How to Recover a Hacked Instagram or Facebook Account
A calm, step-by-step guide to getting back into a hacked Instagram or Facebook account using Meta's official recovery flows, including what to do if the attacker changed your email, plus how to lock the account down afterward.
Losing access to your Instagram or Facebook account is frightening, but take a breath: in most cases the account can be recovered. Both apps are owned by Meta and share similar official recovery tools, even when an attacker has changed your password, email or phone number. This guide walks you through the real, current recovery steps for each platform calmly and in order, then shows you how to lock the account down so it does not happen again. Work through it on a phone or computer you trust.
- Go straight to the official pages: instagram.com/hacked or facebook.com/hacked. Never use a phone number or service you found in a search ad.
- Request a login link or security code first; if that fails, use identity verification (a video selfie if your account has photos of you).
- If the attacker changed your email, check your old inbox for a Meta message and use the "secure your account" reversal link within 24 hours.
- After you are back in, change your password, turn on two-factor authentication, and remove unknown logins and apps.
- Meta has no phone support. Anyone offering paid "recovery" is a scam.
Signs your account has been hacked
- You suddenly cannot log in, and your password no longer works.
- You received an email saying your password, email address or phone number was changed, and it was not you.
- Friends report messages, posts, stories or crypto/investment ads coming from your account that you did not send.
- Your profile photo, username, name or bio has changed.
- You are logged out on all your devices at once.
Do this first (both platforms)
- Check the inbox of the email address linked to the account for any message from Meta about a recent change. If you find one, do not delete it; you may need its reversal link.
- Secure that email account itself. If a hacker controls your email, they can keep resetting your social passwords. Change your email password and turn on two-factor authentication there too.
- If you are still logged in anywhere (for example the app on an old phone), stay logged in and skip straight to locking it down.
- Do not pay anyone, including the hacker. Paying does not get accounts back.
How to recover a hacked Instagram account
Start at the official page instagram.com/hacked on any browser, or open the login screen in the app.
- On the login screen, tap Get help logging in (Android) or Forgot password? (iPhone).
- Enter the username, email or phone number for the account and request a login link or security code. If you still have access to that email or phone, use the code to get straight back in.
- If the code does not arrive or those details were changed, go to instagram.com/hacked and choose My account was hacked. Follow the prompts.
- Instagram may ask you to verify your identity. For accounts that contain photos of you, it will ask for a video selfie: you record a short clip turning your head in different directions, and Meta compares it to photos on the account. For business or logo accounts it may ask for an email or a government ID instead.
- Submit and wait. Meta usually responds by email, often within a day or two. Check the email it sends and follow the link to set a new password.
If your login attempt is flagged as suspicious, Instagram may also show a "This wasn't me" option that lets you secure the account directly. Use it if you see it.
How to recover a hacked Facebook account
Start at the official page facebook.com/hacked.
- Select the option that your account has been compromised. Facebook will try to find your account.
- If your password still works, log in and Facebook will walk you through securing the account. If it does not, choose to recover the account and identify it using your old email, old phone number, username or full name, even if the hacker has changed the current ones.
- If you cannot get a code because the contact details were changed, look for the "No longer have access to these?" link and follow it to verify your identity another way.
- Confirm your identity when asked. Options can include an email or SMS code, a video selfie (now available for many accounts that have a profile photo of you), a government-issued ID upload, or, if you set them up beforehand, your trusted contacts, who receive recovery codes to pass to you.
- Once verified, reset your password to something new and unique.
Identity reviews on Facebook typically take from 24 hours to a few days. Watch the email inbox you can access for Meta's response.
If the attacker changed your email or phone
This feels like the worst case, but Meta builds in a safety net. When someone changes the email on an account, Meta sends a notice to the old email address.
- Open your old email inbox and look for a message from Meta saying the email was changed, with a line like "If you didn't make this change, secure your account."
- Click that reversal/secure link. It generally works only for a limited window (often around 24 hours), so act quickly. It reverses the change and lets you take the account back.
- If the window has passed or there is no such email, fall back to identity verification at instagram.com/hacked or facebook.com/hacked as described above. A video selfie or government ID does not depend on the email or phone the hacker controls.
Lock it down after recovery
Getting back in is only half the job. Do these in order before the attacker tries again:
- Change your password to something long and unique you have never used elsewhere.
- Turn on two-factor authentication. In Settings, open Accounts Centre, then Password and security, then Two-factor authentication. Choose an authenticator app or your phone number. This is the single most important step.
- Check where you are logged in. Under Password and security, open "Where you're logged in" and remove any device or location you do not recognise.
- Revoke suspicious app access. In Settings, find Apps and websites (or Business integrations) and remove anything unfamiliar; these can be used to get back in.
- Review your contact details. Confirm the email and phone number on the account are yours, and delete any the attacker added.
- Warn your contacts. Post or message friends to say you were hacked and that any odd messages, money requests or links sent while you were locked out were not from you.
Beware fake "recovery service" scammers
Frequently asked questions
How long does Meta take to recover my account?
Often a day or two, sometimes up to about a week for complex cases. Submit your request once and wait for Meta's email rather than filing repeatedly, which can slow things down.
What if I do not have photos of myself on the account?
The video selfie option mainly helps personal accounts with photos of you. For business, brand or logo accounts, Meta will instead ask for an email confirmation or a government-issued ID. Follow whichever option it offers on the recovery page.
The hacker is posting scams from my account. What now?
Keep working through recovery, and ask friends to report the account or specific posts so Meta is alerted. Once you regain access, delete the fraudulent posts and warn your followers.
Can I just call Instagram or Facebook?
No. There is no customer phone line for personal accounts. Everything happens through instagram.com/hacked, facebook.com/hacked, and Meta's email replies.
Official help links
- Instagram: instagram.com/hacked
- Instagram Help: Hacked Instagram account and If you think your account has been hacked
- Facebook: facebook.com/hacked
- Facebook Help: Recover a hacked account, Recover your account if you were hacked, and Confirm your identity
- India: if money was stolen, call the national cyber-crime helpline 1930 or report at cybercrime.gov.in.
If money was stolen or you need to report the crime, see our cybercrime help hub for country-by-country reporting and recovery steps.