The first thing you should do if you believe your Facebook account has been compromised is to change your password. If you use Facebook to log into apps like Spotify or Instagram make sure you change the logins as well. This will prevent the hacker from accessing these services from your hacked Facebook profile.
A compromised Facebook account can offer hackers a treasure trove of personal information. Hackers could utilize this information for fraudulent purposes, such as taking credit card numbers and bombarding people with fake credit card offers or phishing scams. Hackers may also use compromised accounts to send spammy messages or to post on your timeline (as if it was you who was responsible).
Hackers are likely to gain access to accounts through exploiting a weakness in the Facebook app code. A flaw in the iOS Facebook app allows hackers to take over cookies, and steal the “access token” of an iPhone user. These tokens, which are digital keys, give the hackers complete control over the user’s Facebook Account, as well as any other website they visit with their Facebook credentials.
A hacker can also gain access to a user’s account through brute force attacks. This method involves figuring out passwords, usually the most popular ones such as 123456789 and 1234567890. Hackers also gain account access by scanning compromised credentials. There are numerous free tools to scan for stolen data, including the popular site HaveIBeenPwned.