What to Do If Your Facebook Ads Account Gets Hacked

Facebook Account is Hacked

With Facebook being one of the most effective advertising tools for eCommerce retailers, accounts are highly vulnerable to cyberattacks. Imagine waking up one day to find your Facebook Ads account drained and all ads deleted. What will you do?

Losing all data in your Facebook Ads account is half the problem. If your Facebook Ads is hacked, you may lose a substantial amount of money. That's why it's imperative to have a disaster recovery plan. Otherwise, your entire marketing campaign (as well as the marketing budget) will suffer.

Let's take a look at what to do if your FB account gets hacked and how to prevent it.

Steps To Take When Your FB Ads Account Is Hacked

How will you know if your FB Ads account gets hacked? Here are a few ways to find out:

  • Unrecognised activity on your account (outstanding balances, new ads).

  • Increased daily or lifetime budget.

  • Notification from your connected account (bank account or PayPal) that money has been transferred to your Facebook account because you reached the payment threshold.

  • Inability to log into the account.

Once you know that something is wrong with your FB Ads account, you need to act immediately.

Step 1: Stop All the Ads

Before you take any other actions, stop all your ads from running. It can take a while to clean out everything a hacker did with your account. To stop spending extra money, switch all the ads off.

  • Go to Ads Manager

  • Select campaigns/ads sets/ads

  • Click the toggle next to all of them, so it turns grey

Don't worry, turning these ads off doesn't delete them. It simply stops them from being active and spending your money.

Once you regain full control of your account, you can relaunch ads, sets, or campaigns one by one.

Step 2: Change Your Password

The next thing you need to do is make sure the criminal can't continue using your FB Ads account anymore. Change the password and choose a strong one. If you are sharing the account with other users, notify them about the problem.

Since your Facebook Ads account is connected to your personal or business account, make sure to change passwords there two. You can't be sure which account got hacked first.

When changing the password, the program will ask you if you want to log out of Facebook Ads on all the devices. Make sure you agree in order to kick the criminal out for good.

Step 3: Remove Suspicious Users (if any)

One way to mess with your account is to become its official user. So before you proceed, make sure there aren't any new and suspicious users on the account.

  • Go to Ads Manager settings

  • Go to "Ad Account Roles"

  • Find the suspicious user

  • Select "Remove User"

Before removing the user, make a screenshot of the Ad Account Roles section. You may need it when reporting the problem to Facebook.

In some cases, when you have many users on your Ads account, it's hard to be sure which one is suspicious. Remove all users and add them back one by one.  

Step 4: Notify Your Payment Provider

Whether suspicious activity on your account involved spending money or not, you need to notify your payment provider.

Contact your bank or PayPal reps immediately. They will block all transactions coming from Facebook to prevent any new unauthorized spending. You can restore the connection once your account is clean.

After you notify Facebook, and the company investigates the problem, you have very good chances of getting your money back. Once FB acknowledges the hacking, you will be refunded.

Step 5: Notify Facebook

You have to let Facebook know about the issue as soon as possible. Before you contact the representative, secure your account. You can do it even if the hacker changes the password, and you can't log in.

Follow all the steps to make sure your account is secure, the password is changed, and Facebook knows about the problem.

In addition to securing your account, contact Facebook reps. FB is well known for its not-so-fast support team so don't expect a reply immediately. Fill out the unauthorized charges form and wait for the representative to get back to you.

How to Prevent Your FB Ad Account from Being Hacked

Discovering that your Facebook Ads account has been hacked is extremely stressful. It may take days to recover deleted ads, clean your account, adjust the settings, get refunds, and much more.

To make sure it doesn't happen again, you need to take several simple steps:

  • Set a strong password — if you are the only one who knows the password, you don't need to change it all the time. Simply set a highly complex password by using a random password generator.

  • Review Ads admins — if several admins are using your Ads account, make sure to review them every once in a while. Always delete inactive users. You can always add them back later.

  • Set up security alerts — allow Facebook to notify you every time someone logs into your Facebook Ads account. This way you can catch suspicious activity before it results in any harm.

  • Set spending limits — when a hacker gets hold of your account and starts spending money, they will reach your set limit. Once it's reached, the system will notify you immediately.

  • Use two-factor authentication — turning on the two-factor authentication is the simplest way to keep hackers away. Besides obtaining your password, they would also need your phone to log in.

  • Install an antivirus program — run an antivirus program on your computer.

All the above methods are straightforward. They won't take more than a couple of minutes of your time. Meanwhile, they can save you days of unpleasant account recovery work and a load of nerves.

Would you like to learn more about using Facebook Ads and keeping your account safe? We’re here to help.

Steve Crowe