It can be worrying when Facebook alerts you that someone may have accessed your account. There are a few reasons why this happens. Here’s an in-depth look at why Facebook sends these notifications and what you can do about it.
You logged in from a new device or location
The most common reason for the “someone may have accessed your account” notification is that you simply logged in from a new device or location.
Facebook keeps track of where you usually log in from. If you suddenly log in from a new city, country, or device that you don’t normally use, Facebook will be suspicious and send you a notification as a precaution.
For example, if you usually log in from your home computer in New York, but then try to log in from a cafe computer in London, Facebook will see this as unusual activity and notify you just in case your account has been compromised.
What to do
If you recently logged in from somewhere new, you can let Facebook know it was you by selecting “This was me” on the notification. Facebook will then update your usual login locations.
If it wasn’t you, select “This wasn’t me” and follow the steps to secure your account.
Someone logged in with your password
If someone has your Facebook password, they may have logged into your account from elsewhere. This triggers Facebook’s suspicious activity detection and results in them notifying you.
Hackers or people you know may have acquired your password through:
- Guessing your password if it’s easy to predict
- Phishing attacks which trick you into revealing your password
- Keylogging malware installed on a device you use to access Facebook
- Shoulder surfing where someone spies on you typing in your password
- Data breaches where your login info is leaked online
What to do
If you get this notification, select “This wasn’t me” and go through Facebook’s account recovery process. They will help you change your password and regain access.
Also make sure to:
- Update your password to something stronger
- Enable two-factor authentication for extra security
- Run antivirus software to check for keyloggers on your devices
You gave account access to a third-party app
Many apps and services offer the ability to log in with your Facebook account. When you grant account access to one of these third-party apps, it can sometimes trigger Facebook’s notifications.
Facebook detects when an app logs into your profile and may interpret this as suspicious or unauthorized activity, especially if it’s the first time that app has accessed your account.
What to do
If you recently connected a new app or service to your Facebook account, you likely just need to select “This was me” to let Facebook know it’s authorized activity.
You can also check your app settings and remove access for any apps you don’t want connected to Facebook.
Your account was hacked
In some cases, the notification may be an indication that your account has actually been compromised by hackers.
Sophisticated hackers may be able to circumvent Facebook’s security systems and gain access to your account without triggering the usual “new log in location” alerts.
If they access private data or make posts pretending to be you, Facebook may detect this unusual behavior and warn you even though the hacker logged in normally.
What to do
If you believe your account has been hacked, select “This wasn’t me” and go through Facebook’s account recovery process immediately. Make sure to:
- Change your password to a strong, unique one
- Enable two-factor authentication
- Remove any suspicious apps connected to your account
- Scan all your devices for malware
You can also check your Facebook activity log in settings to see if any posts or access looks malicious or unauthorized.
Facebook had a data breach
In some rare cases, Facebook experiences security breaches where hackers gain access to user account data. This happened in 2019 when hackers exploited a vulnerability and got access tokens for over 50 million accounts.
If your account is affected by a breach, Facebook will usually proactively send notifications and guide you through resetting your password and securing your account.
What to do
If Facebook had a widespread data breach affecting your account, follow their provided steps to reset your password, enable extra security protections, and watch out for suspicious emails or texts related to the breach.
Make sure your password is strong and unique to prevent hackers from trying it on other sites. Enable two-factor authentication as another layer of protection.
Facebook made a mistake
Facebook’s automated systems aren’t perfect. In some instances, their algorithms may incorrectly flag legitimate activity as suspicious and send you a notification erroneously.
For example, if you normally log in from New York and Washington DC, logging in from Philadelphia for the first time could trigger an alarm even though it’s normal geographic activity for your account.
What to do
If you’re confident there hasn’t been any unauthorized access and Facebook incorrectly flagged your activity, select “This was me” and move on.
You can provide feedback to Facebook on any notifications that seem inaccurate so they can improve detection. But occasional false alarms are expected as Facebook errs on the side of caution.
Your account was disabled
If Facebook completely disables your account due to suspicious activity, you’ll be logged out and unable to access it.
This is more serious than a simple notification. It means Facebook’s systems have strong signals that your account may be compromised.
What to do
If your account is disabled, go through Facebook’s account recovery process and be prepared to prove your identity. Expect that you’ll need to reset your password, provide additional information, and confirm any unusual activity wasn’t you.
Someone reported your account
Anyone can submit a report to Facebook if they think an account has been hacked or compromised. Facebook takes these reports seriously and may disable or send a notification to accounts with multiple reports.
For example, if you were hacked and the hacker started posting spam, your friends could report the unusual activity and trigger Facebook to send you a notification.
What to do
If you know someone likely reported your account due to suspicious activity, select “This wasn’t me” and secure your account. Make sure there are no unauthorized apps connected or changes to your profile.
You have an imposter account
It’s possible someone could have created a fake account pretending to be you. When you get a notification from Facebook, it’s actually the imposter account that triggered it.
Imposter accounts often have slightly different spellings of your name and use your photos to appear more legitimate.
What to do
Search for variants of your name on Facebook to see if an imposter account exists. Report any fake accounts you find pretending to be you so Facebook can remove them.
Avoid accepting friend requests from your own name, as these can be scammers trying to build credibility before targeting your friends.
Conclusion
Facebook’s notifications about unauthorized access are triggered by various factors like new logins, third-party apps, hacks, breaches, mistakes in detection, reports from other users, and imposter accounts.
Most of the time it’s just because you logged in from somewhere new. But it’s always a smart idea to heed Facebook’s warnings and double check that your account is secure.
Carefully check where the login happened, review connected apps, change your password if needed, and enable extra security options like two-factor authentication.
Stay vigilant for any future notifications from Facebook and continue to protect your account from unauthorized access or hijacking. Report anything suspicious to Facebook right away.
| Reason | What Happened | What To Do |
|---|---|---|
| New login location | You logged in from somewhere unusual | Select “This was me” if you recognize the login |
| Password compromise | Someone logged in with your password | Secure your account and change your password |
| Third-party app access | An app logged into your account | Review connected apps |
| Account hijacking | A hacker gained access to your account | Go through account recovery steps |
| Facebook data breach | Facebook had a security incident | Reset your password and enable two-factor authentication |
| Mistake in detection | Facebook made a false alarm | Select “This was me” and move on |
| Account disabled | Facebook disabled your account | Prove your identity and regain access |
| Account reported | Someone reported suspicious activity | Secure your account and resolve any unauthorized changes |
| Imposter account | A fake account is pretending to be you | Report the imposter account |