Contents
Having your Facebook account hacked is a distressing experience, and unfortunately it’s increasingly common among UK users. In 2025, Action Fraud reported a 37% increase in social media account compromises compared to the previous year. This guide provides a clear, step-by-step process for recovering your hacked Facebook account and securing it against future attacks.
Signs Your Facebook Account Has Been Hacked
Hackers don’t always make their presence obvious. Watch for these warning signs that your account may be compromised:
Email alerts you didn’t trigger. If you receive emails from Facebook about password changes, new login locations, or added email addresses that you didn’t initiate, your account may be compromised. Always verify these emails come from facebookmail.com — phishing emails often use similar-looking addresses.
Posts or messages you didn’t send. Friends telling you about strange messages or posts from your account is a clear sign of unauthorised access. Hackers often send phishing links to your friends list or post spam content.
Changed account information. If your name, profile picture, birthday, or email address has been changed without your knowledge, someone else has access to your account settings.
Unrecognised login activity. Check your login history at Settings → Security and Login → Where You’re Logged In. Look for unfamiliar devices, browsers, or locations — particularly logins from other countries.
Two-factor authentication disabled. If you had 2FA enabled and it’s been turned off, or if a new authentication method has been added, treat this as a confirmed compromise.
Immediate Steps to Take
Time is critical when your account is hacked. Take these steps as quickly as possible:
Step 1: Change your password immediately. If you can still log in, go to Settings → Security and Login → Change Password. Choose a strong, unique password at least 12 characters long that you haven’t used anywhere else. If the hacker hasn’t changed your password yet, this single step can lock them out.
Step 2: Log out all other sessions. In Settings → Security and Login → Where You’re Logged In, click “Log Out of All Sessions.” This forces every device — including the hacker’s — to re-authenticate.
Step 3: Enable two-factor authentication. Go to Settings → Security and Login → Two-Factor Authentication and enable it immediately. Use an authenticator app (like Google Authenticator or Authy) rather than SMS, as SMS can be intercepted through SIM-swapping attacks.
Step 4: Review connected apps. Go to Settings → Apps and Websites and remove any apps or websites you don’t recognise. Compromised third-party apps are a common entry point for hackers.
Step 5: Check your email account. If the hacker accessed your Facebook through a compromised email, they may still have access to your email. Change your email password too, and enable 2FA on your email account.
Account Recovery Process
If you can no longer log into your Facebook account, follow this recovery process:
Visit facebook.com/hacked. This is Facebook’s dedicated account recovery page. Click “My Account Is Compromised” and enter your email address, phone number, username, or full name to find your account.
Verify your identity. Facebook will ask you to enter your current or a previous password. If you know your old password (before the hacker changed it), enter it here — Facebook keeps a history and will accept recent passwords.
Secure your account. Once verified, Facebook will guide you through securing your account: changing your password, reviewing recent activity, and enabling additional security features.
If the standard recovery process doesn’t work, try facebook.com/login/identify to locate your account and receive recovery codes via email or SMS.
If You’re Completely Locked Out
If the hacker has changed your email, phone number, and password, standard recovery won’t work. Here are your remaining options:
Trusted Contacts recovery: If you previously set up Trusted Contacts, visit facebook.com/login/identify and select “No longer have access to these?” Facebook will allow your designated trusted contacts to send you recovery codes.
ID Verification: Facebook may ask you to upload a government-issued photo ID (passport, driving licence) to verify your identity. This process typically takes 1–5 business days.
Recovery through a friend’s account: Visit your profile through a friend’s account, click the three dots (···) on your profile, select “Find Support or Report Profile,” and choose “Something Else” → “Recover this account.”
ID Verification Process
If Facebook requests ID verification, they accept the following UK documents: UK passport, UK driving licence (full or provisional), national identity card, or other government-issued photo ID. Upload a clear, colour photo or scan showing your full name and photo. Facebook’s ID verification team typically processes these within 1–5 business days.
Important: Facebook states that your ID is encrypted, stored securely, and deleted within 30 days of submission. If you’re uncomfortable submitting ID, this may be your only option if you’re fully locked out.
After Recovery — Securing Your Account
Once you’ve recovered access, take these steps to prevent future compromises:
Enable two-factor authentication using an authenticator app. Set up 3–5 Trusted Contacts who can help you regain access. Review and remove unrecognised devices from your login history. Update your email password and enable 2FA on your email. Set up login alerts for unrecognised devices. Review your privacy settings and limit who can see your personal information. Remove any third-party apps you don’t actively use.
Reporting to UK Authorities
If your hacked account was used to commit fraud, impersonate you, or scam your contacts, report it to the appropriate UK authorities:
Action Fraud: The UK’s national reporting centre for fraud and cybercrime. Report online at actionfraud.police.uk or call 0300 123 2040.
Information Commissioner’s Office (ICO): If you believe your personal data has been misused, you can report this to the ICO at ico.org.uk.
Your bank: If the hacker accessed any financial information or made purchases through your account, contact your bank immediately to flag potential fraud.
Frequently Asked Questions
How long does Facebook account recovery take?
If you can verify your identity through email or phone, recovery can be instant. ID verification typically takes 1–5 business days. Complex cases involving disputed ownership can take 2–4 weeks.
Can I recover a hacked account without ID?
Yes, if you still have access to your registered email or phone number, or if you set up Trusted Contacts before the hack. Without any of these, ID verification may be required.
Should I create a new account?
Creating a new account should be a last resort. Facebook’s terms allow only one personal account per person, and creating a duplicate could result in both accounts being disabled. Exhaust all recovery options first.