Recently, a Facebook security breach resulted in millions of personal accounts and business pages falling into the hands of hackers. The outcome ranged from modifications to business page roles (admin, editor, moderator, manager, etc) to login changes on personal accounts. The most frustrating part is Facebook has no customer service. Making it feel like a helpless situation to get control of an account after a Facebook hack. But you still can! Here are ways we have found to work for our clients to resolve personal accounts and business page hacks with the help of Facebook. (Also find out how to spot a fake Facebook account).
How to Know if Your FB Account or Page was Hacked
Unable to Login: If using current password and pop ups say “old password used” or “password changed # hours ago” could mean a hacker locked you out. Other clues of a hack is different login icon profile picture or unfamiliar recovery email when trying to “reset password.”.
Facebook Email Alerts: If you receive Facebook email alerts of “password change,” “new device used,” or “ you have been removed from admin.”
Page Roles Changed/Deleted: If unknown account(s) show up in “Page Roles” without permission or business page roles have been switched and/or deleted.
Content Change: If unknown posts appear on Facebook feed or business page.
Personal/Business Information: If unauthorized changes to profile pictures and information.
Messages to Friends/Followers: If friends and followers receive messages that were not sent by you.
Facebook Personal Account Hacks
Can’t Login Fix:
If the hacker has changed your password, here are steps to get your account back.
Start Here: Report Compromised Account and click “My Account is Compromised.”
Enter email or phone number to FB account, click “search” and then enter “current or old password.”
When it says “You Entered an Old Password,” press “Secure My Account.”
In the next box, it is going to ask if you want to reset your password by sending a code via email. If it is the correct email click “Continue.”
Grab the code from your inbox and paste in “Enter Security Code.” After the code goes through, you will be able to create a new password. Once in your account, add security. (Learn how below)
However, if the email is wrong (old email or changed by the hacker) click “no longer have access to these” at the bottom of “Reset Your Password” box. If that is the case, Facebook will require you to summit a new email address and upload a government issued ID to prove your identity. (Facebook IDs Accepted). After submitting ID, you will receive a pop up saying, “We’ll take a look at your documents and let you know as soon as we’ve processed your request.” Facebook will respond 24 to 48 hours. Then follow any instructions in email.
What Happens to My ID?
Once identity is confirmed, Facebook deletes the ID picture. If worried, block personal information except for your name, picture, and birth date.
Hacker Using Your Account Fix
Hackers may not change login but simply start messaging friends, changing personal information, or posting on your account. If this is the case, then go to Report Compromised Account and click “My Account is Compormised.”
Put in your email or phone number associated with account and click “search.”
Type in your password and click “continue.”
Then select why you think your account has been hacked and click “continue.”
Last step is to secure your account. Press “Get Started” at the next box and Facebook will take you through changing your password, privacy settings, devices used, and adding extra security.
Fix Busines Page Account
If you are removed from admin without permission, then here is a couple ways to report the issue and solve it.
First, most likely if you were removed from admin then Facebook will send an email that says “You have been removed from Admin.”
When that shows up click on “let us know” at the end of “If you think your account has been hacked.”
Then follow the steps and report the hack.
However if you do not receive an email but have been removed from Admin then you can still report it.
- File a Report with Facebook. This link will take you to “I have an Issue Accessing My Page.” Select the page you were removed from. Facebook will respond between 24 and 48 hours after your submit your case.
- Then follow the steps in the email from @support.facebook.com. You may need to provide notarized documentation – proof of identity, affiliation with business, etc.
- Screenshot or keep track of all the false users on account to be able to block them from personal account and business page.
- A copy of a valid government-issued photo ID, such as a current driver’s license or a passport, of the individual signing the statement. You can find the different kinds of IDs we accept in the Help Center: https://www.facebook.com/help/159096464162185?ref=cr
- A notarized and signed statement from a person with sufficient knowledge and authority over this matter that includes all of the following:
a) A description of your relationship to the Page (including your authority to request a change in the person(s) who manage the Page, as applicable);
b) The name of the current person(s) who manage the Page, as applicable;
c) The relationship of the above person(s) to the Page;
d) An explanation of your request, and whether there has been a termination of the employment and/or business relationship with the named person(s), as applicable;
e) All documentation supporting your request
f) The Facebook account or email address associated with the Facebook account that you wish to have added as the new admin of the Page; and
g) A declaration under penalty of perjury that the information you have provided is true and accurate (your statement must include this language).
What if my Facebook Page Role is Just Changed
This is a more difficult to solve because Facebook won’t send you an email and you won’t be able to report it yet to “I have an issue accessing my page.” This is a way for a hacker to make it difficult to get Facebooks attention and get back your page. But there is a way we have discovered to help.
Go to business page, click on “settings” and then click “page roles” on the left side. Then click “edit” on your page role. And actually “remove” yourself. Then go to “I Have an Issue Accessing My Page.” and the page should now pop up as a page. Select that page and report it to Facebook. Facebook will respond in 24 to 48 hours. When they respond, follow the directions in the email.
How to Avoid a Facebook Hack
There are important measures you can take within your personal Facebook settings that you can take to avoid getting hacked again or in the future. Navigate to your account settings by hitting the down arrow at the top right of Facebook and click “Settings.” Here you’ll want to access the following sections:
(These can be highlighted with a screenshot)
Security and Login
Apps and Websites
Confirm all of your information is correct, add a legacy contact if applicable
Security and Login
Where You’re Logged In – View the active devices and locations that are associated with your account – You can log out of each session individually or log out of all sessions by clicking “See More” and selecting “Log Out Of All Sessions”
Login – We recommend you change you password regularly and enable Two-Factor Authentication. Two factor adds a second level of authentication for your account. Logging in will require a 6 digit confirmation via text message or an authentication app such as Duo or Google Authenticator. Here, you can also set up a Universal 2nd Factor security key (USB) and recovery codes. Of these, using Two-Factor Authentication is imperative.
Extra Security and Trusted Contacts
Under “Setting Up Extra Security,” you can set up alerts via email or notification whenever Facebook notices an unrecognized login. Lastly, we recommend you select 3 “Trusted Contacts” that can help you access your account in the case that you are locked out. They will be sent a code and URL to forward to you, allowing you to unlock and access your account.
Privacy – Review your profile settings under Privacy to select what you share publicly and how your account can be accessed.
If you’ve been hacked, make sure you add any users that may have hacked your account. You can also block malicious apps, preventing them from accessing your contact information or any other non-public info.
Apps and Websites
Review all active apps and websites associated with your account. We recommend you remove any apps that you don’t recognize or aren’t absolutely vital to your internet experience.