Allison Harris

Allison helps churches in our Grow program by building their custom Google Ads and making sure their accounts are r... read more

How to Fix a Hacked Facebook Account - and 4 Ways to Prevent It

Oh no!  My Facebook Account has been hacked!

Realizing- or imagining!- something fishy is happening with your church’s Facebook account (or your personal Facebook!) can be nerve-wracking.  But slow down for just a minute.

Take a breath.

There are things you can do to prevent it from happening in the first place.

If you’re past the point of prevention, never fear!  As frustrating as this is, it happens fairly often and you’ll get through it!  Keep reading and we’ll walk you through what to do.

Preventing a Hacked Facebook Account

I have good news for you if you’re thinking, “I wonder if there’s anything I can do to prevent someone hacking my church’s Facebook page or my personal profile?” 

Here it is:

Two-Factor Authentication, two-factor authentication, and two-factor authentication.

Make sure that you and everyone else who has access to your church’s account sets it up.  Everyone. No exceptions. I’m serious. I’m not kidding.

The most common two-factor authentication method is to receive a text with a code, but there are other options as well, so everyone on your team can and should find a method that works for them. 

Here’s how to turn on two-factor authentication.

Go to Settings & Privacy, click Settings, then click Security & Login on the left menu. Scroll down until you see “Two-factor authentication,” click “Use two-factor authentication,” enter your password, then pick the method you want to use and follow the prompts. 

Church Facebook Hack

Set up Your Business Account to be Secure

Aside from two-factor authentication, the second non-negotiable measure to protect your Facebook Ad Account from getting hacked is to set up a Facebook Business Manager Account in the following way: 

As a Facebook Manager admin, you can require everyone with access to your Manager account to log in using two-factor authentication.  Use this superpower immediately. 

Speaking of admins, make sure your account has at least two. This way, if you get locked out for any reason, someone still has admin powers. 

Add all your Facebook assets– pixel, ad accounts, pages, Instagram accounts, partners, payment methods etc.–to the same account as well as all your team members. Having everything and everyone in one place makes it easy to ensure that security best practices are being used at every turn. 

Finally, use every verification step–Address, phone, email, tax ID, etc.–that Facebook makes available to you, both on your page and in your business settings. Reassuring Facebook that you are who you say you are helps protect you from impersonators later one (Help center)

Additional Ideas for Preventing a Hacked Facebook Account

Set up a backup method when you set up two-factor authentication.  

Two-factor authentication helps prevent your Facebook account from getting hacked, but if your default authentication method isn’t available, you could end up locked out. Setting up a backup method ensures this doesn’t happen. For example, you may have Facebook text you a code as your main verification method, but you could also print some recovery codes in case an issue with your phone prevents you from receiving a text.

Remove unnecessary apps from your Facebook account, which can help prevent a hack

Go to “Settings,” then scroll down the left menu to Apps & Websites. Remove any apps that you don’t currently use. Then, go back to the Settings & Privacy menu, select “Privacy Checkup” then click on “How to keep your account secure”. Follow the prompts to discover any further steps you can take to keep your account secure.

Finally, Policy Tool recommends you use a reputable virus/malware scanner to regularly check your social media for suspicious software or links.

Now, if you’re reading this article because you need help SOLVING an account issue and think you might’ve been hacked, the rest of this guide is for you!  First, settle your nerves & let’s check to eliminate other possibilities besides hacking:

Step 1: Confirm your Facebook Account was Hacked

Let’s start by confirming that your Facebook account really was hacked. Sometimes people try to pull shenanigans that aren’t really hacks, so let’s make sure none of those are at play. 

If you’re having trouble signing in to your Facebook account, skip to the next section. 

If you can still get in, one of the following non-hacks might be at play:

  • Someone may have set up a Facebook account that resembles yours and is tricking people into thinking they’re corresponding with you.  

In this case, they haven’t actually accessed your log-in information and you just need to Report  the imposter account to Facebook and patiently wait for them to remove it. 😀

  • If something makes you think someone unauthorized has gotten into your account but you can still log in, immediately go to Settings > Security and Login, select log out of all sessions, then change your password (Clark, 2021).  

If this is for your church’s Facebook page, don’t forget to update your Accounts Listing spreadsheet inside the Foundations Course!

If You Can't Log In

First, do a quick Google search and make sure Facebook isn’t experiencing an outage.  While this is rare, it has happened before.  Sites like downforeveryoneorjustme.com can help, too!

If you don’t have two-factor authentication set up on your Facebook Account yet, skip to the next section. 

If you do have it set up, let’s make sure two-factor authentication is working smoothly before we conclude your sign-in issue is a hacked Facebook account.   

When you’re testing two-factor authentication, sometimes texts take a few minutes to arrive, so be patient. Try restarting your phone or waiting a few minutes and trying again, since a text not coming in could be a glitch with your phone or your cell service provider. 

If it’s been 10-15 minutes and the text still isn’t coming in, double check your blocked numbers on your cell–you could have accidentally blocked Facebook from texting you.  

Alternatively, check the email associated with your Facebook account, since Facebook might have sent you an email with a link that you can use to log in.  (If Facebook sends you an email asking for your login information or sending you a password as an attachment, however, this is a scam. Don’t reply or click the attachment. Learn more about phishing and how to report it here)   

If you printed a security code when you set up two-factor authentication, now is the time to use that ace-in-the-hole.  

Finally, try using a device and browser that you’ve used before, since Facebook might recognize it and let you in. 


Step 2: Getting Your Facebook Back After You've Been Hacked

If you’ve followed the steps above and determined that you were, indeed, hacked, don’t despair!  Facebook has designed an appeal process specifically for this issue.  You can find it here: https://www.facebook.com/hacked

And yes, you are going to have to use the automated service; there’s no customer support hotline or email address for Facebook. Follow the appeal process and be patient. In Chris Abbott’s experience, uploading your ID might get you in within the day, or it might take a few days. Just hang tight, it should work. 

The one exception to the “you-can’t-talk-to-a-human-at-Facebook” rule applies if a Facebook representative has ever contacted you before. If they have, Ryan Wakefield suggests reaching out to that representative again and asking for help with your appeal. 

If your ad account, and not your church’s Facebook page or your personal profile was hacked, please proceed to the next section.

What if My Facebook Ads were Shut Down?

Again, if your Facebook Ads were shut down, your Facebook Account might not have been hacked.  Your ads could have been disabled for another reason.  There are a number of reasons this can happen, ranging from issues with your landing page to a mistake by the bots.  Use this article to verify that the problem isn’t with your ads or your site. If you can’t find the issue, visit the “What You Can Do” section of your “Account Quality” page and “Request a Review”. Some tips from Molly Pittman for requesting a review include:

  • Be kind.  A human is going to review your appeal, so talk to them the way you’d want to be talked to.
  • Be concise.  The representative handling your case will appreciate not having to wade through multiple paragraphs to understand your problem. 
  • If you don’t hear back within a week, reappeal. Yes, hold on to your patience, but repeating attempts ensure your request isn’t lost in the shuffle 
  • Use your connections. Again, if you have previous contact with a Facebook representative, reach out to them and ask for help.

I have a Hacked Facebook Ad Account. What should I do?

Once you’ve determined that your Facebook Ad Account has been hacked or permanently shut down, Ryan recommends setting up a new account under Facebook Business Manager, and taking steps to ensure that your new account is well secured.  You might also want to reach out to your credit card company to make them aware of the hack, since your payment information may have been compromised.

If you can still log in, open the help menu by clicking the question mark icon. If there’s a “contact support team” button, go ahead and click it and chat with the support team. 

Don’t see the “contact support team” button? Apparently not every manager account has it.  Don’t sweat it, there are workarounds.

According to Molly Pittman, you might be able to boot the hacker out of your account: 

  1. Go to your activity history (the clock icon) and see which user made the suspicious changes. GO to “People” and boot that user from the manager account. 
  2. If a team member was hacked and the hacker used their account to get into your ads, notify the person and have them secure their account. 
  3. Ask every person who has access to the account to go to their personal Security and Login and see if it shows any suspicious locations or devices.  Anyone who sees something suspicious should let you know so you can boot them from the manager account, and they should secure their account immediately. 

For help securing your account, click here.

Again, If you have past experience with a Facebook rep, it won’t hurt to ask them if they can help. 

What if you can’t log into your manager account? Still follow the prompts here to secure your account. 


What to do When You Instagram Account Gets Hacked

If you think your Instagram account has been hacked or you want to protect it from hacking, the process is very similar to that for a Facebook Account. 

This help center article describes what to do better than I ever could.  

If your Instagram is shut down not because of a hack but because Instagram believes you’ve violated their rules, this is the page you need.  

If you’re having trouble logging in and you already have 2 factor authentication turned on, scroll up to the two-factor troubleshooting guide in this article.  It’s the same as for Facebook.    

Want to prevent an Instagram account hack? Just like with your Facebook account, turn on two-factor authentication, add it to your Manager account, be wary of emails or apps that request your login information, and revoke Instagram access on third-party apps that don’t need to have access to your Instagram account. 

And that’s it!  You got this!

This article was powered by snacks. Thank you for reading it through to the end. If you found it helpful, you can email the author at allison@churchmarketinguniversity.com and she may or may not send you a recipe for something delicious.