What to do when your Facebook account's been hacked

Your Facebook account tells a lot about you and your social circle. You need to keep control of it.

facebook logo crop

Today's Best Tech Deals

Picked by PCWorld's Editors

Top Deals On Great Products

Picked by Techconnect's Editors

If a crook succeeds in hacking your Facebook account, they can masquerade as you, find out a good deal about you, and get access to your friends.

If the email address and/or password on your account has changed--and you didn't change it, your account has been hacked. Other possible symptoms that should worry  you include new "friends" that you never approved, and status updates and messages allegedly going out from "you" even though you didn't send them.

The following instructions assume that you're accessing Facebook from a full, desktop-oriented browser rather than a mobile browser or app.

First, try to change your Facebook password:

  1. Click the little white triangle near the upper-right corner or the Facebook webpage  and select Settings.
  2. This brings you to the Settings page's General tab. Click Password.
    0503 select password
  3. Enter your current password in the Current field.
  4. Type a strong password in the New and 'Re-type new' fields. This should be a password you've never used before. I strongly suggest you use a password manager.

When you click Save Changes, Facebook may reject your current password. If it does, whoever hacked your account has already changed it.

0503 password rejected

Go to Facebook's Report Compromised Account page, click the My Account in Compromised button, and follow the wizard.

0503 compromised account

But if Facebook accepts the old password (and the new one, of course), you can sigh with relief. You've recovered your account. Facebook will ask if you want it to log off of other devices; take them up on that offer.

0503 log off other devices

Once you've got your Facebook account pages, take some steps to make sure this never happens again:

Back on the Settings page, click the Security tab on the left, then click Login Approvals (also known as 2-step verification). Check Require a security code to access my account from unknown browsers. If you haven't given Facebook your cell number, you'll have to enter it here.

Once you've setup Login Approvals, enable Login Alerts. That way,  Facebook will notify you via email if your account is accessed by a browser, app, or device that has never accessed your account before. If you didn't do the logging in, you'll know you have a problem.

Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.
Shop Tech Products at Amazon