How to Protect Your Meta Business Account from Hackers


In the online world we live in, it's important to keep an eye on the safety of your Meta business accounts on platforms like Facebook and Instagram. Hackers are getting smarter, but there are simple yet effective ways to keep your account safe. Here's a guide on protecting your Meta business account from the bad guys.

meta business account hacked

What Happens if Your Meta Business Account Gets Hacked

Hackers love to target business accounts, especially if you've got admin rights. They sneak in through personal accounts, using tricky messages that look legit but aren't. They might send you a link that looks like it's from Facebook but takes you somewhere else. Once they're in, they can take over, boot out other admins, and even post spam or fake ads. Getting back control from Meta can be a tough and slow process.

How to Spot a Phishy Message

Always be on high alert when you get messages or emails about your Meta account. Real messages from Facebook or Instagram will come through official emails or notifications, not through random messages. Watch out for odd spelling or weird characters. If it looks fishy, it probably is. Trust your gut.

phishing attempts meta business

Immediate Steps to Take If Your Meta Business Account Gets Hacked

If you find yourself in the unfortunate situation where your Meta business account has been hacked, acting quickly is crucial. Here's what you need to do:
1. Attempt to Login and Change Your Password:
 First, try to log into your account. If you can access it, immediately change your password to something strong and unique.
2. Check Your Email for Security Alerts:
 Meta sends alerts to your email if unusual activity is detected. Follow any instructions provided in these emails to secure your account.
3. Use the Recovery Links: 
If you can't log in, use the recovery links provided by Meta. For Facebook, go to Facebook Account Recovery and for Instagram, visit Instagram Help Center.
4. Contact Meta Support:
If the above steps don't work, contact Meta's support team for assistance. Be prepared to provide any necessary information to prove your ownership of the account.
5. Secure Your Email Account:
Often, hackers gain access to social media accounts through email. Ensure your email account is secure and change its password as well.
6. Inform Your Contacts:
Let your followers and contacts know about the breach, especially if the hacker is posting content or sending messages in your name.
7. Review and Remove Unrecognised Devices and Apps:
Once you regain access, review the list of devices and third-party apps that have access to your account and remove any that are unfamiliar.
8. Implement Enhanced Security Measures: 
After resolving the issue, bolster your account's security by enabling two-factor authentication, updating your trusted email settings, and using a security key or passcode.

Two-Factor Authentication (2FA): A Must-Do

One of the best ways to protect your account is with two-factor authentication (2FA) that acts as a double lock on your account. When you log in, you'll need a code that's sent to your phone or an app. This makes it way harder for hackers to sneak in.

2FA for Meta Business

Setting up 2FA on Admin Account:

  • Access your personal account 
  • Go to your Security and Login Settings
  • Find the Two-Factor Authentication option.
  • Pick how you want to get your codes (passcode, app, security key or SMS). You’ll be asked to choose one of three security methods:
    • Tapping your security key on a compatible device.
    • Login codes from a third party authentication app.
    • Text message (SMS) codes from your mobile phone.
  • Follow the steps to finish setting it up. Once you've enabled two-factor authentication, you'll be able to generate 10 recovery login codes to use if you're unable to access your phone.

    Setting up 2FA on Meta Business Manager:

If your Business Account enables two-factor authentication, the account users must enable it in order to access it. This adds an extra layer of security safeguarding your business account from hackers.Navigate to Business Settings.

  • Click on Business Information.
  • Scroll down to Business Options.
  • Select the dropdown menu next to Two-factor authentication.
  • To choose who this requirement applies to, select either Admins only or Everyone. 

Pick a Trusted Backup Admin

It's smart to have a backup admin you trust, like a coworker or family member. If you lose access, they can help you get back in.

Use Authenticator Apps

For even more security, use an app like Google Authenticator or Microsoft Authenticator. These apps create codes that change every so often, adding an extra layer of safety.

Here's how to set it up:
  • Download an authenticator app on your phone.
  • Open your Meta Business Suite.
  • Go to Security settings.
  • Click on Two-Factor Authentication.
  • Link the app to your account by following the steps.

Use a Security Key

For maximum security, think about using a physical security key. It’s a physical device that you plug into your computer or connect wirelessly when prompted during the login process. The key uses cryptographic techniques to verify your identity. It's considered one of the most secure forms of 2FA because it requires physical possession of the key to gain access.

Also leverage the built-in biometrics in your devices as a security key. Many modern smartphones and computers now offer built-in biometric features like Face ID or Touch ID that can serve as a digital security key. They use your unique biological characteristics as a way to verify your identity, making unauthorised access incredibly difficult. 

Keep an Eye on Your Account

Stay alert and watch for any unusual activity in your account. Turn on notifications so you're aware of any weird access attempts or changes. Keep your contact info updated too, so you can recover your account if something goes wrong.

Teach Your Team

If you've got a team, make sure they know how to stay safe online. Strong passwords, no clicking on shady links, and recognising scams are key. Remind them to change passwords regularly and use 2FA.

Have a Solid Social Media Policy

A clear set of rules for your team helps prevent slip-ups. Cover password sharing, how to handle private info, and what to do if they see something suspicious.

Regularly Check Your Security

Stay ahead of hackers by regularly updating your security settings and checking for any unauthorised apps or integrations. Make sure your team's access levels are appropriate.

Key takeaways

  • Double-check links: Ensure they're from or Instagram's official site.
  • Match emails with notifications: Verify 'social network admin' emails.
  • Beware of random profiles: Facebook and Instagram don't contact via sketchy profiles.
  • Avoid too-good-to-be-true offers: They're often online scams.
  • Enable 2FA: Essential for Facebook and Instagram security.
  • Use security keys and biometrics: Enhance security with advanced 2FA methods.
  • Diversify passwords: Different ones for each account for better security.


For more tips on keeping your Meta business account safe, feel free to reach out to us.



Lily Adamyan, January 16

Recommended articles