ACTIVE INCIDENT

Facebook Hacked —
What To Do

If your Facebook account has just been hacked, you have minutes — not hours — before the attacker locks recovery channels and starts scamming your contacts. This is what to do, in order, right now.

Call 1 (877) 4-911-CYBERStart a chat

How a Facebook hack usually unfolds

The first thing an attacker does after taking your account is change the recovery email and phone, then add their own 2FA. Once both are done, the standard recovery flow is locked out and the case becomes an identity-verification escalation that takes days.

Between the moment of takeover and the moment recovery channels are changed, you typically have 5 to 30 minutes. If you are reading this within that window, you can recover the account from your own device without specialist help — if you move fast and in the right order.

If the window has already closed, skip to step 4 and call our team.

Confirming you are actually hacked (vs. logged-out elsewhere)

  • You cannot log in despite using the correct password
  • You received a "your email has been changed" notification from Facebook
  • You received a "new login from [unfamiliar location]" alert and cannot log in now
  • Friends are messaging you about strange posts or DMs they received from your account
  • Your profile photo, name, or cover image has been changed without you doing it
  • Your Marketplace listings have been altered or new ones added

Do these now — in this order

1

Open Facebook on a device you trust

Use the phone or computer where you are most recently logged in. Do not click any links in suspicious emails — go to facebook.com directly. If you are still logged in anywhere, that session is your fastest path back to control.

2

Reset the password from inside your account

Settings → Password and security → Change password. Pick a long, unique password your password manager generates. This invalidates the attacker's session if they were logged in via the old credentials.

3

Log out every other session

Same screen: "Where you're logged in" → Log out of all sessions. This kicks out the attacker even if they did not use the password to get in (e.g., session-cookie theft).

4

If you cannot get in: file at facebook.com/hacked, then call us

Go to facebook.com/hacked and follow the identity-verification flow. Submit a clear ID and selfie. While that runs, call 911Cyber — escalating in parallel doubles the chances of fast resolution.

How an active Facebook incident plays out with our team

When you call us on an active case, the first 15 minutes establish where in the timeline we are: are recovery channels still yours? Is the attacker actively posting? Is there a connected ad account or business page at financial risk?

From there, the response splits: one track on Meta recovery (the right escalation path for your situation, in parallel with your facebook.com/hacked submission), one track on contact damage control (so a scam wave to your friends does not become your reputation problem), and one track on connected-account triage (Instagram, ad accounts, third-party logins).

After recovery, we harden the account so the same attacker — typically still holding your credentials from the original breach — cannot retake it the next week.

Frequently asked questions

How did this happen if I never gave anyone my password?

Almost always one of three sources: a password you reused on a different site that was later breached, a fake-login page (phishing email or DM), or infostealer malware on your device that exfiltrated your saved-passwords vault. The cleanup includes finding and closing the original source.

Should I delete the account and start over?

Not yet. A recovered account keeps your photos, history, and connections — and a "deleted" account is much harder to reverse than a recovered one. Try recovery first; deletion is a last resort.

The attacker is posting scam links to my friends. What do I tell them?

Reach out via SMS, other platforms, or in person: "My Facebook is hacked, ignore anything from me there until I confirm it is back." This is the most important thing you can do for your contacts — Facebook will not warn them.

My ad account or business page was taken too — is that worse?

Yes, materially. Business assets often have active payment methods the attacker will drain. Call us immediately for business-asset cases — there is a separate Meta escalation path for advertisers.

How long until I am back in?

Best case: minutes (still logged in somewhere → reset from there). Mid case: 24-72 hours (Meta identity verification). Worst case: 1-2 weeks (escalated case with a stalled review). The fastest path is found in the first call.

Related response services

Social Media Account Hacked

We recover compromised Instagram, Facebook, X, and other social accounts and lock out the attacker for good.

Learn more

Facebook Business Suite Recovery

We restore admin access to hacked business pages and ad accounts.

Learn more

Email Account Hacked

We recover hacked Gmail, Outlook, and business email accounts and close every backdoor the attacker left behind.

Learn more

Remote Access Malware Removal

We sanitize devices affected by Ghosting or Remote Access Trojans (RATs).

Learn more
STANDING BY 24/7

Recovery channels already changed? Call us now.

The earlier we engage, the more Meta paths are still open. Triage is free, and the call alone often points you to the right next step.

Call 1 (877) 4-911-CYBEROpen a chat