How to Regain Access to a Hacked Facebook Account

Signs Your Facebook Account Has Been Compromised

Account hijackings rarely announce themselves. Hackers prefer to move quietly, siphoning access before you can respond. Watch for these red flags:

• You receive an email from Meta saying your password or email address changed — but you didn't change it.
• Friends report receiving strange messages or money requests from your profile.
• You notice posts, ads, or friend requests you didn't make.
• You're suddenly logged out of Facebook on all your devices.
• Your profile name, photo, or birthday has changed without your input.

Any single one of these warrants immediate action. The faster you respond, the better your chances of containing the damage before the attacker locks you out entirely.

If You Still Have Access: Act Within Minutes

Many hacks begin with just the password being changed. If you can still log in, you have a narrow window to secure your account before the attacker escalates.

1. Change your password immediately. Go to Settings & Privacy > Settings > Accounts Center > Password and Security > Change Password. Check the box to log out of all other sessions when you save the new password.
2. Enable two-factor authentication (2FA). Go to Password and Security > Two-Factor Authentication and set up an authenticator app (not SMS, which can be SIM-swapped). This is the single most effective step you can take.
3. Review active sessions. Under Password and Security > Where You're Logged In, terminate every session you don't recognize. Hackers often remain logged in after being locked out of your password.
4. Check connected apps. Under Settings > Apps and Websites, revoke access to any third-party app you don't recognize or actively use.
5. Secure your email account. Hackers frequently access Facebook by first compromising the linked email. Change that password too, and look for forwarding rules that redirect copies of your messages to an unknown address.

Locked Out? How to Restore a Hacked Facebook Account

If the hacker has already changed your email address and phone number, the standard "Forgot Password" flow won't work — the recovery codes go to accounts you no longer control. Facebook's dedicated recovery page is the starting point.

Go to facebook.com/hacked and follow the guided steps. Facebook will attempt to verify your identity through one of several methods:

• Trusted contacts — friends you previously designated as account recovery contacts.
• Trusted device — a phone or computer where you were previously logged in and Facebook recognizes.
• Government-issued ID — a passport, national ID, or driver's license. This is Facebook's most reliable path when other options are exhausted. Upload a photo clearly showing your name, which must match the name on the account.

Facebook states that identity reviews typically take 1–3 business days, though in practice it often takes longer. Keep checking the email address you submit with the ID for Meta's response.

When Facebook's Own Process Fails

Here is the uncomfortable reality: a large share of compromised account recovery requests are rejected or simply never answered by Meta. Automated moderation systems handle most cases, and there is no standard way to reach a human reviewer through official support channels.

This is where the legal framework available to EU residents becomes relevant. Under the Digital Services Act (DSA), platforms operating in the EU must provide effective redress mechanisms and allow users to challenge account restrictions with a clear, human-reviewed process. Under GDPR Article 17 and related provisions, you have demonstrable rights over your personal data and the systems that manage it.

Invoking these rights through a formal legal argument — rather than a standard appeal — puts your case on a different track. Platforms must respond, and they must provide reasoning. This is the method professional recovery services use to reach real human reviewers inside Meta, rather than waiting for an automated decision.

Professional Recovery: When to Consider It

Self-service recovery is always worth attempting first. But if you've been through Facebook's official flow and hit a dead end, or if weeks have passed without a resolution, professional help is the next practical step.

Recover specializes in Facebook account restoration for exactly these situations. The service uses legal arguments grounded in GDPR and the DSA to escalate your case to actual people at Meta — not automated systems. No password is ever required. The process is entirely handled by a legal team on your behalf.

A few key facts worth knowing before deciding:

• 97% success rate across all cases handled.
• 96% of cases resolved within 30 days, with some completed in as few as 10 days.
• Full money-back guarantee if recovery is unsuccessful.
• A Pay After Recovery option is available: a €19 verification deposit covers the initial assessment, and the full fee is only charged after successful restoration.
• Cases submitted more than 80 days after the account was compromised carry a reduced 50% refund guarantee, as recovery becomes progressively harder over time. Act sooner rather than later.

If you've lost access to a personal profile, pricing starts at €290. Business and large-reach accounts have different tiers — see the full pricing breakdown for details.

For context, if you've also lost access to an Instagram account linked to your Facebook login, that's a separate but related case — see our guide on recovering a disabled Instagram account for that process.

How Long Does Recovery Actually Take?

There is no single answer. The timeline depends on what the hacker changed, how long ago the compromise happened, and whether you can provide strong identity verification.

Scenario	Typical Timeline	Notes
Password changed only, you still have access	Immediate	Change password, enable 2FA — done
Email changed, using facebook.com/hacked	1–14 days	Depends on ID review speed
Fully locked out, all credentials changed	2–6 weeks (self-service)	High rate of rejection via automated review
Professional recovery via legal escalation	10–30 days	97% success rate, money-back guarantee

Preventing Future Account Hijackings

Once you're back in, the priority is making sure this doesn't happen again. Hackers who targeted you once may try again, especially if the compromise came through phishing.

• Use a unique, strong password for Facebook — not one shared with any other account. A password manager makes this practical.
• Enable 2FA with an authenticator app, not SMS. SIM-swapping attacks can intercept text message codes.
• Designate trusted contacts in your security settings — these friends can help you unlock your account without going through full identity verification.
• Be skeptical of login prompts in emails, DMs, or ads. Always navigate to Facebook directly rather than clicking links.
• Check "Where You're Logged In" periodically and remove sessions you don't recognize.
• Audit connected apps every few months. Compromised third-party apps are a common vector for account takeovers.

Sources

1. Facebook Help Center — Recover your account if it was hacked
2. Meta — What to do if your account has been hacked
3. Digital Services Act (DSA) — EU Regulation 2022/2065
4. General Data Protection Regulation (GDPR) — EU Regulation 2016/679