Changing your account's personal information is another hacking strategy, particularly your email and phone number. Thankfully, Facebook has instigated a measure against this by emailing the previously associated email if the Facebook email on record is changed, so this can be a tool to help you recover your account. Just be wary of phishing attempts if you receive such an email from Facebook. If you notice a change in any of your Facebook information, take steps to secure your account right away.

How to Recover a Hacked Facebook Account

Naturally, Facebook wants to protect its users against unauthorized account access. If your Facebook account was hacked--or if you suspect it might have been--start by visiting Facebook's help page for hacked accounts. This can be accessed even if you are unable to log in to your account, though the steps will differ slightly. In either event, follow the prompts provided to begin the process of recovering and re-securing your account. Facebook may require you to provide photo identification to prove your identity during this process. So long as you are doing this through the page linked above, this is a safe step to take. Ideally, Facebook will be able to restore your access and lockout the intruder.

Of course, the process doesn't end with simply regaining access. You'll need to change your password right away, ideally to something secure that you don't use for anything else. Then, you'll need to change the password of any account that uses the same password you previously used for Facebook. If you've used Facebook to log in to any other sites, disconnect them and change those passwords also. It's best to assume a hacker gained access, especially as it can be difficult to say how long your account was compromised, so if those sites have tools to check for your login activity, review it and verify.

Unfortunately, this could also provide the credit card information to a hacker, so for safety, it's best to check any associated cards for unauthorized activity and report any such transactions to the card company. Regardless of there are any fraudulent transactions, you're best off reporting the card as compromised to protect yourself. Similarly, if you've used a credit card to make any purchases on Facebook, or if you have a Facebook advertising account, these could also fall into a hacker's hands.

Another method to recover your account might be through third-party identity protection or an anti-hacking company. While these services can be costly, such companies may be more effective than attempting to do so yourself, and many have a money-back guarantee if they are unable to restore your stolen account. If your hacked Facebook compromised a large number of accounts and personal data, this might be a route to investigate.

Ways to Protect Your Facebook Account

Of course, the best means how to recover a hacked Facebook account is through prevention! Start by having a strong, unique password. Using a password generator or third-party password manager can help with this, though there's always a degree of risk to compiling all your passwords in one place. Second, add two-factor authentication to your account via Facebook's Security and Login settings page, ideally with an authenticator app rather than SMS. You'll find this setting fourth from the top, and simply click the 'Edit' button to set it up. You'll need your cell phone handy, and make sure to save the recovery codes securely.

As discussed above, be on alert for phishing attempts, and any unexpected email claiming to be from Facebook (or any other service you use for that matter). Also beware of friend requests from unknown persons, as they may be scammers or hackers looking to siphon your information. Additionally, be careful what information you share online, as some hackers may simply be interested in what personal data they can mine from you. Giving away the answer to an account security question in an online quiz might compromise your data, as just one example. Setting your Facebook account to private visibility is another good step to take to help protect yourself.

If you log into Facebook from any public computer, make sure to use an incognito session and log out once you're finished. Public wifi might also pose a risk to your account, as these networks are rarely secure.

Like all internet activity, be careful of what files you download and the software you install. Keeping robust anti-malware software on duty will help protect you against keyloggers or other malware that might steal your data.

In the end, it's difficult to be completely secure while using popular social media sites like Facebook. If you choose to do so, exercising a bit of caution will go a long way toward protecting your personal information. Be safe out there!

Will R
Hoody Editorial Team

Will is a former Silicon Valley sysadmin and award-winning non-functional tester. After 20+ years in tech, he decided to share his experience with the world as a writer. His recent work involves documenting government hacking methods while probing the current state of privacy and security on the Internet.

Latest


Blog
Timer7 minutes read

How the Government Hacks You, Final Chapter: IoT Hacks

Chapter 14: IoT Hacks

Will R
6 months ago
Blog
Timer9 minutes read

How the Government Hacks You, Chapter 13: GPS Tracking

Dive into the unsettling world of government-controlled GPS tracking!

Will R
6 months ago
Blog
Timer7 minutes read

How the Government Hacks You, Chapter 12: Garbage Day

Trash Talk: How your garbage can be exploited by hackers, law enforcement, and government agencies

Will R
7 months ago
Blog
Timer8 minutes read

How the Government Hacks You, Chapter 11: Resonance Attacks

It’s time to uncover how government surveillance gets personal.

Will R
7 months ago

Bulletproof privacy in one click

Discover the world's #1 privacy solution

  • Chrome Icon
  • Brave Icon
  • Edge Icon
  • Chromium Icon
  • Coming soon

    Firefox Icon
  • Coming soon

    Safari Icon
  • Coming soon

    Opera Icon

No name, no email, no credit card required

Create Key