How To Recover a Hacked Facebook Account Step by Step

Internet Security

How To Recover a Hacked Facebook Account Step by Step

If you suspect a hack but can still sign in to your account, that may be the best-case scenario. That said, navigating the recovery process can be confusing.

December 20, 2023

By

J.R. Tietsort Reviewed by Jory MacKay

Here’s How To Tell If Your Facebook Account Was Hacked

• You’re unable to sign in to your Facebook account.
• You receive a “password reset” email that you didn’t request.
• Your friends and followers tell you that they’re getting suspicious direct messages (DMs) from your Facebook Messenger account that look like phishing scams.
• You notice changes to your Facebook profile information (such as your name, birthday, address, etc.).
• You're suddenly being targeted with more sophisticated Facebook scams.
• There are posts or comments on your Facebook page that you never made.
• People you don’t know receive friend requests from you.
• You find Facebook login sessions you don’t recognize in your “Where You’re Logged In” settings.

The unsettling truth is that it’s easier than ever for scammers to take control of your Facebook account.

In April 2023, a Vietnamese threat actor exploited Facebook's Ads service, resulting in around half a million users being infected with information-stealing malware [*].

Malware like this don’t just put your social media accounts at risk, but also your identity and finances.

What To Do If You Still Have Access To Your Facebook Account

If you suspect a hack but can still sign in to your account, consider yourself lucky.

This is the best-case scenario when it comes to compromised accounts. That said, navigating the recovery process can be confusing.

Step 1: Change your password

Start by locking out hackers with a new password:

• On an iOS or Android device: Tap on the Menu icon in the bottom right corner of your screen in the Facebook app (right next to Notifications). Then, select Settings & privacy, and then Password and security in the menu that follows. Under the header marked Login, select Change password and follow the directions to create a Facebook password.
• From your web browser: Log in to your account at Facebook.com and then click on your profile photo in the upper right-hand corner of the screen. Then, select Settings & Privacy, then Settings, then Security and Login. Scroll down to the Login section to change your password.

Step 2: Check where you’re logged in

Now, it’s time to see if hackers still have access to your account.

In the same security features menu that you just used to change your password, you’ll be able to view all of the locations where your Facebook account is being accessed.

Navigate back to Password and Security (or Security and Login on desktop). Just above the Change password option, you’ll see a section that says Where you’re logged in. This menu will show all the locations and devices that are logged in to your account.

If you’re using a mobile device, tap on any suspicious logins and select “Secure Account.” You’ll be prompted through a few more steps that will help you protect your account.

If you see multiple unauthorized logins, it’s a cybersecurity best practice to log out of all sessions at once.

Step 3: Report the incident to Facebook

Finally, you’ll want to let Facebook know about the incident.

Go back into your Settings & Privacy menu, and navigate to Password and security. Scroll all the way down to the Get help section, and select If you think your account was hacked. Follow the prompts to complete the reporting process.

How To Recover a Hacked Facebook Account That You’ve Been Locked Out Of

If you’re unable to get into your Facebook account, hackers may have already changed your account’s email or phone number.

At this point, you’re essentially locked out and it will be much more cumbersome to recover your account.

Even though Facebook’s official account recovery process is readily available online, many victims of aggressive Facebook account hackers have a hard time getting their accounts back.

This is because account recovery protocols are exactly what hackers use to take over Facebook (and other online accounts) to begin with.

As a result, companies like Meta (Facebook’s parent company) are forced to make the process long, arduous, and (sometimes) unsuccessful.

If you’ve lost control of your Facebook account, these are the most effective steps you can take to get it back:

Step 1: Open Facebook on all of your devices

If you’re usually logged in to Facebook on multiple devices, open your Facebook app or webpage on all of your devices and see if any of them are still logged in.

If the hacker forgot to log you out of each one, you might be in luck. See if any of your devices still open your Facebook page without logging you out first. If not, it’s time to get on with the account recovery process.

Step 2: Find your account

First, make sure to start the process on a computer or mobile device that you typically use to access your Facebook account.

If you’re unable to log in to your account to change your password, visit facebook.com/login/identify. The page will prompt you to enter the email address or phone number that you used to create your account.

Facebook will ask you to submit the original email address or phone number that you used to sign up for your account. Source: Aura Team

You can also enter your name or your Facebook profile URL into the search function if the search isn’t successful using your email address and phone number.

Once you click on Search, the following page will show a list of Facebook accounts that match your search in some way. If you see your account, you can select it to begin the password reset process.

Step 3: Change the email address connected to your Facebook account

If the system is able to locate your account, it will ask to send a verification code to the address or phone number currently associated with the account. If the account or phone number listed do not belong to you, select No longer have access to these, and Cannot access my email.

In most cases, Facebook will then start the process of changing the email address associated with your account.

If this still doesn’t happen, there are a few more steps you can take:

• Visit facebook.com/hacked and select My account is compromised. The page will ask you to enter your account’s current password, or a previous one that you used in the past. Once you enter your password, select Secure my account, and then, I cannot access these.

• If the above steps don’t allow you to change your account’s email address, try using your mobile device. Log in using the Facebook app, select Forgot password, and choose the prompts indicating that you can’t access the account’s current phone number and email address.

Facebook will ask for a current or previous password in order to start securing your account. Source: ExpertReviews

If you get far enough, you’ll fill out a form requesting a change to your account’s primary address, and submit a photo of your ID to Facebook support.

From there, you’ll get an email to your account’s new address with a link to reset your password.

Step 4: Set up a recovery email address

Once you finally gain access to your account, go straight into your Settings & Privacy menu. Choose Settings, then General.

From there, you can edit and delete any contact information associated with your account and remove any details that you don’t recognize as your own.

Update your contact information to a secure email or phone number. Source: Trusted Reviews

Step 5: Clean up Facebook security settings

Your next stop is the Security and Login menu. Download an authenticator app on your mobile device and use it to set up two-factor authentication (2FA) for your Facebook account.

Next, visit General and remove the hacker’s phone number, email address, and any other unfamiliar contact information.

Review the devices and locations listed under Where you’re logged in, and make sure everything looks accurate.

Finally, visit the Setting up extra security section and sign up for alerts that notify you whenever Facebook detects a sign-in on an unusual web browser or unrecognized device.

Social Media Safety

RAINN

What you choose to share on social media is always your decision, but what others choose to do with your information may not always be in your control. Consider taking the following personal safety precautions with these social media safety tips.

• Know how to report, block, and filter content. Read RAINN's tips on how to filter which users or content you see, report harmful comments or content, and bloack those who are attempting to use technology to hurt others. 
• Personalize your privacy settings. Adjust your privacy settings on the site to your comfort level, and select options that limit who can view your information. Think about non-traditional social media as well, such as your public transactions on Venmo or music activity on Spotify. These site-specific security pages can help you get started.
  • Twitter
  • Instagram
  • Facebook
  • Pinterest
  • Snapchat
  • Tumblr
  • LinkedIn
  • Spotify
  • Venmo
• Pause before you post. Before you post, ask yourself if you are comfortable sharing this information with everyone who might see it. Content that contains personal information or your whereabouts could pose a safety risk. Even content that is deleted can sometimes be accessed by the website or through screenshots of the original post and could be used maliciously.
• Turn off geolocation. Many social media sites or apps will request to access your location, but in most cases this isn’t necessary. You can still get the most out of your social media experience without sharing where you are while you’re there. If sharing where you are is important to you, consider waiting to tag the location until you leave. In addition to this, some sites may automatically make geotagged information public. When you “check in” on Facebook, update your Instagram story, or add a geotag to a Snapchat, these sites may share your exact location with people you may or may not trust with it. Take a look at the privacy settings on the sites listed above, or others you use regularly, to see what your location settings are and consider updating them.
• Use a private Internet connection. Avoid public Wi-Fi connections, like those offered at coffee shops or airports, when using a website that asks for a password. Limit your social media usage to personal or private Wi-Fi networks, while using cellular data on your phone, or under the protection of a Virtual Private Network (VPN).
• Talk to your friends about public posts. Let your friends know where you stand on sharing content that may include personally identifying information, like your location, school, job, or a photo of you or your home. Respect each other’s wishes about deleting posts that may be embarrassing or uncomfortable. Always ask permission before you post something about another person, whether it mentions them indirectly, by name, or in a picture. To help keep track of your online presence, you can change your settings so that tagged photos of you will only appear on your profile—but won’t be shared publicly on your timeline—if you have approved the post on Facebook or other social media accounts.
• Report harassment or inappropriate content. If someone is making you feel uncomfortable online, you can report the interaction to the host site, often anonymously. You can use the “report” button near the chat window, flag a post as inappropriate, or submit a screenshot of the interaction directly to the host site. If you do experience harassment or abuse through social media, consider taking screenshots immediately and saving them in case the content is deleted or removed from your view. To collect evidence of harassment on Facebook, you can download your full Facebook history through the Download Your Information (DYI) feature.
• Look before you click. If you get a suspicious sounding message or link from a friend through social media, it’s best not to automatically click it. Your friend’s account may have been hacked, which could cause everyone in their contacts list to receive spam. If you’re not sure it’s spam, try contacting that person another way to ask if they meant to send you a link recently.
• Pick strong passwords and update them frequently. This can help protect against someone who may be trying to sign on to your account for negative reasons like posting spam, impersonating you, or stalking. In addition to choosing strong passwords and updating them, remember to keep your passwords in a secure location.
• Make privacy a habit by doing a regular social media privacy check-up. Once you’ve gone through the privacy settings in your social media accounts, set a reminder on your calendar to revisit them in three or six months. Companies may change policies or update their platforms which could affect how you would like to share your information online.

Have you encountered sexual content or images relating to a minor? Report these encounters to the CyberTipline.

If you experience unwanted communication of a sexual nature, it can leave you with some uncomfortable or painful feelings. You are not alone. Help is available 24/7 through the National Sexual Assault Hotline: 800.656.HOPE and online.rainn.org.

How Social Media Affects The Brain

 

How Social Media Affects The Brain

View More Online Therapy Options

Due to the effect that it has on the brain, social media is addictive both physically and psychologically. According to a new study by Harvard University, self-disclosure on social networking sites lights up the same part of the brain that also ignites when taking an addictive substance. The reward area in the brain and its chemical messenger pathways affect decisions and sensations. When someone experiences something rewarding or uses an addictive substance, neurons in the principal dopamine-producing areas in the brain are activated and dopamine levels rise. Therefore, the brain receives a “reward” and associates the drug or activity with positive reinforcement.

This is observable in social media usage; when an individual gets a notification, such as a like or mention, the brain receives a rush of dopamine and sends it along reward pathways, causing the individual to feel pleasure. Social media provides an endless amount of immediate rewards in the form of attention from others for relatively minimal effort. The brain rewires itself through this positive reinforcement, making people desire likes, retweets, and emoticon reactions.

Another perpetuating factor of social media addiction is the fact that the reward centers of the brain are most active when people are talking about themselves. In the non-virtual world, it’s estimated that people talk about themselves around 30 to 40% of the time; however, social media is all about showing off one’s life and accomplishments — so people talk about themselves a staggering 80% of the time. When a person posts a picture they may receive positive social feedback, which stimulates the brain to release dopamine, rewarding that behavior and perpetuating the social media habit.

Social media use becomes problematic when someone views social networking sites as an important coping mechanism to relieve stress, loneliness, or depression. Social media use provides these individuals with continuous rewards that they’re not receiving in real life, so they end up engaging in the activity more and more. This continuous use eventually leads to multiple interpersonal problems, such as ignoring real life relationships, work or school responsibilities, and physical health, which may then exacerbate an individual’s undesirable moods. This then causes people to engage in the social networking behavior even more as a way of relieving dysphoric mood states. When social network users repeat this cyclical pattern of relieving undesirable moods with social media use, the level of psychological dependency on social media increases.

Recognizing A Social Media Addiction

Although many people habitually use social media, very few are genuinely addicted. To determine if someone is at risk of developing an addiction to social media, ask these 6 questions:

• Do they spend a lot of time thinking about social media or planning to use social media?
• Do they feel urges to use social media more and more?
• Do they use social media to forget about personal problems?
• Do they often try to reduce use of social media without success?
• Do they become restless or troubled if unable to use social media?
• Do they use social media so much that it has had a negative impact on their job or studies?

A “yes” to more than 3 of these questions may indicate the presence of a social media addiction.

A digital detox, a period of time during which someone significantly reduces the time spent using electronic devices such a smartphones or computers, could be a wise precaution. This can include simple steps, such as turning off sound notifications and only checking social media sites once an hour. Other changes can include having periods in the day where there is self-imposed non-screen time, such as during meal times, or leaving the phone in a separate room at night so as not to disturb sleep. This allows for a restored focus on social interaction in the physical world and reduces dependency on networking sites.