Facebook Business Page Hacked? Regain Control with These Steps
A hacked Facebook (Meta) account can be an absolute nightmare for business owners and have severe repercussions. From unauthorised access to potential data breaches, the aftermath of a hack can take time to work through.
If you are wondering what you need to do after your business's Facebook page is hacked, we've created this blog with the necessary steps to walk you through.
Work Out Which Personal Facebook Accounts Have Access To Your Business Accounts
First, it's essential to understand that every Facebook (Meta) business page is linked to at least one personal account. This is necessary to set up an account, but the personal account may not necessarily belong to the owner of the business.
People often have their Facebook business page set up by someone who works for them or helps with social media and marketing. The person who initially set the account up is generally deemed the owner of the business page. Multiple personal accounts may be linked, given either an Admin role or access for other purposes, such as adding content.
Why is this important, though?
If your Meta Business pages have been hacked or someone is trying to access them, the access attempt may have come from a linked personal account. This may be yours, a friend who helped you set it up or someone in your digital marketing team.
Not the person with the account access (hopefully!). But a hacker who is trying to gain access to your business page via a personal page linked to your account.
Recognising the Signs of a Hacked Facebook Account
Often, small, unusual changes may indicate that your Facebook (Meta) is being accessed before full access to your account is gained. Being aware of anything that seems a bit suspicious can help with early detection.
Signs that your account may have been hacked include:
- Receiving emails or text messages with codes you did not request, or getting an email about new devices logging in - or new emails being added to your account. If you receive anything like this, either respond to the email to indicate you did not make these changes or go through the online troubleshooting for businesses.
- Changed credentials, such as a new phone number or additional emails added to your contact or login details. If you notice changes to your email or password without your consent, it's a red flag, and you should start securing your account immediately if possible.
- Altered profile information, such as changes to your name, birthday, or other details, can indicate unauthorised access.
- Messages or posts from online friends letting you know that they've noticed unusual activity in your feed or have received messages from your account that don't seem like they are from you. This is usually a clear sign your account has been accessed.
- If friend requests or business page follows are sent to individuals you don't know, it might be a hacker trying to expand their reach.
Essential Steps To Take If Your Facebook Business Page Is Hacked
If your account has been compromised, taking action as early as possible is essential to minimise any potential damage. Here's how to get started.
If you cannot access your accounts anymore, take these steps.
Contacting Facebook Support
When faced with persistent issues, reaching out to Facebook's support team is crucial. Visit the Facebook Help Center, report the issue, and provide a detailed explanation of the situation. While response times may vary, making an effort to contact support increases your chances of receiving assistance.
Secure Your Credit Card
If you have financial details stored for ad accounts, call your bank or credit card company and explain the situation. They can offer to put a hold on transactions, help monitor suspicious transactions and may advise you to cancel your card if the situation poses a risk of financial loss.
Strengthen Your Passwords To Any Linked Accounts
Check security and login settings on any linked email accounts and website credentials. Update your passwords and ensure two-factor authentication or multi-factor authentication is switched on.
Secure Other Meta Accounts
Check if any linked Meta accounts, including Instagram and WhatsApp, have been affected.
Let Any Other Businesses Or Individuals Linked To Your Account Know What Has Happened
Notify any other businesses you may have access to in Business Manager and ensure they know that your personal account and/ or business account has been breached.
Run A Scan For Virus Or Malware On Your Devices
Make sure you've covered all of your bases and check the general security of your online space by running a scan.
If you still have some access to your personal Facebook account or Business Manager account, follow the steps below.
Change Your Password Immediately
When you suspect a hack, change your password and check your login settings. Ensure any emails or linked phone numbers are correct and unchanged. Opt for a robust and unique combination of characters to enhance security.
Report Possible Access To Facebook, Your IT Support & Your Digital Marketing Team
Contact Facebook (Meta) support and let them know what isn't right; they can often provide further information on hacked accounts you may not be aware of. Talk to your IT and Cyber team if you have one, and also mention it to anyone managing your digital assets or helping out with social media management.
Enable Two-Factor Authentication (2FA) or Multi-Factor Authentication (MFA)
Add extra layers of protection by enabling 2FA or MFA. This ensures access requires additional verification steps even if your password is compromised.
Review Account Activity on Your Personal Facebook Page and Business Manager
Examine your recent business and personal accounts activity to identify unauthorised logins or suspicious actions. Facebook provides tools to review where and when your account was accessed.
Log Out of Other Devices
Force log out from all devices to ensure that the hacker loses access. You'll need to log in to your Facebook page with your new password on your mobile device and different browsers. From work or other places, you may access your account.
Secure Your Ads Account
If you use Facebook ads, and your Facebook Ad account has your card details stored there, it's worth removing them if you are not running any active campaigns or ads. Another option is to consider using a separate card for your ads account while you manage the incident.
Strengthen User & Admin Access Control
Have a look at who is listed as Admins or users on your Facebook business account and Business Manager account. People are often surprised to see that someone who helped with set-up a decade ago or added some content still has complete control of the page. Remove any users who don't need to be there, and give any new users the lowest level of access required to complete their tasks in the future.
Check Connected Apps
Review the apps connected to your Facebook account, especially those recently added. Remove any that seem suspicious or unnecessary.
Review Access To Any Programs or Apps That You Use Facebook To Login With
If you use Facebook as an alternative login credential to apps or programs, check to see if any changes have been made to these accounts and any billing anomalies.
Scan for Malware
Run a thorough antivirus and anti-malware scan on your device to ensure it's not compromised.
Securing Your Account to Prevent Future Hacks And Access Attempts To Your Facebook Business Page
Once you've jumped through the hoops of updating your security settings, ensuring your account has a strong password and taking any other steps needed to secure your account, you can take further steps to keep your Facebook security strong.
Regularly Update Passwords
It's easy to forget to do this, and it can be worth setting a reminder. Change your passwords regularly and avoid using the same password across multiple platforms.
Don't give anyone access to your business account unless they need it. If you have someone monitoring posts or adding content, give them a lower level of access. Always be mindful of who has full Admin access, as this will give them a complete view of everything and the ability to delete your Facebook business profile.
Educate Your Team
Educate your team about cyber security best practices if your business account involves multiple users. Awareness is crucial in preventing future breaches.
Stay Informed About Security Features
Keep yourself updated on Facebook's security features. The platform often introduces new tools to enhance user protection.
Regularly Review Privacy Settings
Periodically review and update your privacy settings. Facebook provides customisable settings to control who sees your information.
Monitor Third-Party Apps:
Be cautious about granting access to third-party apps. Regularly review and revoke permissions for apps connected to your Facebook account. This is true for known and trusted apps (because multiple entry points can increase the potential for access), but especially for third-party apps you know little about.
Why Can't I Get Access To My Facebook Business Profile After It's Been Hacked?
In some cases, business and personal account owners may have issues regaining access to their own accounts or find it hard to access the support or assistance they require.
There are numerous reasons that this can happen, including:
- Your personal account has been hacked and is still compromised
- An agency or employee set it up, and you only had limited access, despite being the business owner. If this is the case, go to your business page and check to see who the business owner is. If it's someone from your marketing team, get in touch, and they should be able to help (unless their account has been hacked simultaneously).
- Details of your Facebook business page are different to your personal account name, and even though you had access, support centre or automated security checks have highlighted an issue
- There have been too many access attempts in a short space or from multiple/ unrecognised IP addresses.
Other Reasons Why Facebook May Hesitate to Restore Access To A Hacked Business Page
If you are still having issues getting your page back, there may be other reasons to consider - which may have been picked up at the same time as a hack. Here are some final avenues to explore if you cannot regain access.
Incomplete Proof of Ownership
If your proof of ownership is insufficient or lacks clarity, Facebook may hesitate to restore access. Ensure the provided documents establish your connection to the page, leaving no room for ambiguity. You may never have had an issue previously, but an issue here may have been flagged when Meta did security and login settings checks.
Facebook employs sophisticated algorithms to detect unusual or suspicious account activity. If your account displays patterns indicative of potential compromise, the platform may delay access restoration to thoroughly investigate and secure the account.
Pending Ongoing Investigations
If Facebook is conducting an internal investigation into the hacking incident, access restoration may be temporarily delayed. The platform prioritises the safety and integrity of user accounts, and ongoing investigations may influence the timeline for resolution.
In situations where conflicting claims arise and multiple parties assert ownership of the hacked account, Facebook may take extra precautions to ensure a fair resolution. This process can extend the time it takes to regain access.
Facebook adheres to legal regulations and may withhold access if there are legal implications surrounding the ownership of the account. This cautious approach aims to prevent unauthorised transfers and potential legal complications.
Unverified Contact Information
Outdated or unverified contact information linked to the hacked account can impede the restoration process. Ensure that the contact details associated with the account are up-to-date and can be easily verified.
If the hacked account has a history of policy violations or misuse, Facebook may exercise additional caution before restoring access. Address any outstanding policy concerns to facilitate a smoother resolution.
Understanding these potential reasons for access delays can help you navigate the recovery process more effectively. By proactively addressing these issues and providing clear, verifiable information, you enhance your chances of expediting the restoration of your hacked Facebook account.
To regain access, you may need to supply documentation that you are the business owner, including personal identification and business ownership verification. If you are having difficulty doing so, a technology lawyer, specialist Facebook agency or your IT should be able to help you resolve the issue.
Why Would Hackers Access My Facebook Business Account?
While it's hard to always know exactly why someone may have accessed your account, these are some of the most common reasons.
- Gaining access to financial details, through your ads account
- Using your network to gain access to other accounts
- Sending scam or phishing emails from your business account
- Identity theft, or gaining client or customer data
Properly securing your Facebook account is essential for protecting your business and integral to your overall online privacy. By promptly addressing a hack and implementing robust security measures, you can mitigate the potential fallout and fortify your online presence against future threats. Remember, staying informed and proactive is critical to safeguarding your business in the digital realm.
If you still haven't been able to access your account, combining technical solutions with legal avenues can be the key to resolving complex ownership disputes. By staying persistent, providing substantial proof, and seeking professional advice when needed, you increase your chances of reclaiming control over your business's digital assets.
Disclaimer: This is general information only. Please contact us for further guidance or seek independent legal advice that considers your unique personal situation before making any decisions based on the information in this communication.