If someone has unauthorized access to your Facebook account, it's bad news. If you don't react quickly, it probably won't end well. But how do you know if someone else is accessing your account?

Here's how to tell if someone else has access to your Facebook account and what to do about it.

How to Check If Someone Else Is Accessing Your Facebook Account

If someone has access to your account without your knowledge, the situation can quickly become sinister. Luckily, Facebook has made it easy to uncover the truth through your list of logged-in devices.

To see your list of active sessions and logged-in devices on Facebook, follow these steps:

  1. Log in to your account and click your profile icon in the upper-right corner of the screen.
  2. Select Settings & privacy > Settings.
  3. Click Password and security on the panel on the left side of the screen.
  4. Head to the Account settings section and click Password and security.
  5. Click the Where you're logged in option.
Facebook's where you're logged in page on desktop

You will see a list of all the devices and locations that are currently authorized to access your account. If you find a notification about Unrecognized logins, click Review devices. You can also select your Facebook profile and check out the Logins on other devices section.

Look for any devices you don't use or haven't recently used to sign in to Facebook. Also look for devices from locations you don't recognize.

What to Do if Someone Is Accessing Your Facebook Account

If you suspect your Facebook account has been breached, you must remove the suspicious device's access. Then you should change your password and set up two-factor authentication (2FA) for an added layer of security. You can also set up alerts for unrecognized logins and log out of all devices.

How to Remove Device Access to Facebook

If you see something that looks suspicious, you can use this list to revoke that device's access. Keep in mind that some IP address glitches might occasionally see one of your legitimate devices pop up in an unrecognized location. Using a VPN set to a server in a different location will do this, too. These cases are safe to ignore.

To revoke device access on your Facebook account:

  1. Still in the Where you're logged in section, click on the suspicious login.
  2. Select the device you want to remove.
  3. Click the Log out button.
Facebook login listed on desktop app

The access will be revoked, but the unauthorized person could potentially log in again if they know your password.

How to Change Your Facebook Password

Once you've revoked the unauthorized person's access, you need to take steps to make sure it doesn't happen again.

Of course, the first step is to change your Facebook password. You can do so by following the steps below.

  1. On the Password and security page, click Change password.
  2. Choose the relevant account and fill in the form. You will need to enter your current password to complete the process.
  3. Click Change Password when you're done.
Change password form on Facebook for desktop

How to Set Up Two-Factor Authentication (2FA)

Changing your password is only half the story. You should also consider setting up 2FA. 2FA can use either a text message, a security key, or an authentication app.

To turn on 2FA on Facebook:

  1. Back on the Password and security page, click Two-factor authentication.
  2. Select your profile.
  3. Choose your preferred security method and click Next.
  4. Follow the prompts to complete the process. When you're finished, Facebook will confirm that two-factor authentication is enabled. Click Done.
Re-entering password to enable two-factor authentication on Facebook

How to Set Up Alerts for Unrecognized Logins

You should also set up alerts for unrecognized logins. By enabling the feature, Facebook will notify you if it sees a login from a suspicious source. It will allow you to react more quickly in the event of a breach.

To set up the feature:

  1. Go back to the Password and security page and click Login alerts.
  2. Select your Facebook profile.
  3. Choose how you want to receive notifications for logins: either In-app notifications or Emails (or both), depending on your preferences. Close the window when you're done.
setting up login alerts on Facebook for desktop

How to Log Out of All Devices

This final step logs you out of all devices except for the one you're currently using.

  1. Go back to the Password and security page and click Where you're logged in.
  2. Select your Facebook profile.
  3. Head to the end of the Logins on other devices section and click Select devices to log out.
  4. Now click Select all in the top-right corner of the list and click the Log out button.
Logging out of all devices on Facebook

Has Your Facebook Account Been Breached?

Let's quickly summarize what we have learned:

  • You can check if someone else is accessing your Facebook account by going to your profile icon > Settings & privacy > Settings > Password and security > Password and security > Where you're logged in.
  • You should enable additional security measures by going to Settings & Privacy > Settings > Password and security > Password and security. Click the categories: Change password, Two-factor authentication, Login alerts, Where you're logged in, and complete each process.

If you have confirmed that your account was breached, there are things to immediately do when your Facebook account has been hacked. There are also ways to recover your Facebook account when you can't log in if the hacker has already changed your credentials.

Unauthorized access to your account can also put your other social media profiles at risk, or allow the hacker to send malware to your friends. Make sure to resolve it as soon as possible.

Be Wary Around the Web

Facebook is far from being the only service that has the potential to leave your life in ruins if someone gets unauthorized access to it. To stay safe on the web, ensure you follow basic security principles.

For example, don't use the same password on two different sites, use 2FA where available, and don't access highly sensitive data on either public computers or public Wi-Fi networks. Always use a VPN, especially when using a public Wi-Fi network.