How to Recover a Hacked Facebook Account (Step-by-Step Recovery Guide)

by

Last updated on April 30th, 2026 at 04:34 pm

If your Facebook account has been hacked, go to facebook.com/hacked immediately. This is Meta’s official recovery page, and it walks you through identifying the problem and regaining access. If the hacker changed your email and password, you can still recover your account using your phone number, trusted contacts, or government ID verification.

Time matters. The sooner you act, the easier recovery is. Here is exactly what to do.

How To Recover A Hacked Facebook Account
Contents show

Quick Reference: Facebook Account Recovery Steps

Situation What to Do Recovery Tool
You can still log in Change password immediately + review security facebook.com/settings > Security
Locked out but email is unchanged Use “Forgot Password” with your email facebook.com/login/identify
Email and password both changed by hacker Use phone number recovery facebook.com/hacked
No access to email or phone Use trusted contacts or ID verification facebook.com/hacked
Account deleted by hacker Request reactivation within 30 days facebook.com/login/identify

 

Step 1: Go to facebook.com/hacked

This is Meta’s dedicated recovery page for compromised accounts. It should be your first stop regardless of your situation.

 

What happens when you visit this page:

  1. Facebook asks you to identify the problem — select the option that best describes your situation
  2. You may be asked to log in (if you still can) or to identify your account using your email, phone number, or name
  3. Facebook runs a security check and guides you through the recovery process specific to your situation

 

If you can still access your account (hacker has not locked you out yet):

 

This is the best-case scenario. Act immediately:

  1. Go to Settings > Security and Login (or Settings > Accounts Centre > Password and Security)
  2. Under Where You’re Logged In, review all active sessions
  3. Click Log Out of All Sessions to force the hacker out
  4. Immediately change your password to something completely new
  5. Enable two-factor authentication

 

Step 2: Reset Your Password

If the hacker changed your password and you are locked out, reset it.

 

How to reset:

  1. Go to facebook.com/login/identify
  2. Enter the email address or phone number associated with your account
  3. Facebook will show you the account it finds — confirm it is yours
  4. Choose how you want to receive a recovery code:
    • Email — A code is sent to your registered email
    • SMS — A code is sent to your phone number
    • WhatsApp — In some regions, Facebook can send the code via WhatsApp
  5. Enter the recovery code
  6. Create a new, strong password
  7. Log in with your new password

 

If the hacker changed your email:

If you no longer receive emails from Facebook because the hacker changed your account email, try the phone number option instead. If both email and phone were changed, proceed to Step 3.

 

Step 3: Recover Access When Email and Phone Were Changed

This is the most common situation with serious hacks — the attacker changes both the email and phone number to lock you out completely.

 

Method 1: Check your email for the “change” notification

When someone changes the email address on your Facebook account, Meta sends a notification to the original email with a link to reverse the change. Check your inbox (and spam folder) for an email with the subject line “Did you change your email?” or similar. If you find it, click the link to revert the change.

 

Method 2: Use trusted contacts

If you set up Trusted Contacts before being hacked:

  1. Go to facebook.com/login/identify
  2. Enter your name or old email to find your account
  3. Select No longer have access to these?
  4. Follow the prompts to use your Trusted Contacts
  5. Contact your trusted friends and ask them to visit facebook.com/recover to get a recovery code for you
  6. Each friend receives a unique code — collect the required number of codes
  7. Enter the codes on Facebook’s recovery page to regain access

 

Method 3: Government ID verification

If you have no access to your email, phone, or trusted contacts:

  1. Go to facebook.com/hacked or facebook.com/login/identify
  2. Follow the prompts until you reach the option to verify your identity
  3. Upload a clear photo of your government-issued ID (passport, driving licence, national ID card)
  4. Submit and wait — Facebook’s team reviews ID submissions and it can take anywhere from a few hours to several days
  5. If approved, Facebook will send recovery instructions to a new email address you provide

 

Step 4: Secure Your Account After Recovery

Once you have access again, immediately lock down your account to prevent re-compromise.

Essential security steps:

  1. Change your password — Use a strong, unique password that you do not use on any other site. A combination of upper and lower case letters, numbers, and symbols, at least 12 characters long.
  2. Enable two-factor authentication — Go to Settings > Security and Login > Two-Factor Authentication. Choose an authenticator app (Google Authenticator, Authy, or Microsoft Authenticator) rather than SMS, as SMS can be intercepted through SIM swapping.
  3. Review and remove unrecognised devices — In Settings > Security and Login > Where You’re Logged In, log out of all sessions you do not recognise.
  4. Check your email address and phone number — In Settings > Personal Information, verify that your email and phone number are correct and belong to you.
  5. Review connected apps — In Settings > Apps and Websites, remove any apps you do not recognise. Hackers sometimes connect malicious apps to maintain access.
  6. Check for sent messages — Review your Messenger sent messages. Hackers often send phishing links or scam messages to your friends while they have access. Warn your contacts if any suspicious messages were sent.
  7. Review your timeline — Check for posts made by the hacker. Delete any spam, phishing links, or inappropriate content they may have posted.
  8. Update your login email password — If you use the same password for your email as you did for Facebook (or a similar one), change your email password too. The hacker may have accessed your email first to compromise your Facebook.

 

Step 5: Report the Hack to Facebook

Even after recovering your account, report the incident.

How to report:

  1. Go to Settings > Security and Login
  2. Look for Get Help or use the Help Centre
  3. Report that your account was compromised
  4. Facebook may flag the hacker’s IP addresses and devices to prevent future attacks on your account and others

Alternatively, visit the Facebook Help Centre (facebook.com/help) and search for “hacked account” to find reporting forms.

 

What to Do If You Cannot Recover Your Account

If all recovery methods have been exhausted and you still cannot access your account:

Document everything:

  • Screenshot the hacked account’s profile showing any changes the hacker made
  • Save any emails from Facebook regarding account changes
  • Note the date and time you lost access
  • Keep records of all recovery attempts

 

Contact Facebook support directly:

If you have a Facebook Page, business account, or ad account linked to the hacked profile, you may have access to additional support channels through Meta Business Help Centre (business.facebook.com/help).

 

Report to authorities:

In some countries, hacking a social media account is a criminal offence. You can report it to your local law enforcement. In the UK, report it to Action Fraud (actionfraud.police.uk). In the US, report it to the FBI’s Internet Crime Complaint Center (ic3.gov).

 

Create a new account as a last resort:

If you cannot recover the hacked account after exhausting all options, you may need to create a new Facebook account. Report the old hacked account as “impersonating” you or as “compromised” so Facebook can review and potentially disable it.

 

How Facebook Accounts Get Hacked (and How to Prevent It)

Understanding common attack methods helps you prevent future hacks.

Phishing: The most common method. You receive a fake email, message, or link that looks like it is from Facebook. You enter your login details on a fake page, and the attacker captures them. Prevention: Never click links in emails claiming to be from Facebook. Always go directly to facebook.com by typing it in your browser.

Password reuse: If you use the same password on Facebook and another site, and that other site gets breached, attackers try your credentials on Facebook. Prevention: Use a unique password for every site. A password manager makes this manageable.

SIM swapping: Attackers convince your mobile carrier to transfer your phone number to their SIM card, intercepting your SMS-based two-factor authentication codes. Prevention: Use an authenticator app instead of SMS for two-factor authentication.

Malware and keyloggers: Software installed on your device that records your keystrokes and sends your passwords to attackers. Prevention: Keep your operating system and browser updated, use antivirus software, and do not download software from untrusted sources.

Session hijacking on public Wi-Fi: Attackers on the same public network intercept your login session. Prevention: Avoid logging into Facebook on public Wi-Fi without a VPN.

Third-party app permissions: Malicious apps connected to your Facebook account can access your data and potentially compromise your account. Prevention: Regularly review and remove connected apps in Settings > Apps and Websites.

 

Frequently Asked Questions

How long does it take to recover a hacked Facebook account?

Recovery time varies. If you can reset your password through email or phone, recovery takes minutes. ID verification reviews can take anywhere from a few hours to several days. In complex cases where all contact methods were changed, full recovery may take one to two weeks.

Can I recover my Facebook account if the hacker changed the email and phone number?

Yes. Check your original email for a “Did you change your email?” notification from Facebook — it contains a reversal link. If that does not work, try Trusted Contacts or government ID verification through facebook.com/hacked.

Does Facebook have a phone number I can call for hacked accounts?

No. Facebook does not offer phone support for hacked accounts. All recovery is handled through their online tools at facebook.com/hacked and facebook.com/login/identify.

Will Facebook help me if my account was hacked?

Yes. Facebook has automated recovery tools and an ID verification process for compromised accounts. Visit facebook.com/hacked to start the process. Response times vary, but Facebook does process these requests.

Can a hacker permanently delete my Facebook account?

A hacker can deactivate your account, but permanent deletion takes 30 days. If you recover access within 30 days of the hacker requesting deletion, you can cancel the deletion and restore your account.

What happens to my photos and messages when my account is hacked?

Your photos, posts, and messages remain on Facebook’s servers unless the hacker explicitly deletes them. Once you recover access, most content should still be there. If the hacker posted or deleted content, you may need to reverse those changes manually.

Should I tell my friends my account was hacked?

Yes. Hackers frequently send phishing links or scam messages to your friends from your compromised account. Warn your contacts through other channels (phone, WhatsApp, email) that any recent messages from your Facebook may be fraudulent and not to click any links.

How do I prevent my Facebook account from being hacked again?

Enable two-factor authentication using an authenticator app, use a strong unique password, review connected third-party apps regularly, never click suspicious links, and periodically check your active login sessions in Settings > Security and Login.

 

Summary

If your Facebook account is hacked, go to facebook.com/hacked immediately. Try resetting your password through your email or phone number first. If those were changed by the hacker, check your original email for a reversal link, use Trusted Contacts, or submit a government ID for verification.

After recovering access, change your password, enable two-factor authentication with an authenticator app, log out all unrecognised sessions, and review connected apps and sent messages. The faster you act, the easier recovery is — hackers who have been in your account for days cause significantly more damage than those caught within hours.

Also Read:

Was this guide helpful?

Harrison Acha is a Performance Marketing Specialist and the founder of Primegate Digital. He previously worked at Meta as a Senior Account Manager, where he managed over $5 million in ad spend across global campaigns. Harrison holds an Advanced Professional Certificate in Marketing Management from London Business School and a BSc in Biochemistry. He is Meta-certified in Media Buying, Performance Marketing, and Lead Training, and holds Google Ads and Analytics certifications. His work has been featured on Yahoo Finance, Nexcess, and CBNation. With over 1,000 published guides trusted by millions of readers, Harrison writes from hands-on experience managing paid media across Meta, Google Ads, and TikTok for e-commerce brands. Follow me on LinkedIn, Twitter and Facebook.

Primegate Digital publishes practical, step-by-step guides on social media, SEO, and digital marketing — trusted by millions of readers worldwide.

 

Quick Links

Home
About Us
 
Contact
Blog

Our Latest Blog

Contact Details

Based in the United Kingdom.
Call Us: .
Email Us: [email protected]