What to do if your Instagram or Facebook is hacked

By Iulian · Published 4 June 2026

Losing a social account is stressful, and it puts your friends and followers at risk too, because scammers use hijacked accounts to target the people who trust you. Here is how to get back in and lock it down. Act quickly.

Signs your account has been hacked

• You are logged out and your password no longer works.
• Posts, stories or messages appear that you did not create.
• Your email, phone number or username has been changed.
• Friends report odd messages from you, often a “great investment” or a plea for money or a verification code.

Getting the account back

1. Use the official recovery flow. Both Instagram and Facebook have a dedicated “hacked account” recovery process. On Instagram, look for the “My account was hacked” option on the login screen; Facebook has its facebook.com/hacked recovery page. Follow the identity checks.
2. Check your email first. Attackers often change your account’s email, so a hijacked email account can be the real root. If yours looks affected, sort that first: what to do if your email has been hacked.
3. Reset the password to a strong, unique one once you are back in.

Lock it down

• Turn on two-factor authentication straight away, so a stolen password alone can’t get back in. See our 2FA guide.
• Review logged-in devices and sessions and remove any you do not recognise.
• Check connected apps and revoke anything unfamiliar.
• Make sure the email and phone number on the account are yours again.

Protect your followers

Once you’re back, post a quick note telling followers to ignore any recent messages from you, especially anything about money, crypto or “click to vote/verify.” A hijacked account’s main job is to scam the people who trust it, so the warning matters.

If the hack led to money being taken from you or someone else, follow what to do if you’ve been scammed. More in our devices and accounts section.