OMG, my Facebook was hacked! Here's what to do....

20 June 2022

Even technically sophisticated friends are currently getting hacked on Facebook. Here’s how to avoid it, and how to make sure your hacked account is fully recovered.


Usually, accounts are “hacked” because someone somehow gets a hold of your password. That’s bad for Facebook in particular because people often use it to log into other things — so if someone gets into your account, they have access to a bunch of other things too.

If your account has been hacked

Your account being “hacked” can take many shapes. Perhaps someone is sending messages on your behalf, posting as you or doing something else weird.

If you can still log in, you’re in luck; here’s what to do:

  1. Change your password right away — that’s your first step if you still have the power to do so. If you can’t log in.
  2. Request a password reset. If that doesn’t work, someone may have changed the email address on the account. There’s a way of dealing with that, too.
  3. Report the weird behaviour to Facebook, so they can help stop it from happening to others.
  4. Turn on two-factor authentication. That means that even if your password was somehow stolen, they can’t log in without also having access to your phone or your authenticator app.

How to prevent getting hacked  

The most common way that a Facebook account is compromised is by tricking you into giving the hackers your password. You may get a Messenger message from a friend on Facebook, saying something like “OMG did you see who died? or the common one Tinashe is with Tapiwa and 98 others
click to view the video ”
. You click on the link, and it looks like Facebook, but suddenly you’re being asked to log in again. You think nothing of it, and you type in your email and password… Uh-oh. Problem: The site that you just gave your password to isn’t actually Facebook, and now they have your password.

The best way to avoid this is to follow the steps above and turn on two-factor authentication. Then be vigilant: Whenever you log in, are you logging into a site that starts with https://www.facebook.com? If not — if it looks like something like ffacebook.com or facebook.this-is-a-security-notification.com — don’t type in your password. The safest thing, typically, is to manually type in Facebook.com into your URL bar if you’re using a web browser.