AmarnepalNepal Data
Online safety & scamsBeginner · 10 min read

How to recover a hacked Facebook account

If your Facebook is hacked, fast action gives you the best chance to get it back. This step-by-step guide covers how to recover access, what to do if the email and password were changed, and how to lock the account down afterwards.

Losing your Facebook account is stressful — it holds your photos, messages, pages and contacts, and a hacker may use it to scam your friends and family. In Nepal, a common attack is a fake message asking you to 'vote in a contest' or 'confirm your account', which steals your login.

The most important thing is to act quickly. The faster you respond, the better your chance of recovering the account before the hacker locks you out completely or deletes it.

This guide walks you through recovery whether you can still log in or not, then shows you how to secure the account so it does not happen again.

First, confirm you are actually hacked

Signs your Facebook is compromised include: you are suddenly logged out and your password no longer works, your name/birthday/email has changed, posts or messages you did not send appear, or friends report strange messages from you (often asking for money or sharing links).

Sometimes you are not hacked but locked out for another reason, or a scammer is impersonating you with a new fake profile. The recovery path differs, so identify which situation you are in before acting.

If you can still log in: act immediately

If you still have access, move fast before the attacker locks you out.

  • Change your password right away to a new, strong, unique one (Settings, Password and security).
  • Check 'Where you're logged in' and log out of all devices/sessions you do not recognise.
  • Turn on two-factor authentication immediately.
  • Review and remove any unknown apps or email addresses/phone numbers added to the account.
  • Check that your recovery email and phone number are still yours and not changed.

If you are locked out: use Facebook's recovery tools

If your password no longer works, do not panic. Use Facebook's official recovery flow:

  • Go to facebook.com/login/identify (or tap 'Forgotten password?' on the login screen) and enter the email or phone linked to the account.
  • Choose to receive a reset code by email or SMS, then set a new password.
  • If the hacker changed your email, look for an email from Facebook saying your email was changed — it usually contains a link to reverse the change. Act on it fast, as that link expires.
  • If you cannot get codes, visit facebook.com/hacked and follow 'My account is compromised' for the guided recovery.
  • If 2FA was on and you have your backup codes, use them to regain access.

If recovery fails: identity verification and trusted contacts

When the email and phone have both been changed, Facebook can still verify it is really you. Through the facebook.com/hacked flow you may be asked to upload a photo of a government ID (citizenship, passport, licence or national ID). Facebook says it uses the ID only to confirm your identity.

If you set up 'trusted contacts' earlier, friends can help you receive recovery codes. You can also try recovering from a device or browser where you were previously logged in, as Facebook trusts known devices more.

Recovery can take days and is not always successful — which is exactly why turning on 2FA and keeping a current recovery email/phone beforehand matters so much.

After you get back in: lock it down

Once you regain access, secure the account thoroughly so the hacker cannot return:

  • Set a brand-new strong, unique password (do not reuse the old one).
  • Turn on two-factor authentication with an authenticator app.
  • Log out of all sessions and remove unknown devices.
  • Review linked apps, Pages and ad accounts, and remove anything you do not recognise — hackers often add themselves as admins or run ads.
  • Check your email account too: if your email was also compromised, secure it first, because it controls Facebook recovery.
  • Warn your friends that your account was hacked so they ignore any scam messages sent in your name.

How the hack likely happened — so you avoid a repeat

Most Facebook takeovers in Nepal come from phishing: a fake login page sent via Messenger or a link ('see who viewed your profile', 'you won a prize', 'vote for my photo'), or a fake 'Facebook Security' message. Once you type your password into the fake page, the attacker has it.

Other causes are reused passwords leaked from another site, or installing shady apps that asked for your Facebook login. Never enter your Facebook password anywhere except facebook.com or the official app, and be suspicious of any link that asks you to 'log in again' unexpectedly.

Key takeaways

  • Act fast — speed is the biggest factor in successfully recovering a hacked account.
  • If you can still log in: change the password, log out other devices, and enable 2FA immediately.
  • If locked out, use facebook.com/login/identify and facebook.com/hacked to recover.
  • If the email was changed, look for Facebook's 'reverse this change' email and act before it expires.
  • Facebook can verify your identity with a government ID if email and phone were both changed.
  • Secure your email first — it controls Facebook recovery — then turn on 2FA to prevent a repeat.
Questions

How to Recover a Hacked Facebook Account (Step-by-Step) — FAQ

What is the official website to recover a hacked Facebook?+

Use facebook.com/hacked for compromised accounts and facebook.com/login/identify to reset a forgotten password. Only ever use the real facebook.com domain or the official app — many fake 'recovery' sites and 'hackers for hire' are scams.

The hacker changed my email and phone. Can I still get my account back?+

Possibly. Use the facebook.com/hacked flow, watch for Facebook's email about the email change (it may contain a reversal link), try logging in from a device you used before, and be ready to verify your identity with a government ID. It is not guaranteed, but worth attempting promptly.

Should I pay someone who says they can recover my account?+

No. People advertising paid Facebook recovery 'services' are almost always scammers who will take your money and may steal more of your information. Facebook's own recovery tools are free and are the only legitimate route.

A fake profile is using my name and photos. Is that the same as being hacked?+

No — that is impersonation, not a hack of your account. Report the fake profile directly on Facebook (using the '...' menu, then Report) and warn your contacts not to accept its requests.

How do I stop it happening again?+

Use a unique strong password, turn on two-factor authentication with an authenticator app, never enter your Facebook password on any site other than facebook.com, and ignore links asking you to 'log in again' or claiming you won something.

Sources & data note

These guides explain widely-accepted SEO, AEO and GEO practice as documented by Google Search Central, schema.org and current industry research. Search and AI systems evolve continually — treat specific thresholds (e.g. Core Web Vitals targets) as current guidance and verify against the latest official documentation. Examples are tailored to Nepal's market.