Signs your account was compromised
The early signs that the account may have been taken over or partially exposed.
Still need help?
Use the help form to share the affected platform, timeline, prior attempts, and the support you need.
What to expect
Short, practical guidance with next steps.
Start here
This article explains the account issue in plain language and shows the safest next step.
What to do now
A compromised account often shows itself through changed email addresses, unknown sessions, messages you did not send, or recovery details that no longer belong to you. These signs are more useful than guessing whether the password itself was stolen.
Start here
Signs your account was compromised
This article explains the account issue in plain language and shows the safest next step.
Understand the issue
Signs your account was compromised
A compromised account often shows itself through changed email addresses, unknown sessions, messages you did not send, or recovery details that no longer belong to you. These signs are more useful than guessing whether the password itself was stolen.
What to do now
Check for changed email, phone, password, or sessions you did not start.
Secure the email inbox and recovery methods before going further.
Use the security-review page with the compromise signs recorded.
Prevention tips
Regular session review, password hygiene, and two-factor authentication reduce the odds of a quiet takeover.
Real examples
How this usually shows up
A the account takeover often starts with a small change: a new recovery email, an unknown session, a password reset notice, or messages sent from the account. Those details matter because they show how control may have changed.
Many users focus only on the social profile and forget the email inbox. If the inbox is still exposed, the attacker may be able to reverse a password reset or keep receiving recovery notices.
Business pages, ad accounts, groups, and payment methods can stay exposed after the profile is recovered. Review connected assets before assuming the account is safe again.
Mistakes to avoid
Resetting before securing email
If the inbox is exposed, a password reset may not hold. Secure the inbox and active sessions first.
Ignoring connected assets
Pages, business accounts, ad accounts, and payment methods can remain at risk after profile access returns.
Deleting evidence
Save notices, session details, and changed recovery methods before removing anything suspicious.
Related support pages
Use these support pages when the article points to a direct recovery or review step.
Security Review
Review recovery channels, two-factor settings, active sessions, and connected Meta ecosystem accounts.
OpenAccount Recovery Help
Start account recovery help for Facebook, Meta, Instagram, WhatsApp, Messenger, Threads, Quest, or Meta Pay.
OpenRequest Account Help
Choose the affected platform and describe the recovery problem so the next steps are clear.
OpenRelated articles
Keep reading if you need more background before taking the next step.
How two-factor authentication helps
Why two-factor protection matters and how it changes the risk profile after a login issue.
OpenWhat to do after a password reset
The next steps that matter after changing a password so the same issue does not return.
OpenHow to check linked sessions
Why session review matters and what to look for before you trust the account again.
OpenStill need help?
Use the help form to share the affected platform, timeline, prior attempts, and the support you need.
Questions people ask
Useful answers before you continue
What is the clearest sign of compromise?+
A change you did not make: email, phone, password, or sessions.
Should I contact support immediately?+
Yes, after securing the inbox and checking active access.
What should I secure first?+
Secure the email inbox, recovery phone, trusted device, and active sessions before assuming the social account is safe.
What should I check after recovery?+
Review sessions, recovery methods, two-factor settings, connected business assets, and payment methods.