Indicators that someone may have hacked your Facebook account are:

Your email or password has changed. Your name or birthday has changed. Fake friend requests have been sent from your account to people you don’t know. Friend requests have been sent to people who are already your friends. Posts that you didn’t create appear to be from you. Friends receive messages from you that you didn’t write.

If any of these telltale signs happen to you or you notice any other unusual activity, take fast action to protect your account. When you think your Facebook account may have been hacked, change your password before you do anything else. If you no longer have access to your Facebook account, immediately follow the steps described below.

How Was My Account Hacked?

Hackers may have gained access to your Facebook account in any number of ways. They could have guessed your password, or they may have set up an Evil Twin Wi-Fi hotspot at a coffee shop and stolen your credentials through a man-in-the-middle attack. Maybe you left your account logged in at a computer lab at your school or library, or hackers could be using your account from a stolen tablet or phone. Regardless of how they managed to obtain your Facebook credentials, the best thing to do is move quickly to limit the amount of damage and try to prevent any further hacks.

Report a Compromise to Facebook

If you can’t recover your Facebook password and access your account, you can still report a possible hack to the company and receive help to reset your password:

Alert Your Friends

Tell your Facebook friends that your account was hacked. Warn them not to click any links that may have come from your account during the time it was hacked and out of your control. Click Get Started. Hackers who compromised your account may have posted on your friends’ pages or sent links in comments or private messages.

Delete Unknown Apps From Your Account

Eliminate any Facebook apps installed on your account that you don’t recognize. While you’re at it, delete apps you no longer use. At some point, you may have granted the apps access to some of your personal information. If you click View and edit on an app, it shows the level of access it has to your account and the information Facebook shares with it. Also on the Apps and Website page are additional tabs at the top where you can find expired apps (apps that had access at one time, but their permissions have since lapsed) and past apps (which have been removed from your account). Removed or expired apps still have the information shared with them while the apps were active, but they can no longer access that information from your Facebook account after they expire or are removed. Clicking the tile for a removed or expired app tells you the best method to request that the app delete your information.

Prevention: Enable Two-Factor Authentication

Don’t wait for the next hack to take steps to improve your Facebook security and privacy. To prevent your account from being compromised again, Facebook strongly recommends using two-factor authentication. Activating this feature requires an additional form of authentication beyond your password when anyone attempts to log in to your account. The second form of authentication can be a number code texted to your phone or a code generated by a separate authentication app on your phone, or a smart key inserted into your computer’s USB drive. When you have two-factor authorization in place, someone could have full access to your password, but unless they also have your second means of authentication (like your phone or a physical token), they can’t get into your Facebook account. To enable two-factor authentication on your Facebook account:

Prevention: Run Security Checkup

Facebook’s Security Checkup feature adds additional security to your account. Use it to:

Log out of Facebook and Messenger from unused browsers and apps. Receive an alert when someone logs in to your account from an unrecognized mobile device or computer.

Prevention: Change Your Facebook Password Regularly

Resetting your password regularly is a good habit to adopt. You can do it at any time.