How To Tell If Your Facebook Has Been Hacked Right Now

Does Facebook Tell You When You’ve Been Hacked?

Strange activity on your timeline, unrecognized login attempts, or a password that no longer works are some of the telltale signs that your Facebook account has been hacked.

Because Facebook integrates with so many other services, losing access to your account or Facebook page can have significant implications. 

For example, a hacker could use your account to find enough personal data to commit financial crimes, try and get into other linked accounts, or even target your friends, followers, and contacts with phishing scams.

If you’ve been the victim of a Facebook hack, the actions you should take depend on your ability to access your account.

• If you can’t gain access to your Facebook account: Go to facebook.com/hacked while using a device you’ve used to access Facebook in the past. If you don’t have a suitable device, you’ll need to request a password reset. 
• If you can gain access to your Facebook account: Force any unknown devices to log out of your account and then secure it with a new and complex password, two-factor authentication, and updated recovery contact details.

Diagnosing a Facebook account hack quickly is crucial to containing the damage and preventing more serious consequences such as identity theft.

{{show-toc}} 

5 Ways To Tell If Your Facebook Account Has Been Hacked

In many cases, you’ll know immediately that your Facebook account has been hacked when you can’t log in by using your usual password. In other scenarios, Facebook hackers may want to hide their actions by working in the background — without locking you out of your account. 

Here are some of the best ways to find out if your Facebook account has been hacked.

1. Try to log in to your Facebook account

If your Facebook account gets hacked, it’s likely that the hacker will try to lock you out by changing your password, updating your information, and taking other actions to make it harder for you to log in or regain access to your hacked account. In the best case scenario, you’ll be able to regain access before the hacker has time to do too much damage.

• Try your usual Facebook password — if it doesn’t work, perform a reset. Go to the Facebook login page online or in your app, and select “Forgot password?” You’ll be asked to provide your email or phone number to verify your identity.
• If you can’t reset your password, visit facebook.com/hacked on a desktop, iPhone, or Android device that you previously used to log in to Facebook. You can use this resource regardless of whether you’re 100% sure that your account has been compromised.

Note: If your Facebook account has been hacked, your other accounts and contacts could be at risk. Once you discover that an online account has been compromised, change passwords on other sensitive accounts right away — such as your email, online banking, and other social media accounts. 

2. Check for unknown devices that are logged in to your account

If you were able to log in and update your Facebook password, any hackers were probably automatically logged out. However, Facebook shows you all of the devices and locations where your account is logged in, so you can make sure that no one has unauthorized access to your account.

How to check where you’re logged in: Go to Settings > Accounts Center > Password and security. Then, click on Where you’re logged in to view a list of your recent login activity. If there are any devices or locations you don’t recognize as your own, you can tap on the Log out button to lock them out of your account remotely [*].

3. Look for unfamiliar activity – such as posts or friend requests that you didn’t make

One of the most glaring red flags that your Facebook has been compromised is any kind of account activity that you don’t recognize. Friends or family members may reach out to you about strange posts or messages they received from you, which is a telltale sign that a hacker has gained a foothold.

• Look at your Facebook profile for posts and updates that you didn’t make. Review your timeline and any recent posts from the last week or so. This is the quickest way to figure out if someone has made a post from your account without your knowledge.
• Check your sent messages in Facebook Messenger. Facebook doesn’t have a specific folder for sent messages, but you can get an idea of any outgoing message activity by looking at the most recent conversations in your chats list. If there are messages marked as read that you haven’t actually seen, consider this another red flag.
• View your Facebook activity log. Sometimes hackers use your account in ways that aren’t immediately noticeable. Viewing your activity log gives you more detailed information about posts you’ve interacted with (or are tagged in) as well as friend requests you’ve sent. Any action you don’t remember taking yourself is a warning sign to secure your Facebook account.

4. Make sure there aren’t unfamiliar charges from your Facebook account

Facebook hacking is often just the first step of a much darker scheme. In many cases, cybercriminals are after one thing — money. If you have Meta Pay set up, a hacker could make unauthorized purchases from your account. If you’re an active seller on Facebook Marketplace and use it for accepting payments, a hacker might try to drain your funds.

• Check for unauthorized charges on your Meta Pay account. Click on the menu button by your profile picture and go to Orders and payments. From there, you’ll be able to see a list of your recent activity. Any charges that you don’t recognize are immediate cause for concern.
• Report any unauthorized charges to Facebook. You can report unrecognized charges online or by clicking on each individual charge and then tapping on Get Help with this Payment.
• Check payment methods attached to your account. Make sure all of the payment methods listed are cards in your name, and remove any that you don’t recognize. It may be a good idea to temporarily disconnect all payment methods from Meta Pay to ensure the hacker can’t access your funds. Go to accountscenter.facebook.com and tap on Meta Pay.

5. Beware of emails claiming to be from Facebook

Scammers sometimes send emails that look like they’re from Facebook, warning you to secure your account or claiming that you’re at risk of being banned. If you receive an email of this nature, it doesn’t necessarily mean your account has been compromised. However, if you give up any personal details or click on included links, you could put yourself at risk of being hacked.

Before engaging with any email claiming to be from Facebook, make sure you look for these warning signs:

• The email isn’t from an official Facebook domain. Anyone can change their “From” name to look like they’re a Facebook representative; but if the sender’s email address doesn’t come from an official Facebook domain, the email is likely a scam and should be ignored.
• The email has errors or is phrased strangely. Unnatural phrasing along with spelling and grammatical errors are hallmarks of spam emails. Remember that any communication coming from an official Facebook email is proofread before it’s sent out to customers.
• The link takes you to a suspicious URL. You can review any URL in an email by hovering over it on a desktop. If the link is excessively long and takes you somewhere that doesn’t begin with facebook.com, it’s best to assume that it’ll lead to a fake website. Avoid any links you’re unsure about, as they sometimes contain malware that will be automatically downloaded to your device if you click.

What To Do If Your Facebook Account Was Hacked

If your Facebook was compromised, Facebook has built-in mechanisms that can help you secure your account. Take these steps immediately to minimize the damage:

• Use Facebook’s account Security Checkup tool. This will walk you through all the basic steps of securing a compromised account — including changing your password, turning on two-factor authentication (2FA), and enabling login notifications. Go here to get started.
• Set up a secure recovery email address. An account recovery email address can help you regain access to your account or reset your password in the event that you’ve been hacked. You can add or remove email addresses from your account by following these steps. Make sure that any new recovery email address that you add has its own unique password.
• Report the hack to Facebook. Visit facebook.com/hacked on a device you’ve used before to log in to Facebook. This is the quickest way to let Facebook know what’s going on and initiate steps to secure your account.
• Look for suspicious activity on any connected accounts. If you use Facebook to log in to other online services, there’s a chance those accounts could have been compromised as well. Look out for suspicious activity, like updated settings (that you didn’t change) and unrecognized purchases. It’s also a good idea to disconnect these accounts from your Facebook account — always create a unique login for every service you sign up for.
• Contact any friends who were targeted by the hacker. If a hacker used your Facebook account to target others on your friends list, it’s a good idea to reach out to all your contacts after you’ve regained access to your account and let them know the messages weren’t actually from you. Alternatively, you can make a post on your timeline letting everyone know your account was compromised and to ignore any strange interactions from you.

📚 Related: How To Recover a Hacked Facebook Account (Step-by-Step) →

How To Secure Your Facebook Account Against Hackers

A hacked Facebook account can lead to serious damage to your online reputation. Depending on how much you integrate your account with other online services, your identity could also be at risk. 

Here are a few security measures you can take to safeguard your account:

• Use a strong and unique password for your account. Create a strong password that’s at least 8-16 characters long, with a mix of uppercase and lowercase letters, numbers, and symbols. The password you use for Facebook and each of your other online services should be unique — avoid reusing passwords across accounts, as this can make it easier for hackers to target you.
• Enable two-factor authentication. Two-factor authentication (2FA) adds an extra layer of security that can make it much more difficult for hackers to break into your account. Follow these steps to enable 2FA. 
• Turn on alerts for unrecognized logins. Login alerts notify you when your Facebook account has been logged in from a new device or browser. The alert will let you know the location and device of the unrecognized login so that you can quickly change your password if the person who logged in wasn’t you. Follow these steps to enable login alerts.
• Tighten your Facebook privacy settings. Hackers use any bit of information they can find about you online to try and convince you to give up your login details. To adjust to whom your posts are visible, how people can find and contact you, and other permissions, go to Settings & privacy > Settings > Audience and visibility.
• Never click on suspicious links — even if they’re sent to you from Facebook friends you know. Always be wary of links on posts and in Messenger. Even if a link is sent from an account of one of your friends, you don’t know if that account has been compromised.
• Monitor your passwords for data breaches. Security breaches like Facebook’s recent 2FA data leak [*] could potentially put your account at risk. It’s a good idea to do occasional scans on the password associated with your Facebook account by using Aura’s free leaked password checker — and update your password if it’s appeared in a breach. This rule goes for your other online passwords, as well.
• Use a VPN or Safe Browsing tools to prevent hacking and phishing attacks. Aura provides a virtual private network (VPN) that protects your sensitive information from being intercepted on public Wi-Fi networks, along with Safe Browsing tools that can block or warn you of fake websites before you enter your login credentials.

Aura is an all-in-one cybersecurity solution that can help protect your digital identity, prevent hacking, and warn you if any of your credentials — including your Facebook details — have been leaked.

Every Aura plan comes with Dark Web monitoring, a secure password manager with data breach alerts, and a VPN and Safe Browsing tools for all of your devices. If you do find yourself the victim of a social media hack, you’ll have access to 24/7 U.S.-based support to help you resolve the issue.