Many times digital marketers have to go through their worst nightmare of getting their Facebook account hacked. In such a case, either fake charges are being run up on their account or it is completely taken over by a hacker. Now, dealing with the aftermath of a hacked account can be quite expensive as the hacker can exhaust your ad spend resulting in the advertiser having to start over from scratch. This is the reason why you should prioritize your account security.

Now, before we move forward and explain to you how to secure your Facebook account from getting hacked, let’s first learn how to deal with a situation if your account gets hacked.

Things To Do If Your Facebook Ad Account Gets Hacked

The first and foremost thing you need to do in such a scenario is to get control over your account again. Follow these steps immediately to regain control over your account.

Step 1: Find Out Whose Account Was Hacked

It is a known fact that you get access to your Facebook Ad account through your personal Facebook account only. This implies that for a person to get into your Ad account they will have to hack your personal account first.

Now, you will have to figure out which personal account has been hacked. To do so, you need to mark a check on the activity history in one of the ad sets which will reveal the name of the person using whose account the changes were being made.

For this, click on the clock icon on the right-hand side of your Ads manager.

After setting the date range, a list of all the changes made along with the name of the person who made the changes will be reflected on your screen.

Next, you have to spot an account that is creating fake ads and if you are successful in finding it out, you will obviously conclude which account is giving you problems.

Alternatively, you can find out who tried to hack your account by going to your “personal settings” page. When you reach that page, click on the “Security and Login” tab. There is a section that will give you the information on the devices and location where you have recently logged in.


If you spot login information from somewhere you don’t recognize, then chances are that your account was hacked. It is advised that you get it checked by everyone in your team ASAP.

Step 2: Delete The Account That Was Hacked

Now that you know which account has caused you trouble, the next step is to delete the account which was hacked. For this, go to your business settings, click on “People” and click the trash icon next to the ad account you wish to remove.

Step 3: Enhance Your Account Security

When you have tackled the situation by removing the account that was hacked, the next thing you need to do is to enhance your account security to avoid such incidences in the future and to get rid of that hacker permanently.

Facebook has laid out a particular procedure for it. To do so, login and search for “hacked.” When you search for it, you will find an option to Secure Your Account On Facebook.

By clicking on it, you will be redirected to a page where Facebook will ask a few questions to help you resolve the issue.

Follow the prompts displayed on the page to get rid of the hacker.

In the case when a hacker changes your password and you are not able to login into your account, you can still secure your account by visiting the following link:

Step 4: Inform Facebook Of The Situation

This step can be avoided if the hacker didn’t use your ad spend. But, in some cases where hackers exhaust your ad spend, you need to inform Facebook to avoid paying those charges.

Unfortunately, getting in touch with an executive at Facebook isn’t that simple or easy. If you have some friend or any account representative, you can contact them, else, you can reach out at the following page:

Scroll down and look for the contact option at the end.

If that option doesn’t appear to you, this could mean that the Facebook team might be too busy at the moment. You can come back and try connecting with them again after a few hours.

When you finally get in touch with a Facebook representative, tell them everything that happened to your account. If the hacker created new ads, we advise you that you don’t delete those ads just in case the Facebook team wants to verify your claims.

How To Protect Your Facebook Account From Getting Hacked?

By this time you know how to deal with the aftermath of getting your account hacked. But how do you protect your account from such fraudulent activities in the future?

Unfortunately, there is no tried and tested way to provide you 100% security and safety. But there are some security measures provided by Facebook that you can follow to protect your ad account.

Step 1: Understand How Hackers Get Access To Your Account

First things first, you need to understand how hackers get access to your account. Here are a few tricks that hackers follow to break into your account:

Phishing Scams

Quite often we receive spam emails that claim that they are from reputed sites like Facebook, Amazon, Paypal, etc. These emails redirect you to a website that completely resembles the actual website and requires you to sign up on it. But such websites are actually a fake version and steal your login credentials.

Email Attachments

Another type of such fraudulent emails is the ones with an attachment containing an “invoice” for a purchase you didn’t make. When you open the file, it will execute some type of malware that is designed to steal your information.

Whenever you receive such suspicious emails, it is important that you check the “from” address to confirm if they are actually sent from the actual website or not.

Data Breaches

Some people use the same email and password for different sites. In such a case, the possibility is that if your login was hacked elsewhere your other accounts end up getting hacked as well.

Hackers have some tools to automatically test email/password combinations looking for valid logins to other websites (like Facebook).

You can try using one of these services to be cautious whenever your emails come up in a data breach:\

Step 2: Enhance Your Password Security

The simplest way to protect your Ad account is to enhance your password security. Moreover, you should keep changing your password at regular intervals. Also, now that you know that hackers get into your account by stealing your information from less secure sites and use them for more secure sites like social media, email, and bank accounts. This is the reason why you should never use the same password for multiple websites.

Step 3: Take Away Access From Any Admin That Doesn’t Need It

It is as simple as it seems: don’t give access to people who don’t need it. The more people who have access to your account, the more possibility there is of your account getting hacked.

And in a situation when you need to add someone temporarily, ensure that you remove them immediately thereafter. This will restrict the use of your account only to the people who actually need access to it.

Step 4: Keep A Track Of Your Apps

Apps or integrations are another way through which hackers break into your account. Besides, paying attention to the users section, you should keep a track of this area as well. You should not give permission to apps or integrations that you don’t need.

To review your apps, just go to your Business Settings, and click on “Apps.”

Step 5: Enable Two-Factor Authentication

One of the most effective ways to secure your personal account is to enable two-factor authentication. When you do so, the hacker can’t break into your account without also having your phone.

You can turn it on in your personal Facebook account by following these steps:

1. Go to the upper-right corner and click on the menu button.
2. Click on “Settings and Privacy”
3. Select “Settings”

You have the option to authenticate with a text message or with an authentication app like Google Authenticator or Authy.

Step 6: Require Two-Factor Authentication in Business Manager

Even though two-factor authentication is a prominent security measure to protect your account but you can do so in your personal settings, which implies that you can’t automatically turn it on for your other Admins.

But in the Business Manager, you can require that people with access to your page turn this setting on in their account.

Step 7: Draft A Security Policy

Even though the steps mentioned above will help you to protect your account but they can’t magically keep away hackers from your account. There are still chances that hackers can break into your account through some other methods.

This is why we advise you to promote a culture and environment of security and create systems that are designed to foster responsibility among your team members.

You can do so by encouraging your team to pay more attention to security and to take action whenever there is a change in your account.

The best way to encourage your team is by drafting a security policy and making your team sign it. Now, the purpose of this policy here is not to hold people liable if something goes wrong. Rather, the purpose is just to make your team understand the importance of security and to ensure they act seriously and responsibly towards it.

Team IdeaClan

Team IdeaClan

A martech company with 10+ years in the market that is engaging technology and media buying skills to transform the face of digital marketing