Note: The Internet Patrol is completely free, and reader-supported. If something that you find here helps you, please consider supporting us. We also earn a small amount from ads and Amazon links:
If your Facebook account has been hacked (or really if any account has been hacked), first of all, don’t take it personally (unless, of course, it was hacked by someone you know, then perhaps take it personally). Also, don’t freak out. What it most likely means is that you used a password that was easy (for a computer) to guess. Here’s what to do when wondering “my Facebook account has been hacked, what should I do?”. Most of these steps are also appropriate if any other of your accounts have been hacked, such as your Twitter account, your Gmail account, your LinkedIn account, or even your bank account.
One of the first ways that people know that their Facebook account has been hacked is when their friends start messaging them saying things like “Are you ok?” or “Why are you advertising Ray-Ban sunglasses?” (For some reason, the Ray-Ban spam is particularly popular among hackers, and they often spam the friends of a user whose account they have hacked with Ray Ban ads.)
Ray-Ban spam from hacked Facebook account:
What to Do if Your Facebook Account Has Been Hacked (Applies to other accounts as well.)
1. Log into Your Account and Change Your Password
The very first thing to do if your Facebook account has been hacked is to log in to your account, and change your password. Change it to something difficult.
We like to use this random password generator.
If You Can’t Log into Your Account
If you can’t even log into your Facebook account, it most likely means that the hacker has changed your password. If this happens you will need to initiate the Facebook password recovery process.
To initiate the Facebook password recovery process, go here.
If you are dealing with another account having been hacked, and you can’t log in, look on the log in page for a link or option that says “Reset password” or “Forgot password” or something similar. (Facebook’s “I can’t identify my account” is an example of a stunningly misleading labelling of the password reset function.)
2. Set Up Two-Factor Authentication
Two-factor authentication works like this: when you log into your account (particularly from an unrecognized browser instance or mobile device), Facebook will first send a text message to your phone, giving you a randomly generated, one-time use code, to enter before you can actually access your Facebook account.
The beauty of this is that even if a hacker guesses your password, they won’t have your cell phone to receive the second code.
Lots of places now offer two-factor authentication (also known as ‘two step authentication’ and ‘2FA’), including Google / Gmail, Twitter, LinkedIn, Paypal, and more. See our article on two-factor authentication and places that offer two-factor authorization for a list of and links to other places that offer 2FA.
Two set up two-factor authentication on Facebook, go here:
You may also need this information to set up your two-factor authentication on Facebook:
3. Report Your Account as Having Been Hacked
If you truly believe that your Facebook account has been hacked, you may wish to report it. You can do that here:
Of course, if it was your bank account that was hacked, you should notify your bank immediately.
4. Clean Up Any Mess Left by the Hacker
Remove anything that the hacker posted to your timeline. Check to be sure that you haven’t been subscribed to any groups by the hacker, that they haven’t ‘Liked’ any pages for you, and that they haven’t installed any apps.
Go here to read how to find a list of all of the Facebook groups to which you belong.
To find all the pages that have been Liked by your account, go to:
So, for example, if your username is JohnDoe, you would go to:
Go here to find all of the apps that have access to your Facebook account:
Finally, apologize and explain to all of your friends (especially if the hacker sent out mass invitations, etc.) what happened.