If you suspect that your Facebook account has been compromised, you should change your password immediately. If you use Facebook as a login to applications such as Spotify or Instagram make sure you change the logins. This will prevent the hacker from accessing those third-party services from your hacked Facebook profile.
Hackers can uncover a wealth of personal data in hacked Facebook accounts. Hackers could make use of this information for nefarious purposes, like stealing credit card numbers and bombarding people with fake credit card offers or scams using phishing. Hackers may also use hacked accounts to send out spam messages or even post on your timeline (as as if it was you who committed the crime).
Hackers are most likely to gain access to accounts by exploiting a vulnerability in the Facebook app’s code. For instance, a glitch in iOS’s Facebook application allowed hackers to hijack cookies and steal the iPhone user’s so-called “access token.” These tokens are digital keys which grant the user full control over the user’s Facebook account — and, thanks to Single Sign-On, all other websites that the user uses their Facebook credentials.
A hacker may also gain access to an account by using brute force attacks. This technique involves guessing a password, often the most popular ones like 123456789, or 1234567890. Hackers may also gain access to accounts by scanning compromised credentials. There are a variety of free tools that can be used to search for stolen data, including the popular website HaveIBeenPwned.