How to Recover a Hacked or Locked Facebook Account — Complete Step-by-Step Guide

byTime Stone -

 



Quick summary — what to do first (TL;DR)

  1. Act fast. The sooner you start recovery, the better the chance to stop damage.

  2. Try the official recovery flow: https://facebook.com/hacked and the account recovery page.

  3. Secure your email first (if it’s compromised, recover it before Facebook).

  4. Collect evidence: screenshots of suspicious messages, login notifications, transaction receipts (for ad spend), suspicious posts, and email headers.

  5. Use ID verification if needed — be ready to upload a government ID or other accepted document.

  6. If a Page or Ad account is stolen, remove unknown admins and report to Facebook immediately.

  7. File a police report if money or identity theft occurred.

Below is a full, step-by-step guide with copyable templates and troubleshooting.

















1. Understand the common Facebook compromise scenarios

  • Password changed by attacker; you can’t log in.

  • Password unchanged but login blocked / 2FA changed.

  • Email or recovery phone changed.

  • Account still accessible but attacker is using it to send messages, post spam, or create orders/ads.

  • Business Page or Ad account takeover (unknown admins, ads running).

  • Impersonation (fake account created using your photos).

Different scenarios need slightly different responses — this guide covers all.

2. Immediate actions (first 1–2 hours)

A. If you still have access to the account

  1. Change the password immediately. Use a strong, unique password (12+ characters, mixed types).

  2. Enable Two-Factor Authentication (2FA). Prefer an authenticator app (Google Authenticator, Authy) or a hardware security key.

  3. Log out other devices / sessions. Facebook → Settings → Security and Login → Where You’re Logged InLog Out of All Sessions / remove unknown devices.

  4. Remove suspicious apps and permissions. Settings → Apps and Websites → remove anything you don’t recognize.

  5. Check Page roles and Business Manager. Remove unknown admins and transfer ownership if necessary.

  6. Download a copy of your Facebook data (Settings → Your Facebook Information → Download Information) for evidence.

B. If you cannot access the account (password changed / login blocked)

  1. Go to: https://www.facebook.com/hacked — This is Facebook’s “compromised account” tool.

  2. Or go to the recovery page: https://www.facebook.com/login/identify and follow the steps.

  3. Use devices & locations you normally use when attempting recovery (same phone/computer, same network) — Facebook treats familiar devices/locations as stronger proof.

  4. Collect screenshots or notifications from your email or phone saying password change, login attempt, or unrecognized device. These help escalate with support.

3. Official Facebook account recovery flows (when you cannot log in)




A. facebook.com/hacked — Compromised Account Flow

  • Designed specifically for accounts that may have been taken over.

  • It will ask whether your password has been changed and whether you still have access to your email/phone.

  • Follow the steps to secure your account; Facebook may prompt you to change the password and review recent activity.

B. Identify your account (login/identify) — If you’ve forgotten the email or phone

  • Visit https://www.facebook.com/login/identify

  • Enter an email address, phone number, or full name connected to the account.

  • If you recognize the account from returned results, choose it and follow instructions. You may be able to send a code to a recovery email/phone shown (if attacker hasn’t changed them).

C. Account recovery when email/phone changed

  • Choose “I no longer have access to these” when prompted. Facebook will show options to help you recover.

  • Options often include verifying identity via government ID, identifying trusted contacts, or providing previous passwords.











4. If you cannot use recovery tools — identity verification options

When automated recovery fails, Facebook may ask you to verify identity manually.

A. Uploading ID

  • Facebook accepts government IDs (passport, national ID, driver’s license) or other documents with your name and photo.

  • Visit: https://www.facebook.com/help/contact/183000765122339 or the “Confirm Your Identity With Facebook” flow.

  • Ensure your document is legible and the photo is clear. Cover any sensitive information not required (if the form allows). Facebook keeps this info private and deletes it per their policy after verification.

B. Using Trusted Contacts

  • If you previously set Trusted Contacts, you can get help from them to receive recovery codes.

  • If you didn’t set trusted contacts before being locked out, this option won’t be available.

C. Provide additional evidence

  • Screenshots of prior account activity that only you could have (old messages, photos only you have, business invoices, or other account ownership proof).

  • Email headers from account-related emails that show the old email address. (Full email headers can be useful for investigators.)

5. Recovering when the account shows other changes (email/phone replaced)

If attacker changed the email/phone on the account:

  1. Try the “identify” flow — sometimes Facebook still shows a partially correct recovery option.

  2. Use the “I no longer have access to these” option and proceed with ID verification.

  3. In your appeal, state clearly: the email/phone linked to the account was replaced without your consent. Provide proof of ownership of the old email/phone if possible (screenshots of email inbox, billing or provider account details).

6. Special case: Business Pages / Facebook Business Manager / Ads stolen

If a Page or Ad account has been taken:

A. Check Page Roles immediately (if you still have access)

  • Remove unknown admins from Page Roles.

  • Change your password and 2FA immediately.

  • Check Page activity and remove suspicious scheduled posts or unpublished changes.

B. If you can’t access Page settings

  • Use the Page support forms: from your Business Help Center or Ads Manager → Help → Contact Support.

  • Provide proof of business ownership: business registration, tax documents, invoices, domain ownership (DNS), or matching business email addresses.

C. For unauthorized ad spend

  • Document charges and ad IDs.

  • Contact Facebook Business Support and request investigation/refund for unauthorized charges.

  • File a police report and attach it to your claim (see templates later).












7. Sample messages & templates (copy-paste ready)

A. Message to Facebook via recovery form (short)

My Facebook account has been hijacked. My password and recovery email/phone were changed without my consent. I cannot log in. I am the owner of this account. Please guide me through the recovery process — I can provide government ID and other proof. Username/Email/Phone associated (previous): [your previous email/phone]. Last known login: [date/time]. Thank you.

B. Detailed appeal for support (for forms and business support)

Subject: Urgent — Account Hacked and Recovery Needed

Dear Facebook Support,

My personal Facebook account (name: [Your Full Name], profile URL: [link if possible], previous email: [old email]) was compromised on [date/time]. The attacker changed the account password and replaced the recovery email/phone. I am requesting immediate assistance to reclaim my account.

I can provide the following evidence to prove ownership:

  • A copy of my government ID (passport/NID/driver’s license) matching the account name.

  • Screenshots of previous messages and posts only visible to me.

  • Email headers showing account-related notifications to my previous email.

  • Proof of business ownership for pages managed (if applicable): [business document names].

Please advise the next steps. I am willing to complete any verification and provide any documents needed.

Thank you,
[Full name] — [Contact email] — [Phone]

C. Template to send to friends/contacts (if the account is being used for scams)

Hi — my Facebook account has been hacked. If you received any strange messages/offers from me, please ignore them. I’m working to recover the account. If you received payment requests or suspicious links, do not click and report to Facebook. Thanks for your help.

8. If you regain access — clean up checklist

  1. Change your password to a strong, unique one.

  2. Turn on 2FA (authenticator app or security key).

  3. Log out all sessions and re-login only on devices you trust.

  4. Check authorized apps and remove suspicious ones.

  5. Scan devices for malware / keyloggers with reputable antivirus. If you suspect your device is compromised, consider a clean OS reinstall.

  6. Check privacy settings and posts — remove any posts, messages, or friend requests the attacker made.

  7. Enable Login Alerts (Settings → Security and Login → Get alerts about unrecognized logins).

  8. Update linked email and phone settings — ensure your recovery email is secure with 2FA.

  9. Notify friends and followers to ignore messages that came from the compromised account.

  10. Download your Facebook data as evidence and for records.

9. Troubleshooting — “common problems & fixes”

Problem: Facebook asks for ID but verification keeps failing

  • Make sure the document photo is clear and unaltered.

  • Use the exact name that matches your Facebook profile.

  • If a driver’s license shows an address, but Facebook flags it, try a different accepted ID (passport, national ID).

  • Check file type/size restrictions; use recommended formats (JPEG/PNG) and resolution.

Problem: Recovery email link expired or attacker changed email

  • Try again using the recovery tool from a device & IP address Facebook recognizes (home Wi-Fi).

  • Use any other info Facebook requests (past passwords, creation date, frequent connections).

  • If you have proof of ownership of the old email (screenshots of login, provider billing, or email headers), attach them.

Problem: Facebook keeps asking for “more info” and no human reply

  • Keep retrying the recovery flows and use multiple channels: hacked tool, identify page, and help/contact forms.

  • Use Business Support (if you have Ads/Business Manager) — business support often provides faster human responses.

  • Consider filing a police cyber complaint (see next section); attaching an official report can sometimes get attention.

10. Legal steps & police reporting

If the hack involved financial loss (scammed money, stolen ad spend), identity theft, or serious impersonation, file an official police cyber complaint.

A. What to prepare for a police complaint

  • Printed screenshots of suspicious activity.

  • Transaction records (bank, mobile money, or ad payments).

  • Copies of emails and headers indicating notifications from Facebook.

  • Your government ID and proof of account ownership (old emails, account creation proof).

B. Attach the complaint to Facebook appeals

  • After filing an FIR or cyber police complaint, include the complaint number and attach a copy in your communications with Facebook Business Support or appeal forms.

11. Preventive measures (long-term security hygiene)

  1. Use unique passwords for every important account. Password manager recommended (Bitwarden, 1Password, LastPass).

  2. Enable 2FA on Facebook and email. Prefer time-based one-time passwords (TOTP) over SMS.

  3. Use a dedicated recovery email that’s never shared publicly and protected with 2FA.

  4. Limit app permissions on Facebook and revoke unused third-party apps.

  5. Avoid suspicious linksphishing is the most common cause. Look carefully at login pages (URL) before entering credentials.

  6. Regularly review login locations and remove devices you don’t recognize.

  7. Use a hardware security key if you want top-level protection (YubiKey or equivalent).

  8. Teach friends/family about the risks — social engineering often starts with compromised friend accounts.

  9. Monitor your account activity weekly and download a backup of important data.



12. Recovering impersonation or cloned profiles















If someone created a fake account using your photos/name:

  1. Report the profile via their profile → three dots → Find support or report profilePretending to be someone.

  2. Report duplicates of your own profile the same way.

  3. If you’re a public figure or a business, use the Report a Violation tools in the Help Center and consider seeking trademark/brand support if applicable.

13. Extra tips for pages, groups, and communities

  • Set multiple admins you trust and restrict admin privileges (avoid making everyone full admin).

  • Use Business Manager for serious pages and keep ownership tied to a company email (with 2FA).

  • Audit page roles monthly. Remove admins who are inactive or no longer trusted.

  • Restrict third-party integrations (bots, posting apps) and review permissions.

14. When recovery repeatedly fails — final escalation steps

  1. Re-try recovery from a familiar device and network (home). Use VPN only if it replicates your usual location.

  2. Use different recovery options: recovery code to old email, previous password, or trusted contacts.

  3. Contact Facebook Business Support (if you have an ad account) and explain the situation; business channels often respond faster.

  4. Obtain a police FIR and attach it to appeal forms. This shows seriousness and can speed review.

  5. Create a new account only as a last resort — notify contacts about the hacked account and report the old/hacked account as compromised so Facebook can later restore or remove it.

15. Checklist — step-by-step summary you can follow now

  1. Attempt: https://www.facebook.com/hacked

  2. If not successful: https://www.facebook.com/login/identify

  3. Use known device & network for every attempt.

  4. If email/phone changed: choose “I no longer have access to these” and prepare ID.

  5. Collect evidence: screenshots, emails, transactions, ad IDs.

  6. If Page/Ad compromised: contact Business Support, remove unknown admins, provide business proof.

  7. If money stolen: file police complaint and attach to support requests.

  8. After recovery: change password, enable 2FA, audit devices/apps, scan devices.

  9. Notify friends and report impersonation or fraud where needed.



16. Final notes & sample links (for quick reference)

  • Start here for compromised accounts: facebook.com/hacked

  • General recovery: facebook.com/login/identify

  • Report impersonation / fake accounts via profile → Find support or report profile

  • Business/Ad support: use Facebook Business Help Center inside your Ads Manager (Help → Contact Support)

Closing — stay calm and methodical

Recovering a hacked Facebook account can feel overwhelming, but a calm, methodical approach greatly improves your chances:

  • Use Facebook’s official recovery tools first.

  • Provide clear, verifiable evidence if you must verify identity.

  • Don’t skip securing your primary email — if the attacker controls your email, Facebook recovery will be very hard.

  • If ads/pages are stolen, use business support and legal proof of ownership.

  • When financial loss occurs, involve the police and keep records of everything.


Read More 


Tags:

You might like

View all
Previous Post Next Post
Share to other apps
Copy Post Link