Affiliate links on Android Authority may earn us a commission. Learn more.
How to know if your Facebook account has been hacked
It’s everyone’s worst nightmare. An online account you’ve had and nurtured for years is suddenly hacked and taken over for bragging rights by some guy in his mother’s basement. But sometimes, it’s not immediately apparent that your account has been hacked; knowing how to spot the signs is a big part of staying safe online. What are the signs that someone is creeping about in the background, reading your personal information, and dropping Viagra links to your friends? How do you know if your Facebook account has been hacked?
Hints that your Facebook account has been hacked can include messages you didn't post, account detail changes you didn't make, Facebook sending you status messages that make no sense, or being frozen out of your account completely after the password is changed.
JUMP TO KEY SECTIONS
Messages on your Facebook page that you didn’t post
This is the most common sign of all — Facebook posts that you didn’t write and publish. If a hacker gets access to your account, they will immediately leave messages asking for cash. Your friends will assume it’s you, and if the message sounds plausible enough, someone may fall for it.
Or they may insert a malware link into the message — you know, a helpful direct link to “PayPal” to send you money, so when they sign in, their details are now compromised too.
Messenger messages that you didn’t send
The next sign that something may be amiss is when your Messenger contacts start to get messages from you that you didn’t send. This can be a variation on the “send me money” scam again or sending your contact to a phishing website to grab their user login details.
Some of your contacts may instantly believe it, but others may contact you by other means to ask you if you really sent the message. If that happens, you know you’ve been hacked.
Facebook status messages that make no sense
The next thing that could indicate something is amiss is when Facebook starts sending you notification messages that make no sense. Maybe it’s telling you that you have tried to log in from another country. Maybe your Facebook information is ready to download? Or maybe you’ve tried to upload something to your page that violates Facebook guidelines.
If Facebook starts accusing you of something you didn’t do, that could indicate someone else is there, larking and monkeying about.
Your account details changed to someone else’s
This is one that you won’t immediately see right away. You would have to be looking at your account information and be pretty eagle-eyed about it. Look for things like a change of email address, and changes to your security and privacy settings — things that a hacker would do.
You can’t get into your account at all
Of course, if they change the email and the password, then your task of expelling them from your account has just got a thousand times harder. You can’t reset the password without a verification link being sent to your email, and if it’s not your email… This is why we recommend you enable two-step verification on your Facebook account using an authenticator app. It makes it much harder for opportunist hackers to take over your account.
Report it to Facebook!
At this stage, you should let your Facebook contacts know on another platform that your account has been hacked and that they should ignore any messages coming from your account. Then, contact Facebook and report the account as compromised. They will ask you to provide information proving you are the real account owner, and hopefully, your account will be restored to you.
There are obviously no guarantees, though. This is Facebook we’re talking about, remember? Social media tech giants are not renowned for their communication skills with customers.
What to do when you get your account back
When you do finally get your account back, make sure to do the following:
- Go through your account details with a fine-tooth comb and change back anything that was altered. Change the password to something stronger, and consider using a new login email address. Make a note to change the password once every 6—8 weeks, and don’t use a password that you use on any other website.
- Enable two-step authentication using an authenticator app.
- Delete any posts and Messenger messages you didn’t make.
- Check your business pages and ensure the hacker didn’t add themselves as an admin. If they did, add yourself back (if they removed you) and remove them.
- Check to make sure the hacker didn’t add another Facebook account of theirs to your friends’ list.
- Change your post privacy from Public to Friends Only.
- Consider locking access to your friends list so they are not harassed again by the hacker.
- Log out of all sessions. Go to Settings > Security & Login >Where you’re logged in. Select Log out of all sessions.
The most common method of hacking into a Facebook account is phishing. This is where the hacker sets up a fake realistic-looking Facebook sign-in page, and people put their credentials in, not noticing it’s a fake page. The best way to avoid this is to never click on email and message links directing you to sign-in pages. Go to the site yourself, and make sure the URL has HTTPS at the start. Accounts can also be hacked through browsers remembering passwords and keylogging software.
Only if you click on a link in the message. That link may lead to malware. In general, it’s best not to reply to anyone whom you don’t know or you’re unsure about. Replying to one message may lead to lots of spam later.
Facebook says that unlocked and dormant accounts are deleted after one year of no activity. Whether or not that process can be speeded up is unknown.
It isn’t a huge possibility, but there is a chance that a Facebook account hack could also include malware to damage your computer or phone. We have a guide you can read to learn how to tell if your computer has been hacked, and your phone’s OS is good enough to catch nearly everything these days, so there’s no reason to worry too much.