You wake up, reach for your phone, and tap that familiar blue icon only to find yourself staring at a login screen. You enter your password. Wrong. You try again, slower this time. Still wrong. Then you see the notification in your email: "Your primary email address has been changed."
The sinking feeling in your gut is universal. It’s a digital violation.
Honestly, knowing what do i do if my facebook account is hacked is basically a survival skill in 2026. This isn't just about losing access to your vacation photos or your high school friends; it’s about your identity, your linked business pages, and the potential for scammers to solicit money from your unsuspecting aunt.
💡 You might also like: Middle Full Series: Why This Niche Photography Gear Still Matters
Speed is your only friend here.
Stop Panicking and Start With the Basics
The first thing people usually do is try to log in fifteen times. Don't do that. If the hacker is smart—and many are—they've already swapped your recovery email and enabled two-factor authentication (2FA) that points to their device.
If you can still get in, even for a second, go straight to the Accounts Center.
Look for "Logging Out of Other Devices." This is the nuclear option. It kicks everyone off, including the person currently poking around your private messages. If you’re already locked out, you need to head to facebook.com/hacked. This is the official "Identity" portal. It’s different from a standard password reset because it triggers a security flow specifically designed for compromised accounts.
Meta’s automated systems are... let’s be real, they’re frustrating. They rely heavily on machine learning to verify if you are who you say you are. You might be asked to upload a photo of your government ID. Do it. Use a clear, well-lit surface. Reflections on the plastic of a driver's license will cause the AI to reject it instantly, leaving you stuck in a loop for days.
The "Email Change" Trap
Hackers almost always change the associated email address first. Why? Because it cuts your lifeline.
But here’s a secret: Facebook sends a notification to the old email address when this happens. Find that email. It usually contains a link that says, "This wasn't me" or "Secure your account." This link is a "special" bypass. It often allows you to reverse the email change without needing the new password the hacker just set.
If you’ve deleted that email or it’s sitting in your trash, go get it. Now.
What Do I Do If My Facebook Account Is Hacked and I Use It for Business?
This is where things get messy. Really messy.
If you have a Facebook Business Manager or Meta Ads account linked, the hacker isn't there for your memes. They want your credit card. They will run "traffic" ads for scam sites or dropshipping schemes, burning through your daily limit in minutes.
- Call your bank. Don't wait for Facebook Support (which is notoriously slow for non-enterprise users). Freeze any card linked to Meta Pay or your Ads account.
- Document everything. Take screenshots of the unauthorized logins if you can see them.
- Reach out to Meta Pro Support. If you’ve ever spent money on ads, you might have access to a different support tier. Use it.
I've seen small business owners lose $5,000 in a single night because they thought they could "fix the login" before addressing the financial hemorrhage.
The Stealthy Third-Party App Problem
Sometimes, the hacker doesn't even "take over" your account in the traditional sense. They use a malicious third-party app you authorized months ago.
Remember that "Which Disney Character Are You?" quiz? Or that "Analyze Your Profile" tool? Those apps often request "Permissions" to act on your behalf. If an app is compromised, a hacker can post as you or scrape your data without ever knowing your password.
Go to your Settings & Privacy, then Apps and Websites. Revoke everything. Everything you don’t recognize or don’t use daily needs to go. It’s better to have to re-log into Spotify later than to leave a backdoor open for a botnet in Eastern Europe.
When the "Trusty Friends" Method Fails
Facebook used to have a "Trusted Contacts" feature. They retired it.
💡 You might also like: Finding the Max Element in Vector C++: The Practical Way to Do It
Now, the recovery process is much more clinical. If the hacker has turned on 2FA using an app like Google Authenticator or a physical security key, and you didn't have 2FA on yourself, you are in for a long fight. Meta will require you to prove your identity through "video selfies" or ID verification.
Tips for the video selfie:
- Use natural light.
- Move your head slowly.
- Don't wear a hat or heavy glasses.
If you fail three times, the system might "soft-lock" your IP address for 24 hours. If that happens, stop. Trying again will only extend the lockout. Switch to a different Wi-Fi network or use your phone's cellular data to try again tomorrow.
The Reality of "Account Recovery" Scams
Let’s talk about a huge danger.
If you post on X (Twitter) or Reddit saying "My Facebook was hacked," you will be swarmed. Dozens of bots and "experts" will reply saying, "Contact @FixItFast on Instagram, he got mine back!"
These are scams. Every single one of them.
No "hacker" can bypass Meta’s internal servers to "get your account back" for $50. They will take your money, ask for more to "unlock the database," and then block you. Only Meta can give you your account back. Period.
Why This Keeps Happening (And How to Stop the Next One)
You probably reused a password.
Maybe it was a password from a LinkedIn breach in 2012 or a random food delivery app that got leaked last year. Hackers use "credential stuffing"—taking billions of leaked email/password combos and running them through scripts to see which ones work on Facebook.
Once you regain access (and you likely will if you’re persistent with the ID upload), you must do three things:
- Use a Password Manager. Bitwarden, 1Password, or even the built-in Apple/Google ones. Your password should look like
jK9!pL$2vR&mand you should never know it by heart. - Enable 2FA. But don't use SMS. SIM-swapping is a thing. Use an authenticator app.
- Check your "Login Alerts." Turn on notifications for unrecognized logins so you can kill the session while the hacker is still clicking around.
Actionable Next Steps for Recovery
If you are currently locked out, follow this exact sequence:
💡 You might also like: Creating a New Apple ID Without Losing Your Mind
- Check your email inbox for a "Primary email changed" message and click "Secure Account."
- Navigate to facebook.com/hacked from a device you have previously used to log in (Facebook "recognizes" your browser cookies and is more likely to trust you).
- Disconnect your Instagram. If your IG is linked and hasn't been compromised yet, try to unlink it through the Instagram Accounts Center to save at least one platform.
- Alert your inner circle. Post from a secondary account or send a text: "My FB is hacked. Do not click any links I send or send me money."
- Scan your devices. Run a malware scan (Malwarebytes is a solid choice) on your computer. Sometimes the "hack" is actually a keylogger on your own machine.
- Verify your "Linked Accounts." Once back in, check if the hacker linked their Instagram or Spotify to your Facebook. If you don't remove their links, they can just use the "Log in with Instagram" feature to jump right back into your account tomorrow.
Check your "Recently Deleted" folder in your photos too. Hackers often delete your actual pictures to make the profile a "blank slate" for scamming. You have 30 days to restore them before they are gone forever.