An outline of a Facebook post with an unlocked padlock above like, comment, and share icons next to a cursor arrow.

Login troubles, suspicious messages, and unauthorized posts on your timeline can all be signs your Facebook has been hacked. It’s vital to spot these red flags early so you can quickly address the breach and secure your account. Swift action on your part can help prevent further unauthorized access, curb malware infection, and protect your personal information. 

Have a sneaking suspicion that your Facebook account is compromised? Below, we’ll go over the signs that your account has been hacked, steps to recover your account, and tips to keep your Facebook account safe.

Table of contents

    Signs that your Facebook has been hacked

    If your Facebook account has been compromised, you’ll probably notice it fairly quickly. So, how can you tell that your Facebook has been hacked?

    • Inability to log in: hackers often immediately change your email address and password to prevent you from regaining access. If you can’t sign in with your usual credentials, someone has changed them to lock you out.
    • Login alerts: if you’ve activated Facebook’s login alerts feature, a notification of an unrecognized login attempt is a major clue of a potential hack.  
    • Password resets: receiving password reset emails you didn’t initiate should raise red flags as it suggests someone has attempted to breach your account. 
    • Changes in account settings: modifications to your account settings are often part of a hacker’s modus operandi to cover their tracks, ensure you can’t regain access, or further their scams. This includes altering your profile picture and name as well as linking new accounts.
    • Random messages: regularly check the chats on Facebook Messenger. If you find unfamiliar messages, someone is likely using your Facebook account to communicate with your contacts. 
    • Strange friend requests: multiple friend requests to people you don’t know should set off warning bells. Some hackers do this to claim more victims for their exploits, spread misinformation, or use your account for spamming. 
    • Unauthorized activities on your timeline: bad actors may also create deceptive, embarrassing, or downright malicious posts using your account. These posts often aim to tarnish your reputation, trick your contacts for sensitive information, or stir trouble. Clicking on malicious links in certain posts could also spread malware to your contacts.

    How to check if you have been hacked

    Apart from the signs, which might not always be spot-on, how do you know if your Facebook account has been hacked for sure? To verify, follow these steps: 

    On your phone

    1. Open the Facebook app and log in. If you don’t have the app, download it from Google Play or Apple App Store. 
    2. Tap the Menu icon in the bottom right-hand corner.
    3. Scroll down and select Settings & Privacy. In the drop-down menu, click Settings.
    4. Find Meta Accounts Center and click on Password and security. Alternatively, you can type Where you’re logged in into the search bar, select the first option, and skip to Step 7. 
    5. In the Accounts Center, locate and click on Password and security.
    6. Tap Where you’re logged in.
    7. Select your Facebook account.
    8. On the Account login activity page, give the lists of your current device and logins on other devices a once-over — make sure that you recognize all of them. 
    9. If you see an unfamiliar device, click on Select devices to log out
    10. On the Log out on devices page, select the device and click Log Out. When prompted, tap Log Out again.  

    On your computer

    1. Log in to Facebook on your browser and click on your profile photo in the upper right-hand corner.
    2. In the drop-down menu, select Settings & privacy. Next, click Settings.
    3. Look for Meta Accounts Center and scroll down slightly to Password and security. Click on it. Alternatively, type Where you’re logged in into one of the two search bars, click on the first option and proceed to Step 6. 
    4. Click on Password and security again. 
    5. Scroll down to Where you’re logged in and tap it. 
    6. Under Accounts, locate your Facebook account and click it. 
    7. You’ll see the device you’re currently using and logins on other devices. Go through the list of devices and check that you recognize them. Review the dates, timestamps, and approximate locations to confirm that they match your activity.
    8. If you find a device you don’t recognize, tap on Select devices to log out
    9. On the new page, locate the device and select it. 
    10. Then, tap on the Log Out button. When prompted, click Log Out again. 

    What to do if you’ve been hacked on Facebook

    If your Facebook has been hacked, here’s what you need to do:

    Change your password

    If your Facebook account is compromised, the first step is to change your password. Here’s how: 

    1. Go to the Facebook Settings page and locate Meta Accounts Center
    2. Click on Password and security
    3. Select Password and security again. 
    4. Tap Change password and choose your Facebook account. 
    5. Enter your current password, then type and confirm your new password.
    6. If the hacker changed your password, click Forgotten your password? and follow the instructions to reset it via email or SMS. 

    If you use the same password for other accounts, be sure to change them to strong, unique passwords as well. Hackers may try to access your other accounts using the compromised password.

    Contact Facebook

    Report the hack to Facebook immediately so it can investigate the breach. Visit  facebook.com/hacked, click My Account Is Compromised, and follow the instructions. 

    Warn your contacts

    Inform your contacts about the hack and advise them to ignore any strange posts or messages. Warn them not to click on suspicious links and report any eyebrow-raising activities right away. 

    How to keep your Facebook account safe

    Here are some methods to keep your Facebook account secure — whether after a hack or, better yet, as preventative measures: 

    • Use a strong password: create a hard-to-guess password with a random mix of uppercase and lowercase letters, numbers, and symbols. Avoid the stereotypical “facebook123,” “password,” or your birth date.
    • Enable 2FA: to add another layer of security, 2FA requires another form of verification if you’re signing into Facebook from an unfamiliar device or browser. You’ll need to confirm with a security key or a code from an authentication app or SMS.
    • Use a VPN (Virtual Private Network): a VPN encrypts your internet traffic, shielding your login credentials and personal information from hackers. It’s especially helpful if you often access Facebook using public Wi-Fi networks, which are often not properly secured. 

    Pro tip: Certain VPNs also have additional features to address hacks. For instance, Surfshark Alert, included with Surfshark VPN in the Surfshark One subscription, monitors the security of your identity in over 90 countries. It scans the web for breaches involving your email address and other personal information. So, if the email address linked to your Facebook account is compromised, you’ll be immediately alerted and can secure your account.

    • Set up alerts: activate Facebook’s login alerts to get notified if an unrecognized device or browser attempts to access your account. It’s a quick means to catch potential breaches right away. 
    • Adjust privacy settings: restrict the visibility of your posts and activities to friends only to minimize the risk of targeted attacks.
    • Review app permission: regularly check the list of apps, websites, and platforms linked to your Facebook account so that only trusted services can access your data. 

    Stay vigilant and actively protect your Facebook account 

    There are usually telltale signs of a hack if your Facebook account has been compromised. However, the damage might have already been done by the time you spot these warning signs. So, it’s always best to prevent hackers from breaching your account in the first place. 

    Start by using a strong password, enabling two-step verification, and setting up login alerts. Additionally, use a VPN to encrypt your internet traffic so that your Facebook login credentials and personal data remain safe.

    Keep Facebook hacks at bay
    Secure your account with a VPN
    Get Surfshark
    Surfshark

    FAQ

    How do I tell if Facebook has been hacked on my iPhone?

    To tell if your Facebook has been hacked on an iPhone, open the Facebook app and navigate to the Where you’re logged in page. If you find unknown devices on the list, there’s a good chance your account has been hacked. If so, immediately reset your password, report the hacking, and inform your contacts. To keep your account safe, consider using a VPN, enabling 2FA, and setting a strong, unique password. 

    What do hackers do when they get into your Facebook?

    Hackers who get into your Facebook often change your login details first to lock you out. Then, they may post malicious content on your timeline, send scam or spam messages to your contacts, and collect personal data for fraudulent activities like identity theft.

    Can I contact Facebook about my account being hacked?

    Yes, you can contact Facebook to report that your account has been hacked. Go to facebook.com/hacked, click on the My Account Is Compromised button, enter your mobile number or email address and password and follow the provided instructions. 

    How can you tell if you have been hacked on Facebook Messenger?

    To tell if you have been hacked on Facebook Messenger, look out for unfamiliar messages, login notifications from unknown devices, or new conversations with strangers. To verify, open your Messenger app and tap on the three lines in the top left corner. Then, click on the gear icon. Next, select Privacy & safety and choose End-to-end encrypted chats. Click on Security alerts and select View logins. You’ll find a list of devices where you’re logged in for both Messenger and Facebook.