The Facebook Security Crisis

As one of the first social media sites, Facebook has built a massive following since its start as a university-only website in 2004. Somewhere between 3 billion to 3.5 billion users log in each month globally. With that many users, it's unsurprising that criminals are keen to hijack legitimate accounts to commit all kinds of crimes.

For example, Facebook login details were recently discovered in one of the largest data breaches in history with 16 billion credentials exposed. If your account – personal or business – is one of the unlucky ones, then this guide is for you.

Key Information You Need Right Away

- If you suspect your account has been breached, you should look to secure your login, change your credentials, and set up Two Factor Authentication.
- If you need to recover your account, then you'll likely have to share some form of official ID with Facebook to verify your identity.
- It can be easier to recover your Facebook account if you do so from a device or Wi-Fi network you've used before.
- We're going to show you how to escalate issues like stolen or compromised accounts to Meta, Facebook's parent company, how to protect your data, and how to use tools like those available from ESET to add layers of extra protection and prevention.

How to Know If Your Account Has Been Hacked

There are some clear red flags that your Facebook account has been compromised:

Obvious Warning Signs

- You suddenly find you have been logged out of your account on every device you usually use to access it
- Your profile suddenly changes to a new name or profile picture
- Your email account or mobile number in your About page changes
- You're unable to reset or change your password via email or SMS
- Posts or messages you didn't write start appearing
- Friends tell you your account is sending them suspicious-looking links

Check Your Login Activity

Go to your profile image in the top right corner of your Facebook home page, select Settings & privacy, then Settings, then the Activity log, and check the "Where you're logged in" menu. If your account is logged in from more locations than you'd expect – and more far-flung locations at that – then you may be looking at signs of a compromised Facebook account.

Further Signs Your Account May Be Compromised

- If you already have two-factor authentication enabled and your chosen 2FA method is not working, that's a worry. You can use a passcode and authentication app like ESET Secure Authenticator or Google Authenticator.
- You've received an email or a message via Facebook saying someone is trying to, or has successfully logged in, and it isn't you.
- You get an email from Facebook telling you an email address or mobile number has been added or removed from your account – or that your password was changed, and you didn't change it.

Why Would Someone Want to Steal Your Account?

It's not for your collection of cute kitten pictures, unfortunately. Once they've gained access to your Facebook account, attackers may:

- Send malicious phishing messages to your contacts
- Post suspect investments or cryptocurrency scams on message boards
- Use your account to impersonate business Pages or Ad accounts for more sophisticated frauds
- Steal your photos and messages
- Sell the whole account to a bot farm as a compromised account

How to Recover Your Account

Absolutely – but you need to act fast. Meta has automated tools to support account recovery in situations like this, but while it's possible to recover an account in minutes, be prepared to wait between seven and 10 days to regain control.

If You're Still Logged Into Your Hacked Account

  1. Open a browser and go to facebook.com/hacked
  2. Select the correct answer for the question asked – "Someone got into my account without my permission..."
  3. Follow the wizard to reset your account password
  4. Enable one or more two-factor authentication (2FA) methods
  5. Remove any unknown devices or sessions
  6. Review apps and integrations through Settings & Privacy menu

If You're Logged Out – Basic Recovery

  1. Go to facebook.com/login/identify
  2. Enter any email address, phone number or name associated with your account
  3. Follow Meta's photo ID prompts to prove your identity
  4. Go to facebook.com/hacked and repeat the steps above

If You've Lost Access to Phone and Email

  1. Go to facebook.com/hacked
  2. Select "My login info was changed"
  3. Supply any previous email, phone number or name you have used, or name people on your friend list

If Email, Phone, and Password Were Changed

This is worst-case, but don't despair. Go to facebook.com/hacked, select "I think someone else is using my account", complete the automated recovery, or submit an ID verification if that fails.

If You Have a Facebook Business Account

There's a slightly different 'help' process if you manage Advertising for a Facebook account, or if you help run a Facebook Business account. Go to business.facebook.com/help and follow the steps there to recover your account.

If Nothing Else Works

If you have an Instagram account and have linked it to your Facebook account, there is an alternative recovery path. It's also worth messaging or tagging Meta and Facebook's other social media accounts and asking for assistance.

Once You've Recovered Your Account

To avoid a repeat it's worth taking the time to lock your account down:

- Enable 2FA, preferably with an authentication app on a mobile device
- Set a complex password, ideally using a browser-based password manager app to generate and store it
- Consider changing your password regularly - Don't click on links in emails or on web pages; instead, type the address into the browser bar
- Avoid logging in on shared devices like a public computer
- Be cautious of public Wi-Fi: A paid for VPN service is advisable if you must use public Wi-Fi

How ESET Enhances Protection Following a Facebook Hack

Even cautious users can overlook phishing traps. ESET adds a safety net with:

- Anti-Phishing & Link Scanner: Warns or blocks spoofed login pages before you visit them
- Secure browsing mode: Ideal when recovering accounts or handling sensitive actions
- Malware & remote access protection: Blocks spyware or rogue tools scammers deploy
- Email threat detection: Flags suspicious messages pretending to be from Facebook
- Identity Protection: Proactively scanning the dark web for data breaches and leaked personal information

Together, these tools reinforce your recovery and help prevent future account takeovers - so even if a scam link hits your inbox, it's stopped before you click.

Expert Insights

As the value of individual social media profiles – especially well-connected accounts with large followings or specialized content – has skyrocketed, so has the interest of cybercriminals in them. With billions of users, global social media platforms like Facebook, X, Instagram, and TikTok have inevitably become prime targets.

Attackers have evolved far beyond simply posting spam or sharing malicious links on victims' profiles; today, hijacked influencer accounts are often silently leveraged to spread large-scale scam campaigns, or they're sold for further misuse.

What remains constant, however, is that most account takeovers start with manipulation of the victim into performing a harmful action – such as clicking on a malicious link, giving up their password, or downgrading the security of their profile. That's why it's crucial for users to remain vigilant: keep profiles private, use strong and unique passwords, enable two-factor authentication or passkeys, and maintain good cyber hygiene.

— Ondrej Kubovič, Security Awareness Specialist

TL;DR

- With 3-3.5 billion users, Facebook is a prime target for account takeovers via phishing, credential stuffing, and social engineering
- Warning signs include unexpected logouts, profile changes, suspicious login locations, and unauthorized posts or messages
- Recovery options exist even in worst-case scenarios (changed email/phone/password) through facebook.com/hacked and ID verification
- Prevention requires 2FA (preferably app-based), strong unique passwords, regular security audits, and caution with public Wi-Fi and shared devices
- ESET protection adds crucial layers including anti-phishing, link scanning, malware blocking, and dark web monitoring for leaked credentials

Source: ESET Blog: What to do if your Facebook account is hacked