Discovering your Facebook account has been hacked is devastating—a mix of violation, frustration, and potential financial risk. As someone who's guided friends through this nightmare and reviewed countless cases, I understand the urgency. Below, I'll share battle-tested recovery steps drawn from real scenarios, plus proactive tips to lock down your account for good.
There are three primary scenarios for losing access.
Scenario 1: Lending your device to family or friends. They might browse, post, or send friend requests. A close friend once dealt with this after her grandchild used her account during a visit—no posts, but odd friend requests piled up, leading her to abandon the account altogether.
Remedy: Head to Facebook's security page to review active logins. This reveals all devices and locations where you're signed in.
This screenshot from my own check shows an old laptop I forgot about and a quirky geolocation for my iPhone. Log out unrecognized sessions via the three dots menu, then change to a strong, unique password. Always log out before handing over your device.
Scenario 2: An impersonator creates a fake account using your name and photo. They target your friends.
Remedy: Warn your contacts you're safe on your real account and ignore the fake. For suspicious requests—even from 'known' people—verify via email or text first.
Scenario 3: The worst case—password cracked, you're locked out. Recovery hinges on linked accounts and persistence. Author Elizabeth endured four months of hell, enlisting IT pros and a lawyer. Complications: Facebook ads tied to her cards (hacker ran scams) and a pen name with fake birthday, blocking ID verification.
She reset her password, only for the hacker to reclaim it. No phone support; she blocked charges via her bank instead, sleep-deprived, halting her work and updating 30+ passwords.
Remedies:
If you're intact but wary, implement these now—I've vetted them personally.
1. Enable two-factor authentication (2FA) with an app. Skip SMS; use Google Authenticator via Facebook's security settings. Enter changing 6-digit codes post-password.
Elizabeth's SMS fell short—apps are far superior. Extend to banks too.
2. Audit payment methods. I was shocked to find my PayPal linked. Check Facebook Pay and ad payments; pause campaigns first.
3. Revoke third-party apps. Review here. For business pages, add multiple admins with 2FA (Settings > Page Roles).
4. Add backup emails. Via security settings—use unique passwords.
Links may shift as Facebook evolves. For broader protection, try the 1Password app (iOS/Android) or Avast One (multi-platform).
Think before clicking. Suspicious 'security alert' messages? Bypass links; access directly.
Spot anomalies fast. Unsolicited messages, posts, or charges signal trouble.
As Elizabeth put it: "Getting hacked is like a digital tattoo—everyone sees the fallout from your slip-ups." Stay vigilant.
