It’s that sinking feeling in your gut. You try to log in, and the password doesn't work. You check your email, and there’s a notification from Meta saying your primary email address was changed to some random string of characters ending in .ru or .hotmail. Suddenly, your digital life feels like it’s being held hostage. If you're frantically googling how do i recover a hacked facebook account, you aren't alone—but you do need to move fast.
Social media hijacking isn't just about someone posting spam on your wall. It's an identity crisis. Hackers often go for the "triple threat": changing your password, swapping the recovery email, and enabling Two-Factor Authentication (2FA) using their device. This locks you out of the very house you built.
Start Here: The Official Recovery Portal
Don’t waste time scrolling through Reddit threads yet. Facebook has a specific, dedicated portal for exactly this scenario. Most people try the standard login page over and over, which actually triggers Facebook’s security bots to think you are the attacker.
Instead, head straight to facebook.com/hacked.
This isn't just a generic help page. It’s a specialized workflow. When you land there, the system will ask you why you’re concerned. Select "Someone else gained access to my account without my permission." This kicks off a sequence that bypasses some of the standard "forgot password" loops that fail when a hacker has already changed your contact info.
The system will try to identify you. You’ll need to search for your account by name, email, or phone number. If the hacker changed your email, try searching by your full name or the username that appears in your profile URL (e.g., facebook.com/yourname).
💡 You might also like: Why the iPhone 7 Red iPhone 7 Special Edition Still Hits Different Today
What Happens if They Changed My Email?
This is where things get sticky. Honestly, it’s the most common roadblock. You see a masked email like h*******8@mkt.com and realize it isn't yours.
Facebook actually keeps a "shadow copy" of your previous contact information for a short window—usually 48 to 72 hours. If you check the notification email you received when the change happened (the one that says "Did you just change your email address?"), there is almost always a link that says "Secure your account" or "This wasn't me." Use that link. It carries a special digital token that tells Facebook, "The person clicking this is the original owner using a recognized device." It’s often the only way to revert a primary email change without going through the dreaded ID verification process. If you wait too long, that link expires, and you’re stuck in the manual queue.
The Identity Verification Gauntlet
Sometimes, the automated tools just won't cut it. Maybe you're on a new laptop, or you're traveling, and Facebook doesn't recognize your IP address. If the hacker has turned on 2FA, you’ll hit a wall asking for a code you don’t have.
At this point, you'll see an option like "Having trouble?" or "I don't have my phone."
This leads to the ID upload process. Facebook (Meta) will ask for a scan of a government-issued ID. People get weirded out by this, but it’s a standard security protocol used by major tech firms. They accept:
📖 Related: Lateral Area Formula Cylinder: Why You’re Probably Overcomplicating It
- Driver’s licenses
- Passports
- National ID cards
- Marriage certificates (in some cases)
A tip from those who’ve been through it: Take the photo in a well-lit room with zero glare on the ID. If the automated AI can't read the text clearly, it will reject the upload instantly. Once uploaded, it usually takes 24 to 48 hours for a human (or a more sophisticated AI) to verify it and send you a special "one-time" login link that bypasses all 2FA.
Why "Hackers" on Instagram Can't Help You
If you post on Twitter or X saying "I got hacked," you will be swarmed. Dozens of bots will reply telling you to message some "expert" on Instagram who "recovered their account in ten minutes."
These are all scams. Every single one.
Nobody has a "backdoor" into Meta’s servers. These people will take your money (usually via Bitcoin or CashApp) and then either block you or ask for more money to "unlock the final step." There is no "recovery tool" you can buy for $50. The only way back in is through official Facebook channels. Period.
Dealing with Trusted Contacts (The Legacy Method)
You might remember a feature called "Trusted Contacts" where friends could give you a code. Facebook actually deprecated (retired) this feature in late 2023. If you're looking for it, stop. It's gone.
👉 See also: Why the Pen and Paper Emoji is Actually the Most Important Tool in Your Digital Toolbox
Instead, Meta is leaning heavily on "Recognized Devices." If you have a computer or a tablet where you stay logged in, try accessing your settings from there. Sometimes, even if you are logged out of the main app, a browser where you previously clicked "Remember Me" might still have an active session that allows you to change the password back without needing the old one.
The Ripple Effect: Instagram and Meta Accounts
Because of the "Accounts Center" integration, a Facebook hack often means your Instagram is gone too. If your accounts are linked, checking how do i recover a hacked facebook account actually helps you save both.
If you manage to get back into one, immediately go to the Accounts Center and "Log Out of All Other Devices." This kicks the hacker off your Instagram as well. If you don't do this, they can use the "Connected Experiences" feature to jump right back into your Facebook profile five minutes after you recovered it.
Prevention is Boring but Necessary
Once you're back in, you have a 10-minute window to harden the target before the hacker tries to brute-force their way back.
- Check the "Where You're Logged In" list. Terminate every session that isn't your current one.
- Audit your Apps and Websites. Hackers often use a "rogue app" you authorized years ago to maintain access. If you see a random "Photo Editor" or "Quiz App" from 2017, revoke its permissions.
- Setup 2FA properly. Don't just use SMS codes. Use an authenticator app like Google Authenticator or Duo. SMS codes can be intercepted via SIM swapping; app-based codes cannot.
- Download your Recovery Codes. Facebook gives you a list of 10 "emergency" codes. Print them. Put them in a drawer. If you lose your phone, these are your only way back in without sending an ID to Meta.
What if I Can't Get the Account Back?
It sucks to hear, but if the hacker has deleted the account or if you can't prove your identity because you used a fake name (like "John's Car Detail" instead of "John Smith"), you might be at a dead end.
If the account is posting offensive content or scamming your friends, and you can't get in, your best move is to have your friends "Report" the profile for "Pretending to be someone else" or "Hacked." If enough people report it in a short timeframe, Facebook will often disable the account entirely. It’s a "scorched earth" policy—if you can't have it, the hacker can't either.
Essential Next Steps
- Check your bank statements. If you had a credit card linked to Facebook for "Meta Ads" or "Meta Pay," call your bank and cancel that card immediately. Hackers love running thousands of dollars in "ad spend" for their own shady products using your billing info.
- Change your email password. If they got into Facebook, they might have access to your email too. Enable 2FA there first.
- Clear your browser cache. Some hacks happen via "session hijacking" (cookies). Clearing your cache and cookies forces a fresh start.
- Scan for Malware. Use a tool like Malwarebytes to make sure there isn't a "keylogger" on your computer recording every password you type.
The recovery process is a test of patience. It’s designed to be slow to prevent hackers from "re-hacking" people. Stay calm, follow the official prompts at the /hacked portal, and never, under any circumstances, pay a third party to "help" you.