When jumping to conclusions leads you astray.

Don’t accept any friend requests from me, my account has been hacked!
We’ve all seen that one on Facebook. Someone got reports of friend requests they didn’t send, so they post a message to all their friends that they’ve been hacked.
Seems plausible, right?
Except it’s not. It’s exactly and completely wrong.
Their account was never hacked.
Become a Patron of Ask Leo! and go ad-free!

Friend requests don't indicate a hack
You can’t friend request your existing friends. Any friend requests they see are from other, very likely fake, impersonation accounts. The right thing to do is to report the fake accounts to Facebook. Hackers seem to use this technique to eventually impersonate you and attempt to scam your friends.
You can’t friend your friends
It’s pretty simple: if someone is already your friend on Facebook, you can’t send them another friend request. That would be redundant because they’re already your friend.
If the only symptom is that some of your (already) friends on Facebook are asking you why you sent them a friend request, it’s extremely unlikely that your account has been hacked.
Your account wasn’t even involved.
Change your password if you like, but telling all your friends “I’ve been hacked” is … well, actually it’s kind of embarrassing. You haven’t been.
This is something else.
You’ve been impersonated
What’s significantly more likely to have happened is this:
- Someone created a new Facebook account.
- They used your name. (NOT your email address, just your name.)
- They stole photos of you and used those photos in the account.
- They examined your public posts or profile to determine who your friends are.
- They then sent those friends new friend requests from this new, fake account.
Other than the person viewing your photos and friends, your account was never involved.
Most importantly, your account was never compromised.
So, what do you do about it?
Report impersonation accounts
You, or your friends receiving these friend requests, should go to the account in question and report it to Facebook.

Make sure that your friends report the impersonator, not you.
Or you can tell your friends to simply ignore the friend requests because you’re already friends. Those requests are coming from a fake account.
Why?
Why do some people try to create these fake accounts and connect with your friends?
My theory is that it’s to prepare for scams and abuse to come.
Perhaps sometime in the future, after you’ve all forgotten about this, they’ll reach out to their “friends” (your friends they fooled into connecting with them), pretending to be you, and ask them for something. Usually, it’s some form of scam.
While that’s annoying, it’s not on you. Your account had nothing to do with it, and you have not been hacked.
Do this
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
best thing one can do is in “who can see my friends list” put it on “only me”.
Yes.
In some cases, it can be the result of a different kind of hack. If you play a game or a quiz, you usually are asked to give them access to your Friends’ list. They can then send friend requests from the fake account to all of your friends, although it’s probably more common for the hackers to spam the people on the lists they hack.
Hmmm, my neighbor is locked out of her account and can’t get back in because her password was changed, but not by her. She’s lost all access to her pictures and it is breaking her heart. Facebook help has not helped because she did not set up two-factor authentication or choose “trusted friends” that could be contacted. If you have a suggestion as to how she can get back into her page, I would greatly appreciate it. She only found out that she was locked out of her account because her friends started receiving duplicate friend requests.
Duplicate friend requests are not a sign of a hacked account. (As the article above explains.)
However, it does sound like your friend’s account has been compromised. The ONLY solution I’m aware of is to follow the Facebook account recovery process, carefully and completely. That’s this article: How Do I Recover My Hacked Facebook Account?
You never answered the question that this thing is titled. A duplicate account was created and reported to Facebook and they came back and said that person is not trying to impersonate my friend. How they came up with their conclusion I have no idea because the duplicate account is sending out messenger to his friends list. It is the duplicate account so how do we get them to fix that.
You did the only thing possible: report it to Facebook.
Facebook’s software is a mess. Apparently, they see no need to improve it as it does what they want: make them billions of $$$.
Funny thing, I just got a fake request from a friend today and a few minutes later a comment I was reviewing linked here. It must be my new brain implant ;-)