What To Do If You Were Hacked on Facebook / How To Secure Your Account

Was your FB Ads account or Meta profile hacked? Did someone spend a ton of money on it and now you are in panic mode trying to secure it to make sure no other hacks happen?   I know the feeling, it sucks!!

It happened to me, not once, but twice.  I got hacked.  How?   First time around my employee clicked on those phishing emails they spam via DMs saying your page is in violation and contact Facebook Support right away to avoid getting banned and disabled.

Second Time?  One of my employees bought a profile on one of these account seller websites, and they came through that.

Hackers are getting very very smart and in this guide I will share what I did to secure my account.  

Go through these steps to make sure you don’t get hacked and they don’t spend tens of thousands of dollars on your account while you sleep.

1. Visit the link https://www.facebook.com/hacked

   
   This will take you through a wizzard to help secure your account.   This is a great first step as it will help you change your password and bunch of other stuff.  

2.  Visit Accounts Center and Go Through EVERYTHING menu by menu

   https://accountscenter.facebook.com/

   A) Connected Experiences, go through here and disconnecte verything
   B) Personal Details, make sure under Contact Info only your emails and phone numbers are visible.   
   C) Meta Pay – add your details here, remove stuff you don’t recognize
   D) Accounts – make sure you only have your profile here.
   E) Password and Security 

   This one is a big one, with lots to do here.  

   If you haven’t yet,  Change password to something long with tons of different chars and uppercase/lowercase letters. 

   Next, review saved logins and disconnect any you don’t recognize. I’d disconnect all except the one I am logged into while fixing the acount.  

   Check the passkey, see if there’s anything there, if yes remove it.

   Where you’re logged in.. review and log out everything you don’t recognize. Again i recommend you remove all, and just leave your current active profile you are using.

   

   Two-factor authentication
   
   This is by far the most important one,   make sure you add a new authenticator, and delete any others under this menu.      

   

   For SMS or Whatsapp, check and make sure it only has a phone number you have access to and nothing else.

   Review Additional methods, to see if there’s anything else, if there is remove it.  

   Security keys may be a good idea if you have one.   I used Yubikey many times for my top profiles.   

   Trusted Devices, remove everything here, only leave the one you are logged into.

3. Apps & Websites

   A ton of hackers know that people will run the wizzard from Meta, and they will go through accounts center and think they are safe and secure.   However,  here’s the trick that they use to get into your account even after you “secure” everything else.   3rd party apps that grant access to your profile!   

   Visit this page, and remove EVERYTHING:

   https://www.facebook.com/settings?tab=applications

4. Business Integrations

   Check this page, remove everything

   https://www.facebook.com/settings?tab=business_tools&section=active

5. More resources to check just in case
   
   The above steps should be enough to secure your account, but since Meta (Facebook) changes every single day, you never know what may have been left over from a previous setting that is now not accessible via the menus available in the current interface.  That’s why I gathered these additional links.  Open all of them and check to see,  if you see anything out of place.  Remove any permissions that aren’t you, emails, phone numbers, authentication methods, and 3rd party apps/websites.    Stay safe & vigilant!  

   1. Accounts and logins that can inject a phone

   • Accounts Center, Accounts list: https://accountscenter.facebook.com/accounts

   • Instagram phone inside Accounts Center, open IG profile settings here: https://accountscenter.facebook.com/profiles

   • Remove WhatsApp as a login factor if linked: https://accountscenter.facebook.com/password_and_security/two_factor/

   2. Legacy SMS hooks that do not show in normal settings

   • Mobile text settings, desktop: https://www.facebook.com/settings?tab=mobile

   • Mobile text settings, legacy m-site, sometimes reveals stale numbers: https://m.facebook.com/settings/sms/

   • Notifications by text, disable SMS completely: https://www.facebook.com/settings?tab=notifications&section=text_message

   3. Two-factor, recovery, and backup factors

   • Two-Factor hub, desktop: https://www.facebook.com/security/2fac/settings/

   • 2FA inside Accounts Center: https://accountscenter.facebook.com/password_and_security/two_factor/

   • Trusted numbers and login alerts, Accounts Center: https://accountscenter.facebook.com/password_and_security/login_alerts/

   • Where you are logged in, kill everything, then re-add your own factor: https://accountscenter.facebook.com/password_and_security/where_you_re_logged_in/

   4. Business and Page level security that can override user prompts

   • Business Manager Security Center, require 2FA off for everyone while cleaning: https://business.facebook.com/settings/security

   • Business Integrations and apps, remove anything suspicious: https://www.facebook.com/settings?tab=business_tools

   • Apps and Websites, remove unknown apps: https://www.facebook.com/settings?tab=applications

   • Page access and new Page Experience profile switcher, remove unknown people: https://www.facebook.com/settings?tab=profile_access

   5. Places to see or flush hidden contact data

   • Personal Details in Accounts Center, Contact info deep link: https://accountscenter.facebook.com/personal_details/contact_info/

   • Personal Details root: https://accountscenter.facebook.com/personal_details/

   • Profile contact on classic settings: https://www.facebook.com/settings?tab=account&section=contact&view

   • Download Your Information, select Security and Login info to see all saved contacts: https://www.facebook.com/dyi

   6. Recovery routes if the number will not disappear

   • Compromised account flow to force-remove attacker contacts: https://www.facebook.com/hacked

   • Secure account wizard: https://www.facebook.com/security/secure_account

   • Report a login issue, manual review: https://www.facebook.com/help/contact/357439354283890

   • Confirm your identity, upload ID if needed to clear contacts: https://www.facebook.com/help/contact/183000765122339

   7. Extra spots worth checking

• Code Generator page, turn off any legacy factor: https://www.facebook.com/settings?tab=security&section=code_generator

• Security and Login landing: https://www.facebook.com/settings?tab=security

• Business People list to remove unknown admins who could re-add numbers: https://business.facebook.com/settings/people