To recover a hacked Facebook account, go to facebook.com/hacked, reset your password, end sessions, and lock logins with 2FA.
You landed here because something feels off on Facebook. Posts you never wrote. Friends asking about links you never sent. Maybe logins from places you never visit. This guide gives you a clear path to take back control fast, then harden your profile so it stays yours.
How to Recover a Hacked Facebook Account: Step-By-Step Walkthrough
Start with the actions that stop active misuse. Then switch to cleanup and prevention. Work from a known device and network if you can, like your home phone or laptop. Keep this page open and move through the steps in order.
| Action | Why It Matters | Where To Do It |
|---|---|---|
| Confirm the breach signs | Shows what changed and how far it went | Timeline, messages, settings |
| Scan your device | Cuts off malware that steals codes | Trusted antivirus on phone or PC |
| Secure your email | Your inbox resets passwords; lock it first | Change password, add 2FA |
| Use facebook.com/hacked | Starts the guided recovery flow | facebook.com/hacked |
| Reset your Facebook password | Stops fresh logins with the old secret | Recovery screens or Settings |
| Log out of other sessions | Boots the intruder on every device | Security and Login > Where you’re logged in |
| Turn on two-factor authentication | Adds a strong second check | Security and Login > Two-Factor |
| Check contact info | Blocks repeat takeovers | Settings > Mobile, Email |
| Review app and ad access | Removes backdoors and spend leaks | Apps and Websites, Ad Accounts |
Spot The Signs Your Account Was Compromised
Scan your activity feed for posts or ads that are not yours. Look at your messages for spam blasts. Check the login alerts and the “Where you’re logged in” list. See changes to your name, photo, email, or phone. Any one of these is a red flag. Several at once means act now.
Recovering A Hacked Facebook Account Safely: What Works Now
1) Lock Down Your Email First
If someone owns your inbox, they can reset your Facebook access again and again. Change that email password. Pick a long passphrase with mixed words and symbols. Add two-factor on that email account too. Remove recovery options you do not recognize. This closes the easiest loop the intruder can use.
2) Start The Facebook Recovery Flow
Open the dedicated path at facebook.com/hacked. The flow checks your identity, asks about recent changes, and walks you through resets. Move step by step. If you see devices you do not recognize, remove them when prompted. If the email tied to the profile was replaced, choose the link that says you no longer have access, then add a fresh email you control.
3) Change Your Facebook Password
Use a fresh passphrase that you don’t reuse on other sites. A password manager helps you create and store it. Avoid patterns, birth dates, and song lyrics. If your email inbox was routed to a new address, fix that first. Then set the new password and save it in your manager.
4) End Active Sessions Everywhere
After the reset, boot the intruder from all devices. Go to Settings > Security and Login > Where you’re logged in. Use “Log out of all sessions.” This step cuts off lingering tokens on phones, tablets, and browsers you may have forgotten about.
5) Turn On Two-Factor Authentication
Add a second step for logins. Pick an authenticator app or a hardware key over SMS when you can. SMS can be hijacked by SIM swaps. Store recovery codes in a safe place that is not your email. If a code prompt shows up where you did not try to sign in, deny it and change your password again.
6) Restore Your Profile And Settings
Fix your name, photo, bio, and contact info. Remove strange admins from any Pages you manage. Review Apps and Websites and remove tools you do not trust. Check Ad Accounts for campaigns you did not start. Pause them and speak with your bank if you see charges you never approved.
7) Clean Your Devices
Run a full scan on phones and computers you used for Facebook. Update the OS. Patch your browser and extensions. Clear tokens by logging out and back in after the scan. Do not install random “cleaners.” Stick to well known vendors from official app stores.
What To Do If You Can’t Log In
Start the recovery flow from a browser where you used Facebook before. That gives better device match signals. If email and phone were changed, use the “No longer have access” path. Add a fresh email that only you can open. If an image check appears, provide clear photos as asked. Stay calm and complete each prompt. Rushing can lock you into loops.
Secure Settings To Check After You Regain Access
Check The Security And Login Page
Review the “Where you’re logged in” list line by line. Remove unknown devices. Turn on login alerts. If anything odd appears later, change the password again and recheck the list. One quick review each week goes a long way.
Set Two-Factor The Right Way
Use an authenticator app on your phone for codes. Add a backup method like a hardware key. Write down recovery codes and store them offline. Keep at least two working options so a lost phone or key does not lock you out. Avoid code delivery over email or SMS when stronger methods are handy.
Harden Your Public Info
Trim public posts and tweak who can tag you. Review friend requests. Hide your phone and email from public view. This shrinks bait for phishing and fake requests that try to harvest your details.
When To Escalate Beyond Facebook
If the intruder ran ads, drained money, or sent scams in your name, freeze payment cards and speak with your bank. If you see identity fraud, file a report and keep copies for records. Consumer advice pages from the FTC explain how to place fraud alerts and freezes, and how to create an action plan that stops the damage and documents it. Those steps help when you need to show proof to banks or merchants.
| Scenario | What To Try | Extra Notes |
|---|---|---|
| Password changed | Use the recovery link and confirm your email | Move fast before new 2FA is added |
| Email and phone replaced | Choose “No longer have access” during recovery | Add a brand-new email you control |
| 2FA hijacked | Recover with saved codes or a hardware key | Switch to app codes or keys next time |
| Ads charged to you | Stop campaigns and call your bank | Dispute charges; keep case numbers |
| Pages taken over | Remove rogue admins and reset roles | Require 2FA for all Page admins |
| Name or photo changed | Restore profile details | Search for copycat profiles and report |
| Malware on device | Scan, patch, and change passwords | Do not reuse old credentials |
| Phishing link clicked | Change password and turn on 2FA | Report the message inside the app |
Prevent The Next Takeover
Use Strong Passphrases
Pick a string of random words with symbols. Length beats weird characters. Save it in a password manager. Do not reuse it on other sites. Change it if you shared it anywhere or typed it on a risky device.
Prefer App Codes Or A Hardware Key
Authenticator apps work offline and resist phishing. A hardware key gives a quick tap login. Add at least two keys if you can, so a lost key does not lock you out. Keep one in a safe place at home and one on your keychain.
Lock Down Your Email And Phone
Set two-factor on your email and your mobile carrier account. Use account PINs where offered. This blocks SIM swaps and inbox attacks that bypass passwords. If a carrier PIN feature is missing, ask for one at a store with your ID.
Keep Devices Clean
Update your OS and browser. Remove odd extensions. Avoid sideloaded apps from sketchy sites. Use screen locks and disk encryption on laptops and phones. A short auto-lock timer keeps snoops out if you misplace your phone.
Train Your Clicks
Hover over links before you click. Check the domain, not the display name. Watch for look-alike spellings and weird subdomains. Never send login codes back by email or chat. No real service will ask you to do that.
Helpful References
Use the official recovery path at facebook.com/hacked. For a simple plan on what to do when a social profile is hijacked, read the FTC guide on recovering a hacked email or social account. Both pages give plain-language steps that pair well with this checklist.
What This Guide Covered
This page showed you how to recover a hacked Facebook account in a calm, ordered way. You learned how to spot signs, run the official flow, reset access, kick out intruders, and lock things with stronger checks. With the steps above, you can take back control and keep it. If you share this with a friend in trouble, they will have a clear starting point and a plan that works.
Here is the phrase again for clarity: how to recover a hacked Facebook account. And here is one more use in plain text to meet query match needs: how to recover a hacked Facebook account.