How do I recover my hacked Facebook account if my email was changed?

Go to facebook.com/hacked immediately. If the hacker changed your email, Facebook will have sent a notification to your original email address with a link to reverse the change. Click 'Secure your account' in that email. If you no longer have access to your original email, use Facebook's identity verification process — you'll need to upload a photo ID to prove you own the account.

What should I do if Facebook won't let me recover my account?

This is unfortunately common. Try the recovery process from a device and browser you've previously used to log into Facebook, as it improves your chances. If automated recovery fails, use Facebook's identity verification at facebook.com/login/identify. As a last resort, report the situation to Scamwatch (scamwatch.gov.au) and consider getting professional help to document the hack and assist with recovery.

Can someone hack my Facebook without knowing my password?

Yes. Hackers can gain access through data breaches where your password was leaked from another site (check haveibeenpwned.com), phishing links that trick you into entering your password on a fake login page, malware or keyloggers on your device, or SIM swapping to intercept your two-factor authentication codes. This is why using a unique password and an authenticator app for 2FA is essential.

Should I report a hacked Facebook account to police in Australia?

If money was stolen or the hacker committed fraud using your account (such as scam Marketplace listings), report it to Scamwatch at scamwatch.gov.au and to ReportCyber at cyber.gov.au/report. If your identity has been used to open accounts or take out loans, contact IDCARE (idcare.org) for free case management support. Local police reports can also help if you need a formal record for insurance or financial institution disputes.

How to Recover a Hacked Facebook Account — Step by Step

If your Facebook account has been hacked, act right now. Every minute you wait gives the attacker more time to message your friends with scam links, post fraudulent Marketplace listings in your name, and harvest your personal information. This guide walks you through the exact recovery process, step by step.

It's one of the most stressful things that can happen online. You try to log into Facebook and your password doesn't work. Or worse — a friend calls to say your account is sending them strange messages asking for money. Maybe you're seeing posts you never made, or you got an email from Facebook saying your account email was changed to something you don't recognise. Your Facebook has been hacked, and you need to move fast.

Signs Your Facebook Account Has Been Hacked

Not sure if you've actually been compromised? Here are the telltale signs:

Posts or messages you didn't send If your timeline has posts you didn't make — especially links to dodgy websites, crypto scams, or "I can't believe this works!" spam — someone else has access to your account.

Login alerts from unknown locations Facebook sends email alerts when your account is accessed from a new device or location. If you're getting alerts from cities or countries you've never been to, that's a hacker.

Friends getting spam messages from you The hacker often messages your entire friends list with phishing links, fake investment schemes, or "emergency" requests for money. Your friends may contact you about it before you even notice.

Your email or password was changed If you received a "your email has been changed" notification from Facebook that you didn't request, the hacker is locking you out. This is urgent — act on it immediately.

Completely locked out of your account If your password doesn't work and your recovery email or phone number has been changed, the hacker has taken full control. You'll need to go through Facebook's identity verification process.

Marketplace listings you didn't create Hackers frequently use stolen accounts to post fake Marketplace listings — selling items they don't have, collecting payment, and disappearing. Buyers think they're dealing with a real person (you).

If any of these apply to you, don't wait to "see if it gets worse." It will. Start the recovery process now.

Step-by-Step Facebook Account Recovery

Follow these steps in order. The process depends on how much access you still have.

Go to facebook.com/hacked immediately. This is Facebook's official recovery starting point. If you can still log in, it will walk you through securing your account — changing your password, reviewing recent activity, and logging out of all other sessions. If you can't log in, it will guide you to the next steps. Do this before anything else.
Check your email for "password changed" notifications. When a hacker changes your Facebook password, Facebook sends a notification to your original email address. That email contains a "Secure your account" or "If you didn't do this, click here" link. If the email arrived recently, that link still works — click it immediately. It lets you reverse the password change and regain access without the hacker's new password.
Use Facebook's identity verification if you're completely locked out. If the hacker changed both your password and email, go to facebook.com/login/identify. Facebook will ask you to identify your account by name, email, or phone number, then offer recovery options. You may need to upload a photo of your government-issued ID (driver's licence, passport). This process can take several days, but it's often the only way to recover a fully hijacked account.
Check logged-in sessions and remove unknown devices. Once you're back in, go to Settings > Security and Login > "Where You're Logged In." You'll see every device and location currently signed into your account. If you see devices you don't recognise — especially from other countries — click the three dots next to each one and select "Log Out." Then click "Log out of all sessions" to be safe. You can sign back in on your own devices afterwards.
Change your password and enable two-factor authentication. Set a completely new password — at least 16 characters, never used on any other site. Then go to Settings > Security and Login > Two-Factor Authentication. Enable it using an authenticator app (Google Authenticator or Microsoft Authenticator) rather than SMS. SMS-based codes can be intercepted through SIM swapping. An authenticator app means the hacker needs your physical phone to get in.
Check and revoke suspicious app permissions. Go to Settings > Apps and Websites. You'll see every third-party app and website that has access to your Facebook account. Remove anything you don't recognise or no longer use. Hackers sometimes grant access to malicious apps that can continue to control your account even after you change your password. When in doubt, remove it — you can always re-authorise legitimate apps later.
Alert your friends that your account was compromised. Post a status update or message close friends directly to let them know your account was hacked. Tell them to ignore any messages or links they received from "you" during the hack. This is important — the hacker almost certainly messaged your friends with phishing links or money requests. If your friends click those links, they become the next victims.
Check Facebook Marketplace for scam listings made in your name. Go to Marketplace and check "Your Listings." Hackers frequently use stolen accounts to post fake sale listings — electronics, cars, event tickets — collecting payment from buyers who think they're dealing with a legitimate seller. Delete any listings you didn't create. If buyers have already paid, they may contact you demanding the item — you'll need to explain the situation and direct them to report the listing to Facebook.

Important: Try recovering your account from a device and browser you've previously used to log in. Facebook's security system recognises your usual devices. If you try to recover from a brand-new device, Facebook may flag it as suspicious and make recovery harder. Use your regular phone or computer if possible.

What to Do If Facebook Won't Help

This is one of the most frustrating parts of dealing with a hacked Facebook account, and it's an extremely common complaint. Facebook's automated recovery process doesn't work for everyone. You might upload your ID and hear nothing back. You might go in circles through help pages that lead nowhere. You might not be able to reach an actual human at Meta no matter what you try.

If the standard recovery process has failed, here's what you can do:

Try the recovery process again from your usual device and browser. Facebook's system is more likely to recognise you and offer recovery options if you're using a device you've previously logged in from.
Check if you have Facebook Login set up on other apps. If you've used "Log in with Facebook" on apps like Spotify, Instagram, or games, some of those apps may still have an active session. This can sometimes provide a backdoor to resetting your Facebook credentials.
Ask a trusted friend to report your account as compromised. They can go to your profile, click the three dots, and select "Find support or report profile" > "Something else" > "This account has been hacked." Multiple reports from trusted contacts can escalate the issue.
Document everything. Take screenshots of the hacked posts, any suspicious emails, and your failed recovery attempts. This documentation is important for police reports, Scamwatch, and any future disputes.

Facebook processes billions of requests. Unfortunately, hacked accounts are often handled by automated systems, not humans. Persistence and documentation are your best tools. If you're getting nowhere, professional help can make a real difference.

If Money Was Stolen: Report to Scamwatch

If the hacker used your account to scam others, or if you lost money as a result of the hack, report it to the Australian authorities:

Scamwatch — ACCC Report the scam and any financial losses. Scamwatch tracks scam trends across Australia and shares intelligence with law enforcement. scamwatch.gov.au

ReportCyber — ACSC Australia's official cybercrime reporting portal. Report the account takeover, especially if personal information was stolen or misused. cyber.gov.au/report

Your Bank If the hacker accessed payment details linked to your Facebook account or made purchases through Facebook Pay, contact your bank immediately to dispute the charges and freeze your card.

IDCARE — Identity Support If the hacker has accessed your personal information (date of birth, address, ID documents), contact IDCARE for free case management support. idcare.org

How to Prevent It Happening Again

Once you've recovered your account, take these steps to make sure it doesn't happen a second time:

Use a unique, strong password Your Facebook password should not be used on any other site. Use a password manager (Bitwarden, 1Password) to generate and store a random 16+ character password.

Enable two-factor authentication Use an authenticator app, not SMS. If a hacker SIM-swaps your phone number, SMS codes go straight to them. An authenticator app stays on your physical device.

Check haveibeenpwned.com regularly Enter your email at haveibeenpwned.com to see if your credentials have appeared in any data breaches. If they have, change those passwords immediately.

Don't click links in messages — even from friends If a friend sends you a link with "OMG is this you?!" or "check out this deal," don't click it. Their account may have been hacked too. Verify with them directly first.

Review app permissions regularly Go to Facebook Settings > Apps and Websites every few months and remove apps you no longer use. Each connected app is a potential entry point for attackers.

Set up login alerts Go to Settings > Security and Login > Get alerts about unrecognised logins. Facebook will notify you whenever your account is accessed from a new device or browser.

The Connection Between Facebook Hacks and Identity Fraud

A hacked Facebook account isn't just about embarrassing posts or spam messages. It's often the first step in a much larger identity fraud operation. Here's what many people don't realise:

Your Facebook profile contains identity-building information. Your full name, date of birth, hometown, workplace, email address, phone number, family connections — this is everything a criminal needs to start impersonating you for loans, credit cards, or government services.
Messenger history is a goldmine. Think about what you've sent through Messenger over the years — photos of documents, bank details to friends, your home address, conversations mentioning your children's names and schools. A hacker with access to your Messenger history has access to all of this.
Facebook Login connects to other accounts. If you've used "Log in with Facebook" on other apps and websites, the hacker may be able to access those accounts too — including shopping sites with saved payment methods.
Your friends become targets. The hacker can use your trusted identity to scam people who trust you. A message from "you" asking a friend to help with a PayID transfer is far more convincing than a message from a stranger.

If your Facebook account was hacked and you have any reason to believe personal information was accessed, read our guide on identity fraud protection and recovery. The sooner you act, the less damage can be done.

If you've ever sent photos of your driver's licence, Medicare card, or passport through Facebook Messenger, assume the hacker has copies. Contact IDCARE and consider placing a ban on your credit file with the three credit bureaus (Equifax, Illion, Experian) to prevent the hacker from opening accounts in your name.

When to Get Professional Help

Some situations go beyond what a step-by-step guide can fix. Consider getting professional help if:

You've tried Facebook's recovery process and it's not working — if you've been going around in circles for days with no response from Meta, a professional can help escalate and document the situation properly
You suspect your device itself is compromised — if the hacker got into your Facebook through malware, a keylogger, or remote access software on your phone or computer, changing your Facebook password won't help until the device is cleaned
Your identity has been used for fraud — if fake accounts, loans, or purchases have been made in your name, you need help navigating the recovery process across multiple organisations
You gave remote access to a scammer — if someone talked you into installing AnyDesk, TeamViewer, or similar software as part of a scam, your entire device needs to be forensically examined
You're a business owner and your Facebook Page was hijacked — losing control of a business Page can mean losing your customer base, reviews, and advertising account with money in it
You need evidence for a police report or insurance claim — proper documentation of the hack, the timeline, and the damage is often needed for formal reports

There's no shame in asking for help. Facebook hacks are one of the most common cyber incidents in Australia, and they're happening to thousands of people every week. Getting expert assistance early limits the damage.

Need help recovering a hacked Facebook account?

We help Central Coast residents recover from hacked accounts, clean compromised devices, and lock down their digital security every day. Book a session and we'll help you get your account back and make sure it stays secure.

Book a Security Assessment