What to Do Immediately If Your Facebook Profile Is Hacked

Having your Facebook profile hacked is disorienting and can damage your online reputation, expose private information, and open the door to further fraud. Acting quickly matters: the longer an attacker has access, the more damage they can do—posting malicious links, changing credentials, or sending phishing messages to your contacts. This article outlines what to do immediately if your Facebook profile is hacked, explains how to confirm a compromise, and summarizes the recovery and mitigation steps that most people will need. It does not replace platform-specific guidance but gives an editorial, practical roadmap so you can respond confidently, limit harm, and regain control of your account.

How to tell if your Facebook account has been hacked

Recognizing a compromised account is the first step toward effective Facebook account recovery. Common signs include login alerts you don’t recognize, unfamiliar posts or messages sent from your profile, changed profile details such as name or email, and contacts reporting strange links. You may also see new friend requests, apps you didn’t install, or a lockout because the attacker changed your password. If you notice suspicious activity, treat it as a potential Facebook account compromised event and avoid interacting with malicious messages. Keep a record—screenshots and timestamps can be useful if you need to report the incident through Facebook’s support channels or to authorities in severe cases of identity theft.

Immediate actions: change your password and secure account access

The first practical move when handling a hacked Facebook profile is to reset access credentials and eliminate active sessions that might still be connected. If you can still log in, go to Settings & Privacy and change your password to a strong, unique passphrase you don’t use anywhere else; this is the quickest step toward Facebook account recovery. Next, review where you’re logged in and log out of unfamiliar devices to remove the attacker’s access. If you cannot log in because the attacker changed the password, use Facebook’s account recovery flow to reset the password using your registered email or phone. While resetting, verify that the email account linked to your Facebook is secure—if that email was also compromised, recover it first before proceeding with Facebook account recovery.

Report the hack to Facebook and use official recovery tools

Reporting the incident through Facebook’s “Report Compromised Account” process triggers additional security checks and can restore access if credentials were changed. Use the Facebook hacked help tools to follow step-by-step guidance for identity verification and account recovery. You may be prompted to confirm identity with ID documents or to recognize recent activity. Keep evidence of unauthorized activity and any communications from the attacker—screenshots of changed profile content and messages help if you need to escalate. If automated recovery fails, continue to use official channels and follow any instructions from Facebook support; persistent failures sometimes require submitting ID verification or waiting for manual review, so start this process as soon as you suspect a problem.

Clean up your profile and alert your contacts

Once you regain control, prioritize removing anything the attacker posted and checking settings that could allow continued access. Review timeline posts, delete malicious or embarrassing content, and check messages for phishing links that may have been sent to friends. Verify apps and websites connected to your Facebook account and revoke any you don’t recognize. Also review account recovery details—email addresses and phone numbers associated with your profile—and remove any that the hacker added. Document what changed and when, in case you need to explain the situation to friends, family, or your employer.

• Change password and enable a unique passphrase
• Log out of unknown sessions and devices
• Revoke suspicious third-party app access
• Run Facebook security checkup and enable two-factor authentication
• Notify contacts about potential phishing messages sent from your account

After cleaning up visible damage, consider contacting people who may have been targeted by the attacker—explain the situation and warn them not to click links or open attachments from messages sent during the compromise. That transparent step reduces the risk of further fraud and helps preserve trust with your network while you restore the profile.

Prevent future hacks: enable two-factor authentication and review security settings

Long-term protection hinges on better authentication and vigilant account hygiene. Enable two-factor authentication (2FA) on Facebook using an authenticator app or a security key instead of SMS where possible; two-factor authentication Facebook options reduce the chance an attacker reclaims access with only a password. Regularly audit connected apps, keep your contact email secure with its own strong password, and consider a password manager to generate and store unique passwords. Turn on login alerts so you are notified when a new device signs in. Finally, be cautious with links and file attachments even from friends—attackers often use compromised profiles to spread malware or phishing. These preventive steps will significantly lower the odds that you’ll need to repeat the Facebook account recovery process in the future.

When you can’t regain access or the attacker keeps returning

If recovery tools don’t restore your profile or an attacker repeatedly regains control, escalate the issue: continue to use Facebook’s reporting channels, gather forensic evidence of the intrusion, and consider reporting the incident to local law enforcement if the hack involves identity theft, extortion, or financial loss. Preserve copies of correspondence and screenshots of malicious activity and account changes. For business or high-profile accounts, seek specialized incident response help from cybersecurity professionals who can analyze device compromise and advise on remediation. Above all, act promptly: persistent attackers exploit delays. Fast reporting, strong authentication, and a documented cleanup will give you the best chance to restore and permanently secure your Facebook profile.

Recovering a hacked Facebook account is often a process rather than an instant fix: confirm the compromise, secure access, report to the platform, clean up damage, and harden security so it doesn’t happen again. If you suspect financial fraud or identity theft connected to the hack, contact your bank and consider a fraud alert. Quick, methodical action reduces harm and speeds recovery—start with a password reset and a security review, and follow the platform’s recovery steps until your profile is fully restored and protected.

This text was generated using a large language model, and select text has been reviewed and moderated for purposes such as readability.