So a hacker got into your FACEBOOK ACCOUNT and set up THEIR OWN two-factor authentication using their phone number or authenticator app… and now you can’t remove it or turn it off because Facebook keeps asking for THEIR authentication code that you don’t have?!
You’re completely fucked!!
This is literally the WORST hacking scenario. The hacker didn’t just change your password – they locked down your account with their own 2FA so even if you get your password back, you STILL can’t access the account without their authentication codes 🙁
I’m not gonna lie, this is a nightmare situation that requires Facebook support intervention because you can’t fix it yourself. This is absolute bullshit…
What Happened to Your Account
Here’s what went down… A hacker got your password (phishing, data breach, whatever), logged into your account, and immediately set up two-factor authentication using THEIR phone number or authenticator app.
They locked you out completely…
Now when anyone tries to log in (including you), Facebook requires the 2FA code that only the HACKER can provide. You’re locked out of your own account even if you know the password.
Facts, facts…
This is an advanced account takeover. The hacker knows that 2FA is the strongest lock they can put on your account to prevent you from getting it back deadass.
What to Do RIGHT NOW
You CANNOT fix this yourself. You need Facebook to manually remove the hacker’s 2FA from your account.
Immediate Steps
- Go to facebook.com/hacked – This is Facebook’s compromised account tool
- Report your account as hacked – Explain the 2FA situation specifically
- Prepare your government ID – You’ll need to verify your identity
- Be ready to wait 24-72 hours – Facebook has to manually intervene
- Check your email constantly – Facebook will contact you there
This is the ONLY path forward. There’s no DIY fix for this.
You need Facebook’s help…
Use Facebook’s Hacked Account Tool
Go to facebook.com/hacked on any device. This tool is specifically for compromised accounts and it’s your best shot at recovery.
Enter your email, phone number, or Facebook username. Facebook will try to identify your account and start the recovery process.
When it asks what’s wrong, SPECIFICALLY mention that the hacker added two-factor authentication to your account and you can’t access it. Don’t just say “I can’t log in” – be specific about the 2FA problem.
Be specific about 2FA!!
Facebook needs to know this isn’t a simple password reset. This requires them to manually disable the hacker’s 2FA from their end before you can regain access.
Submit Your ID for Verification
Facebook will almost certainly require you to prove you’re the real account owner by uploading a government-issued ID (driver’s license, passport, state ID).
Take a CLEAR photo where all text is readable, your photo is visible, and there’s no glare. Make sure the name on your ID matches your Facebook name EXACTLY.
The ID has to match perfectly…
Upload it through Facebook’s verification form. The review takes 24-48 hours typically, sometimes up to a week if they’re backlogged. Similar to when you’re locked out and Facebook says temporarily unavailable, this waiting period is unavoidable.
Explain the Situation Clearly
When Facebook asks you to describe what happened, write something like:
“My account was hacked. The hacker added two-factor authentication using their phone number. I cannot access my account because I don’t have access to the 2FA codes. I need Facebook to remove the hacker’s 2FA so I can regain access to my account.”
Be clear and direct. Don’t write a novel, but make sure they understand the 2FA is the specific blocker preventing your access no cap.
Why You Can’t Remove 2FA Yourself
You might be thinking “why can’t I just turn off 2FA from the account recovery process?” Because Facebook’s security is designed to PREVENT exactly that.
It’s by design…
If anyone could disable 2FA through account recovery, then hackers could use that same process to break into 2FA-protected accounts. So Facebook requires you to EITHER have the 2FA codes OR go through manual identity verification with a human reviewer.
Since you don’t have the codes (the hacker does), you’re forced into the slower identity verification path. There’s no shortcut or workaround for real.
Common Mistakes That Won’t Work
Trying to reset your password. Even if you reset your password, you still can’t log in because Facebook will ask for the 2FA code you don’t have.
Using trusted contacts. Facebook’s trusted contacts feature doesn’t bypass 2FA. It only helps with password resets, which isn’t your problem.
Creating a new account to report the issue. This doesn’t speed up the process. You still have to go through facebook.com/hacked and wait for the manual review.
Contacting Facebook on social media. Tweeting at them or DMing their pages won’t get you faster help. The compromised account tool is your only real option.
How Long Does Recovery Take?
The honest answer? It depends. Facebook says 24-48 hours but in reality it can take LONGER.
It takes forever…
Some people get their accounts back in 2 days. Others wait a week or more. It depends on how backlogged Facebook’s review team is and how quickly they process your ID verification.
Bet…
While waiting:
- Check your email constantly for updates from Facebook
- Don’t submit multiple requests (it slows things down)
- Be patient even though it’s frustrating as hell
- Tell friends through other platforms that your account was hacked
If you also had issues with 2FA codes not arriving before the hack, that might have been an early sign your account was being compromised.
What If Facebook Rejects Your ID?
Sometimes Facebook rejects your ID even though it’s valid. Common reasons: blurry photo, name mismatch with your Facebook account, expired ID, or unclear text.
Just gets rejected…
If rejected, take a NEW photo with better lighting and clarity. Try a different ID type (passport instead of driver’s license). Make sure your Facebook name matches your legal name on the ID.
Resubmit and wait again. It’s frustrating but persistence works. Most people eventually get approved after 2-3 attempts.
Preventing This in the Future
Once you get your account back (and you WILL if you’re persistent), here’s how to prevent this nightmare from happening again:
Set up YOUR OWN two-factor authentication immediately. Use your phone number or an authenticator app YOU control. This prevents hackers from adding their own 2FA.
Use a strong unique password. Never reuse passwords across sites. Use a password manager to generate random complex passwords.
Enable login alerts. Facebook will notify you when someone logs in from a new device or location, giving you early warning of hacks.
Don’t click suspicious links. Most hacks start with phishing emails pretending to be from Facebook. Always check URLs before entering your password.
Review active sessions regularly. Go to Settings → Security and Login → Where You’re Logged In. Log out any sessions you don’t recognize.
If you’re dealing with other security issues like Facebook randomly asking to verify your identity, it might be related to the hack or security flags on your account.
Why This Is Facebook’s Worst Security Flaw
Real talk? The fact that hackers can add their own 2FA and lock out the real account owner is a MASSIVE security flaw. Facebook should have safeguards preventing this, but they don’t.
Kiss my ass, Facebook…
When someone adds 2FA to an account, Facebook should send a verification to the existing email/phone FIRST before allowing it. But they don’t. Hackers can just add 2FA immediately without any confirmation from the account owner.
And once the hacker’s 2FA is in place, there’s NO self-service way to remove it. You’re completely dependent on Facebook’s manual review process, which is slow and unreliable lowkey.
Compare this to other platforms like Google or Apple where you CAN remove 2FA through account recovery. Facebook makes it impossible by design, which protects against SOME attacks but leaves you helpless in situations like this.
Final Thoughts
Having a hacker’s 2FA on your Facebook account is one of the most frustrating security situations you can face. You can’t fix it yourself, and recovery requires patience and persistence with Facebook’s verification process.
It’s totally fixable though…
Use facebook.com/hacked, submit your ID, explain the 2FA situation clearly, and wait for Facebook to manually intervene. Most people DO get their accounts back, it just takes time. Fr fr.
Once recovered, immediately set up YOUR OWN 2FA and strengthen your security so this never happens again. And learn from whatever security mistake let the hacker in (weak password, phishing, etc.). If your account keeps having problems, you might also be dealing with recovery issues if your phone number changed.
If this helped you understand how to recover from a hacker’s 2FA lockout, share it with anyone else stuck in this nightmare… because Facebook’s recovery process is confusing and people need guidance!!