You wake up, reach for your phone, and tap that blue icon. Everything looks normal at first glance. But then you notice a notification for a password reset you didn't request, or maybe a friend texts you asking why you’re suddenly selling cheap Ray-Bans or crypto schemes in their DMs. Your heart drops. It’s a violation that feels weirdly personal because, honestly, our digital lives are lived on that platform. Knowing how to tell if your facebook has been hacked isn't always about seeing a "Login Denied" screen; usually, the signs are much quieter, like a digital whisper.
Most people think a hack is a total lockout. That's a myth. Professional bad actors—the ones actually looking to scrape data or run ads on your dime—prefer to stay invisible. They want to sit in the background of your account like a ghost in the machine.
The "Where You're Logged In" Trick
The absolute first place you need to look is the Login Activity map. Facebook keeps a running log of every device that has touched your account. Go to Settings, then Meta Accounts Center, and find "Password and Security." Inside, you’ll see "Where you're logged in."
Look closely. If you live in Chicago and see an active session from an Android in Dublin or a Windows PC in Singapore, you have a problem. It’s not a glitch. Sometimes the location is slightly off because of how ISPs route traffic—you might see a nearby city—but if the device type is "Linux" and you’ve never touched a Linux computer in your life, someone else is browsing your memories.
I’ve seen cases where hackers stay logged in for months without changing a single setting. They just watch. They read messages to gather intel for spear-phishing attacks on your employer or family. It's creepy.
Ghost Posts and The "Friend Request" Red Flag
Check your "Activity Log." This is the archive of everything you've ever done. If you see "Likes" on pages for sketchy gambling sites or comments on political posts in a language you don’t speak, the breach is active.
💡 You might also like: iPhone 6 iOS update limit: Why your old favorite is stuck in the past
Hackers often use compromised accounts to "seed" engagement for scam pages. You might not see these on your own timeline because they can set the privacy of those specific posts to "Only Me" or "Custom" to hide them from you while still boosting the scammer’s algorithm. It's a clever way to hide the evidence while using your account’s reputation as a shield.
Also, keep an eye on your sent friend requests. Scammers often blast out hundreds of requests to the "friends of friends" of a hacked account. Why? Because people are more likely to accept a request if they see a mutual connection. If your "Sent Requests" folder is full of people you don't know, your account is being used as a bot.
Changes to Your Contact Info (The Silent Killer)
The most dangerous sign is a change you didn't make to your recovery email or phone number.
📖 Related: How Anatomy of a Bigfoot Hoax Internet Archive Captures the Internet's Weirdest History
Wait.
Check your primary email right now. Look for messages from Facebook (security@facebookmail.com) saying "A new email address was added." If you didn't do it, the hacker is setting up a "backdoor." They add their email, wait a few days so you don't notice, and then they'll eventually kick you out for good by changing the password and removing your original email.
By the time you realize you can't log in, they've already stripped your "Trusted Contacts" or changed the Two-Factor Authentication (2FA) settings to their own device.
The "Ads Manager" Debt
If you’ve ever run a business page or used Facebook Ads, this is where it gets expensive. Hackers love "Ad Accounts." They’ll hijack an account with a saved credit card and run thousands of dollars in ads for fraudulent products.
You might not even realize it until you see a massive charge on your bank statement. Always check your "Payment History" in the Ad Center. If you see a "Pending" balance for a campaign about "Weight Loss Gummies" or "Forex Trading," you’ve been breached. According to security researchers at Mandiant, these "Business Manager" takeovers are some of the most lucrative for cybercriminals because they can burn through a victim's credit line in hours.
What to Do Right Now
If any of this sounds familiar, don't panic, but move fast. The window for recovery closes a little more every hour.
- Kill the Sessions: In that "Where you're logged in" menu, hit "Select devices to log out" and clear everything that isn't the phone currently in your hand.
- Change the Password: Use a passphrase, not a word. "ThePurpleElephantRunsFast!" is better than "Password123."
- Check Your Email Forwarding: This is a pro-tip most people miss. Hackers sometimes go into your actual email account and set up a rule to forward all emails from Facebook to the trash. That way, you never see the security warnings. Check your Gmail or Outlook filters immediately.
- Security Checkup: Use the built-in Facebook "Security Checkup" tool. It’s actually pretty decent at flagging weak spots.
- Force 2FA: If you aren't using an authenticator app like Google Authenticator or Duo, start. SMS-based 2FA is okay, but "SIM swapping" makes it vulnerable. An app is much harder to intercept.
Security isn't a "set it and forget it" thing. It’s a habit. If you see a weird login, don't ignore it. If a friend says you sent them a weird link, believe them. Your digital footprint is your reputation; keep it locked down tight.
Check your "Linked Accounts" next. Sometimes a hacker won't change your Facebook password, but they'll link their Instagram or Spotify to your Facebook account to maintain access even after you change your login details. Disconnect anything you don't recognize in the Accounts Center. Once you've cleared the unauthorized devices and updated your 2FA, your account should be back in your control.