If a crook succeeds in hacking your Facebook account, they can masquerade as you, find out a good deal about you, and get access to your friends.
If the email address and/or password on your account has changed--and you didn't change it, your account has been hacked. Other possible symptoms that should worry you include new "friends" that you never approved, and status updates and messages allegedly going out from "you" even though you didn't send them.
The following instructions assume that you're accessing Facebook from a full, desktop-oriented browser rather than a mobile browser or app.
First, try to change your Facebook password:
- Click the little white triangle near the upper-right corner or the Facebook webpage and select Settings.
- This brings you to the Settings page's General tab. Click Password.
- Enter your current password in the Current field.
- Type a strong password in the New and 'Re-type new' fields. This should be a password you've never used before. I strongly suggest you use a password manager.
When you click Save Changes, Facebook may reject your current password. If it does, whoever hacked your account has already changed it.
Go to Facebook's Report Compromised Account page, click the My Account in Compromised button, and follow the wizard.
But if Facebook accepts the old password (and the new one, of course), you can sigh with relief. You've recovered your account. Facebook will ask if you want it to log off of other devices; take them up on that offer.
Once you've got your Facebook account pages, take some steps to make sure this never happens again:
Back on the Settings page, click the Security tab on the left, then click Login Approvals (also known as 2-step verification). Check Require a security code to access my account from unknown browsers. If you haven't given Facebook your cell number, you'll have to enter it here.
Once you've setup Login Approvals, enable Login Alerts. That way, Facebook will notify you via email if your account is accessed by a browser, app, or device that has never accessed your account before. If you didn't do the logging in, you'll know you have a problem.