Facebook or Instagram Account Hacked? Here Is How to Get It Back in Australia

Your Facebook or Instagram account has been hacked. Maybe you are locked out. Maybe a friend told you strange messages are coming from your account. Maybe you are seeing posts you did not make. This is an increasingly common attack in Australia — and while it is stressful, most accounts can be recovered. Here is exactly what to do.

Why Criminals Hack Social Media Accounts

Social media accounts are valuable to criminals for several reasons. Your friends trust messages that appear to come from you — making your account a perfect platform for scamming your contacts (requests for money, fake investment schemes, gift card scams). Your account may have payment methods attached that can be used for purchases. Business accounts and pages with large audiences can be held for ransom or used for scam advertising. And your account data — messages, contact lists, personal information — can be mined for identity theft and further social engineering attacks.

Step 1 — Try to Log In Immediately

If you still have access, go to Settings and Security immediately. Check Logged In Devices and log out all other sessions. Change your password right now to something strong and unique. Enable two-factor authentication if it is not already on — this is the most important step to prevent reoccurrence. Check your connected apps and remove any you do not recognise.

Step 2 — Use the Platform's Recovery Process If Locked Out

For Facebook: go to facebook.com/hacked and follow the account recovery process. Facebook will attempt to verify your identity through your email address, phone number, or trusted contacts. If your email and phone associated with the account were also changed by the hacker, the trusted contacts method or identity verification via photo ID may be your only option. For Instagram: go to the login screen, tap "Forgot password" and try recovery via email, phone, or Facebook account. Instagram also has a selfie video verification for accounts where the email and phone have been changed.

Step 3 — Secure the Email Account First

Before attempting social media recovery, check whether the email address associated with your account is still accessible. Hackers often gain access to social media by first compromising the linked email account. If your email has also been compromised, recover that first — and check for email forwarding rules that allow the hacker to continue seeing your emails even after you change the password.

Step 4 — Warn Your Contacts

Using another platform — phone call, SMS, or a different social account — let your friends and family know your account has been hacked and to ignore any messages or requests that came from it. This is especially important if the account was used to send scam messages or requests for money to your contacts.

Step 5 — Report to the Platform

Report the compromised account to Facebook or Instagram using their dedicated reporting tools — this can help with the recovery process and flags the account to prevent further abuse.

If You Cannot Recover the Account

Unfortunately, if the hacker has changed your email, phone number, and the account has no other recovery options, permanent loss of the account is possible. Meta's support for account recovery is limited. In this case, creating a new account and notifying your contacts is often the practical path forward. For business accounts and pages that represent significant commercial value, professional assistance navigating Meta's business support channels may be worth pursuing.

Preventing It Happening Again

Two-factor authentication (2FA) is the single most effective prevention. With 2FA enabled, a hacker who has your password still cannot log in without the second factor — a code from your phone. Use an authenticator app rather than SMS if possible, as SMS codes can be intercepted through SIM swapping. Use a unique password for each social media account — if one service is breached, your other accounts remain safe. And be very cautious about phishing — the most common way social media accounts are compromised is through clicking a fake login page link. If IntrusionX can help with your account security or device compromise concerns, call +61 499 468 971 or use our contact form.