1. First of all, how do you know your Facebook account was hacked if nothing obvious was changed…yet?
If a hacker managed to get into your account, they will leave a trace. While their session is active, it will be listed under > Home (top right corner) > Account Settings > Security > Active Sessions (click edit). Here you can end the activity of suspicious sessions.
It is recommended that you enable Login Approvals for logging in from unrecognized devices. For increased security, you should also set app passwords.
2. Change Your PasswordIn case your password was not changed you got lucky! This is the time to update your password! Be sure to end any suspicious active sessions first (see above), then go to > Home > Account Settings > General and click > Password to confirm your current password and then enter a new password.
When you’re done, review our articles regarding Facebook security (see resources below) and see what other measures you can take to secure your account.
3. Reset Your PasswordIf your password was changed, act quick! Try to regain access. There is a > Forgot your password? link underneath the Facebook login.
It will let you retrieve your password in several different ways. You can either enter the email address you registered to Facebook with or any other secondary email address you added, as well as your phone number and username.
If you’re not sure whether the person that hacked your account was smart enough to change your profile information, you should go with the last option and enter your name and that of a friend. This will give you an idea of which information is currently added to your account.
If you don’t have access to any of the email accounts or to the phone number associated with your account, click the > No longer have access to these? URL. This will take you to a page where you can enter a new email address, which Facebook will then use to assist you in recovering your account.
This is not all. If you believe that your account was abused by the person who has access to it, proceed to step 2.
4. Report Compromised AccountIf your account wasn’t simply hacked, but is sending out ads and spam to your friends, you must report it as compromised.
From here, immediately proceed to step 2.