It usually starts with a small, uneasy moment.
A login alert you don’t remember triggering. A password that suddenly doesn’t work. A friend asking why you just posted something… bizarre.
Sometimes it’s even worse: you open your Facebook Page and realize you’re no longer an admin.
Facebook account takeovers often don’t look dramatic at first. They start quietly: a new device login, a recovery email you didn’t add, or a Page role you never approved. But once someone has access, they can lock you out fast, post scams to your followers, and even run unauthorized ads.
This guide walks you through exactly what to do if your Facebook account or Page has been compromised: how to spot the warning signs, how to recover access if you’re locked out, how to remove rogue admins, and how to lock down your account so it doesn’t happen again.
Signs Your Facebook Account May Be Compromised
Facebook hacks often start quietly. The first signs usually look like small changes you don’t remember making.
Watch for these red flags:
- Login alerts you didn’t trigger: Notifications about new devices, unfamiliar locations, or verification codes you didn’t request.
- Posts or messages you didn’t send: Spam posts, strange DMs, or comments that don’t sound like you.
- Account details changed: Your password, email address, phone number, or two-factor authentication settings were updated without you.
- Page or Business access changes: New admins added, your role downgraded, unknown partners connected, or ad accounts you don’t recognize.
- Unexpected ad spend or billing activity: Ads running that you didn’t create, new payment methods, or charges you can’t explain.
If any of these are happening, assume your account is compromised and start recovery steps immediately.
Step-by-Step: How to Regain Control of a Hacked Facebook Page
| Step | What to Do | Where to Go |
| 1. Secure your personal Facebook account first | Log out of all sessions, change your password, and enable two-factor authentication (2FA). If your profile is compromised, your Page will stay vulnerable. | Settings → Password and security |
| 2. Check whether you still have Page access | Go to your Page and see if you can access settings. If you still have partial access, move fast—attackers often remove legitimate admins quickly. | Your Facebook Page → Settings |
| 3. Review Page roles / Page access | Look for unfamiliar admins or anyone with “Full control.” Remove them immediately if you still have permission. | Page Settings → Page access / Page roles |
| 4. Check Meta Business Suite permissions | Hackers may add themselves through Business Manager instead of Page roles. Review who has access to the business and Page assets. | Meta Business Suite → Settings → Business settings → People |
| 5. Remove suspicious partners | If an unknown Business Manager or partner account is connected, remove it. Rogue partners can retain access even after passwords are changed. | Business settings → Partners |
| 6. Audit Ad Accounts and active campaigns | Check if unauthorized ads are running. Pause campaigns immediately and remove unfamiliar users tied to ad access. | Business settings → Ad accounts |
| 7. Review payment methods for fraud | Look for unfamiliar credit cards or PayPal accounts. If charges occurred, contact your payment provider immediately. | Business settings → Payments / Billing |
| 8. Start a Page admin dispute if you lost access | If all admins were removed or your role was downgraded, submit a Page admin dispute through Meta’s Business Help tools and begin the recovery process. | Meta Business Help Center → Page admin dispute / compromised Page support |
| 9. Gather proof of ownership | Prepare evidence like business documentation, domain verification, screenshots of prior Page access, and ad account billing history. The more proof you provide, the faster recovery usually moves. | Business documents + screenshots + domain records |
| 10. Lock down Page security after recovery | Remove rogue admins, reduce admin permissions, require 2FA for everyone, and limit who can manage ads. Treat this like a full security reset. | Page Settings + Meta Business Suite |
What to Do After You Regain Control of Your Page
Once you’re back in, don’t stop there.
Attackers often return if they still have access through third-party permissions or compromised admin accounts.
Immediately:
- Remove rogue admins
- Remove unknown partners
- Reset Page access roles
- Review ad accounts and billing
- Turn on 2FA for everyone with Page access
- Reduce admin permissions wherever possible
A good rule: most people don’t need Admin access.
Use Editor, Advertiser, or Moderator roles unless someone truly needs full control.
Lock Down Facebook Security So It Doesn’t Happen Again
Getting back into your account is only half the job. The real goal is making sure the hacker can’t come back.
Turn on login alerts
Facebook can notify you every time a new device logs in.
Go to: Settings → Password and security → Alerts about unrecognized logins
Turn them on for email and notifications.
Use stronger passwords everywhere
Hackers often gain access through reused passwords from older data breaches.
If you’ve used the same password across platforms, change it immediately.
A reputable password manager like McAfee’s can help generate and store secure passwords so you don’t have to rely on memory.
Revoke third-party app access
Even if you removed suspicious apps earlier, do a full audit again after recovery.
Go to: Settings → Apps and websites
Remove anything you don’t actively use.
Keep your phone and Facebook app updated
Security updates matter.
Running outdated apps makes it easier for attackers to exploit known vulnerabilities.
Watch out for phishing “Meta Support” scams
Many Facebook hacks don’t happen through technical hacking, they happen through social engineering.
Common scams include:
- Fake copyright violation notices
- Fake Meta verification warnings
- Messages claiming your Page will be deleted
- “Support” DMs asking you to click a link and confirm login
If you ever get one of these messages, don’t click.
Open Facebook directly, go to Settings, and check your account status from inside the platform.
Quick Recovery Table: What to Do If Your Facebook Account or Page Is Hacked
| Situation | What to Do (Step-by-Step) | Where to Go in Facebook |
| You see a suspicious login alert | 1) Log out of all sessions 2) Change your password immediately 3) Turn on two-factor authentication (2FA) |
Settings → Password and security → Where you’re logged in |
| Your password suddenly doesn’t work | 1) Tap Forgot password? 2) Follow recovery prompts 3) Use identity verification if needed |
Facebook login screen → Forgot password? |
| You’re still logged in, but things look “off” | 1) Remove unfamiliar devices 2) Check your email/phone info 3) Remove suspicious connected apps |
Settings → Accounts Center Settings → Apps and websites |
| Your email or phone number was changed | 1) Check your email for Facebook security alerts 2) Click “This wasn’t me” if available 3) Start recovery and select No longer have access? |
Email inbox + recovery flow |
| Your Facebook Page has a new admin you didn’t add | 1) Secure your personal account first 2) Remove the unfamiliar admin immediately 3) Review Page roles for other changes |
Page Settings → Page access / Page roles |
| You lost admin access to your Page | 1) Secure your Facebook profile first 2) Check Meta Business Suite permissions 3) Start a Page admin dispute with Meta |
Meta Business Suite → Business settings |
| Unauthorized ads are running | 1) Pause all campaigns immediately 2) Remove unfamiliar users/partners 3) Check payment methods for fraud |
Business Manager → Ad accounts Business settings → Payments |
| You want to prevent this from happening again | 1) Enable 2FA 2) Use a unique password 3) Turn on login alerts 4) Remove unnecessary admins |
Settings → Password and security |
Final Tips: Recovering From a Facebook Hack
A Facebook hack is stressful for a reason: it doesn’t just affect your account. It can affect your reputation, your Page, your followers, and even your finances if ads are involved.
The most important steps are:
- Act quickly
- Secure your email before finishing recovery
- Log out all sessions and reset your password
- Remove rogue admins and unknown partners
- Lock down Business Manager permissions
- Enable 2FA for every admin who touches your Page
Once you take control back, reduce access to only the people who truly need it, and keep a close eye on logins and billing activity.
With the right steps, you can recover a hacked Facebook account, remove unauthorized admins, and rebuild trust with your audience.
And most importantly: you can make sure it doesn’t happen again.
Finally, you can always reach out directly and seek support via Facebook’s help center and official contact channels if you still need help.
Frequently Asked Questions
| Q: How do I log out of all devices on Facebook?
A: Go to Settings → Password and security → Where you’re logged in, then select Log out of all sessions. After that, change your password and enable 2FA. |
| Q: What if my email and phone number were changed?
A: Start account recovery through Forgot password? and look for the option No longer have access to these? If you still have access to your original email inbox, check for Facebook security emails and use the “This wasn’t me” link to reverse changes. |
| Q: How do I remove an admin from a Facebook Page?
A: If you still have Page access, go to Page Settings → Page access / Page roles and remove the person. If you no longer have admin access, you may need to start a Page admin dispute through Meta Business Help Center. |
| Q: What if someone is running ads from my Page?
A: Go to Meta Business Suite → Business settings → Ad accounts and pause campaigns immediately. Remove unfamiliar users or partners and check billing settings for unauthorized charges. |
| Q: Are authenticator apps safer than SMS codes?
A: Yes. Authenticator apps (and hardware security keys) are generally stronger than SMS because they’re harder to intercept through SIM-swapping or text message compromise. |
| Q: Should I warn my followers?
A: If your Page or profile posted spam, sent DMs, or promoted suspicious links, yes. A short post warning followers not to click links or respond to messages can prevent others from getting scammed. |
Stay Updated
Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.
