How To Check If Your Facebook Account Has Been Hacked
Facebook accounts are among the most targeted online accounts in the world. Whether it's for spam, scams, or identity theft, hackers have strong incentives to break in — and they've gotten good at it. Knowing what to look for, and where to look, is the first step to protecting yourself.
Why Facebook Accounts Get Compromised
Before diving into the checks, it helps to understand how accounts typically get hacked. Common entry points include:
- Phishing links — fake login pages that steal your credentials
- Data breaches — your email and password exposed from another site
- Weak or reused passwords — making brute-force attacks easier
- Malware — keyloggers or browser hijackers capturing your login details
- Session hijacking — an attacker stealing your active login token without needing your password
Knowing the method matters because some warning signs point more clearly to one type of attack than another.
Signs Your Facebook May Have Been Hacked
Not every compromise is obvious. Some attackers stay quiet for weeks, using your account for low-level spam or data harvesting. Others act fast. Here are the key indicators:
You Can't Log In
The most obvious sign. If your password suddenly stops working and you haven't changed it, someone else likely has. Attackers often change the password immediately to lock you out.
Your Email or Phone Number Has Been Changed
Facebook sends a notification if your contact details are updated. If you receive one of these alerts and didn't make the change, treat it as a confirmed breach. Act immediately using Facebook's recovery options before the attacker changes them further.
Unfamiliar Activity in Your Account
If you can still log in, go straight to your activity log. Look for:
- Posts you didn't write
- Messages sent from your account
- Pages liked or groups joined without your knowledge
- Comments left on other people's content
- Friend requests sent to strangers
Even subtle activity — a single liked page or a joined group — can indicate unauthorized access.
Logins From Unrecognized Devices or Locations 🔍
This is one of the most reliable checks. Facebook tracks every active session associated with your account.
To find this on desktop: Settings & Privacy → Settings → Security and Login → Where You're Logged In
On mobile: Menu → Settings & Privacy → Settings → Security and Login → Where You're Logged In
You'll see a list of devices, browsers, and approximate locations currently logged into your account. Any session you don't recognize — especially in a city or country you've never been to — is a red flag.
Keep in mind that VPN use, mobile data switching, and Facebook's own IP detection can sometimes produce slightly off location readings. Focus on devices or browsers you genuinely don't recognize rather than slightly mismatched cities.
Facebook Has Sent You a Security Alert
Facebook's own systems detect unusual login patterns and will often email or notify you directly. Check your email inbox — including spam — for messages from [email protected]. These alerts are genuine; phishing emails impersonating this address do exist, so always verify by logging in directly through the official app or site rather than clicking email links.
Friends Are Reporting Strange Messages
If people in your network mention receiving odd messages, suspicious links, or unusual friend requests from you, your account is likely being used to spread spam or phishing content — a very common use case for compromised accounts.
How To Conduct a Full Security Check
Facebook has a built-in tool designed exactly for this:
Security Checkup → facebook.com/settings/security
This walks you through:
- Active sessions and logged-in devices
- Login alerts (turning them on if they're off)
- Two-factor authentication status
- Recognized devices
Running through this takes under five minutes and gives you a clear picture of your account's current state.
What Affects How Quickly You Can Recover
Not all hacking situations are equal. The outcome depends on several variables:
| Variable | Lower Risk Scenario | Higher Risk Scenario |
|---|---|---|
| Account recovery options | Verified email + phone number on file | Only one outdated option available |
| Time since compromise | Discovered within hours | Discovered days or weeks later |
| What was changed | Nothing changed yet | Email, phone, and password all changed |
| Two-factor authentication | Already enabled | Not set up |
| Connected apps | Few third-party apps linked | Many apps with broad permissions |
If an attacker has had days to work and has changed your recovery options, regaining access becomes significantly harder. Facebook does have an account recovery flow for locked-out users — including identity verification — but the process can be slow and isn't guaranteed to succeed if your account details have been thoroughly altered.
The Factor That Varies Most: Your Recovery Starting Point
Two people can discover their account was hacked at the same moment and face completely different recovery paths. Someone with two-factor authentication enabled, a verified backup email, and a recently active trusted device has multiple recovery levers available. Someone who set up their account years ago with an email address they no longer have access to may find themselves locked out with limited options.
Your current security setup — what recovery options are active, which devices Facebook recognizes as trusted, and whether login alerts are turned on — determines how much control you retain if something goes wrong. 🔐