What to do about resets you didn’t ask for.
All I can really say is maybe.
I might even go so far as to say probably, but I can’t say yes, since there are other possible explanations.
Let’s review what’s going on.
Become a Patron of Ask Leo! and go ad-free!
A request to reset your Facebook password
Confirmation messages with a link or code to confirm a change prevent others from changing your password. You might get a notification if someone is trying to break into your account, or if they mistype your email address instead of their own when trying to reset their own password. As long as your associated email accounts are secure, you can ignore the notification. Enable two-factor authentication for even more Facebook account security.
Facebook password recovery
If you forget your Facebook password, the first step is to click the “Forgot password?” link on the Facebook log-in screen.
That walks you through the process of account recovery, using information you know about the account to prove that you are the rightful owner.
One of those pieces of information is your email address, and in the case of a lost password, you’ll enter the email address of your account and Facebook will send an email to that email address.
Since you don’t know your password, and a secure system won’t tell it to you, the option is simply to set a new password. You prove that you are the rightful owner of the Facebook account by proving your access to the account’s email address. You do that by clicking on a link in that email or typing in the one-time password reset code provided in that email.
Two emails?
That you got two notifications sent to two different accounts is a good thing. It means you have an alternate or additional email address associated with your account. When a password reset notification is sent, it’s sent to all the email addresses associated with your account.
That way, if one of those email accounts gets hacked, you’ll still get notifications on the others that something is going on.
I strongly recommend everyone have at least one alternate email address associated with their Facebook account, and make sure to keep them up to date.
Now let’s look at how those notification emails might be triggered.
Scenario #1: intentional
Say someone knows your email address and they want to hack into your Facebook account. One approach — at least to start — is for that someone to enter your email address into the account recovery process and see if Facebook will let them set a new password for your account.
Naturally, Facebook sends an email to all the email addresses on your account, so you know what’s going on. As long as that hacker-wannabe doesn’t have access to one of your email accounts, they can’t get in. They won’t be able to receive the email message. They won’t be able to fool Facebook that they’re you.
You can safely ignore the message; your account is secure. Technically you don’t need to change your password, though there’s no harm in doing so if it makes you feel safer.
Scenario #2: accidental
This one isn’t really a hack, since the person doing it isn’t trying to get into your account. They probably have no idea what they’re doing.
They’re trying to log in and getting their own password or email address wrong. Facebook isn’t letting them in. As a result, they try account recovery. They enter in their email address, and once again the account-recovery email is sent to all email addresses associated with the account.
The problem? They typed their email address in wrong. What they typed was your email address, not their own. That’s probably why they couldn’t log in in the first place.
It sounds far-fetched, but it’s amazing how often people get their own email address wrong.1 Repeatedly. Or they just don’t use it often enough to remember exactly what it is — and exactness counts.
They may try several times before giving up or realizing their mistake.
Scenario #3: spam
It’s uncommon, but spam can mimic a password reset request or confirmation.
The spammers are counting on you to panic and quickly click the “it’s not me” or similar link in the notification. That link takes you to a fake website where you’re prompted to sign in to Facebook. Even though it might look like Facebook’s sign-in page, it’s not, and you’ll have handed over your Facebook credentials to a hacker.
As long as your email accounts are secure — you have proper security in place, including two-factor authentication when offered — it’s safe to ignore these notifications. If you choose to click on the “it’s not me” link,2 then take extra care to confirm that the link truly goes to Facebook, and not a scammer: hover over the link and make sure it goes to who you think it does.
This happens to me often
Don’t let this scare you too much. As you can see, Facebook has a security system in place. As long as your email accounts are secure, your Facebook account is likely to be secure.
This happens to me all the time. When it happens, I choose to click the “let us know” link to let Facebook know that, no, this was not me trying to change my password. My assumption is that they use this method to identify repeat offenders.
I’ll admit, it’s all a little unnerving, but I try not to sweat it — mostly because I have a not-so-secret weapon.
Two-factor authentication
Facebook supports two-factor authentication, and I have it turned on.
Facebook supports several different forms of two-factor. In my case, even if someone managed to get my password, they’d have to also enter a code texted to my mobile phone.
Without that second factor, they can’t log in.
As you might imagine, enabling some form of two-factor authentication is something I recommend for all your important accounts that support it. Facebook certainly qualifies as important for most people.
Hacking attempt or not?
Ultimately, there’s no way to know whether the attempt to reset your account password was deliberate or accidental. Perhaps you’re a target, or perhaps your email address is similar to that of others.
We’ll never really know.
Do this
Maintain the security of your email accounts, and consider adding two-factor authentication. You can rest easy and safely ignore these unexpected notifications.
Get more security tips and reassurances by subscribing to Confident Computing! More confidence & less frustration — solutions, answers, & tips — in your inbox every week.
Podcast audio
Related Video
Footnotes & References
1: This is exactly why so many forms asking for your email address have you enter it twice.
2: I’ll be honest: I usually do.
References
I got an email saying I requested a new Facebook password but I didn’t make this request. – Facebook
i have only a landline. nothing mobile. FB`s two factor auth won`t let me use a landline. it has to be mobile or nothing.
i`ve written FB more than a few times because they keep asking me to enable it.
nothing ever changes.
My rule of thumb is common sense. If you didn’t ask for it, it wasn’t real. Even if you did it by mistake, ALWAYS go directly to the site, don’t use email links. Find out there, acknowledge it was/wasn’t you, or it was a mistake and make sure they know.
Another thing, one that is kind of annoying sometimes, especially if you got a new computer running or installed a new browser, is that some sites will email you and ask if it was you (Google is a prime example). I have more than two machines and having to prove I’m me at least once a month because of that always seems silly. Oh well, at least you know they are made aware that you are not John Hacker.
for some time ive told ssus, google help my 1st key on lphebet didn’t respond when sign in p/wd I seen on smart tv how to but I hd to give p/wd with out success found out with settings go to on screen lphebet found success full. why they cnt inform me of slusion. without the 1st vowel it’s impossible on keybord for signing & emils. I know this is not english hope one makes sense of this comment.
Good to point it out because the article don’t mention it and is something that is happening a lot. Is important that people do not click in a hurry if they see something strange or have not request a password change.
I got hacked and as soon as see email from Facebook they have already changed emails again helpppp
I don’t have any of the problems above but I do have a very strange problem with Face book. They keep sending me emails telling me that I have a friend request for “my facebook page.” I do not have a Facebook account and never have. I’ve had my wife check for me and she can not find the email page in question. however I get an average of 3 invites a quarter. A lot of them state I saw your profile “on Facebook.” how do I handle this problem? I have tried to contact Facebook aboutthis problem but never receive an answer.
It’s simply spam. Mark it as spam and move on.
I can cite a fourth scenario: You access Facebook while your computer or mobile device is using a Virtual Private Network (VPN) and Facebook’s security system flags your log-in as potentially fraudulent or a hack attempt and forcing me to change my password.
That happened to me quite often after I subscribed to a VPN. After the seventh time, I had had enough and filed a formal complaint with Facebook, demanding that the social network stop flagging my log-ins. In my complaint, I pointed out that millions of Facebook users employ VPNs for added online security above and beyond their device’s security software. — and the use of VPNs have become de rigeur on mobile devices.
Since I filed my complaint, I’ve had no further problems with my Facebook logins.
I recently lost my phone but i did a sim swap in order to keep my old number. Now I keep getting facebook verification messages to my sms inbox. How do i stop someone from getting access to my facebook account?
If you think your Facebook account has been hacked, you should change your password (make it long and strong) and check that the recovery accounts and phone numbers all belong to you.
https://askleo.com/facebook-hacked-what-you-need-to-do-now/
Im having a problem : someone hacked into my Facebook account I believe they changed my phone number and turned on the two factor authentication I can’t get into my Facebook account because it’s asking for these codes … I’m able to still receive emails and was able to change password but can’t get in. Do you have any advice?
Honestly, if you are not just making all that up and just never set your 2-factor or any authentication settings up and somebody did manage to get in and did that? Well, Facebook very easily has another Authentication function that is exactly meant for such reasons, at least, I know this because it happened to me but it was my own fault. They asked me and offered a chance for me to snap a digital photo of my license and just blacking out all the personal information. They use that solely to identify your “face” because well, it’s “Face”book. But, many people don’t have photos of their-selves. They also use it to identify then, aside from the photo, your “name” “birthdate” and overall, if it’s a real license OR State I.D. It doesn’t have to be a license. So, in the end, even if you come to a situation like you’re in, all you have to do is Google Facebook’s Security Tech Support or w/e, and follow the steps to email them your drivers’ license and stuff. You’ll be fine. I forgot how long it took but it was fairly quick. Hope that helps!
I don’t think it’s the face they compare, as long as it’s a valid ID, they just verify that it’s your name. Could be a problem if you use an alias.
My Facebook account was hacked my email was changed to something else and so was the password I cannot login for nothing I did the ID thing from Facebook and they said they feel that it was resolved it’s not resolved all I need is a link so I can change that email which is not mines to another email I have along with password and I haven’t heard nothing yet and I don’t know what to do
If the Facebook account recovery process isn’t working for you then there may be nothing you CAN do. It might be time to simply create a new account and move on.
If you don’t have access to your recovery information, recovery emails or cell number, your account is unrecoverable.
A One-step Way to Lose Your Account … Forever
Is there a way you can delete your Facebook account if all else fails
If you can’t get into the account, there’s no way to shut it down. One long shot might be to report the account as fake. You could think of it as fake seeing you no longer control it.
That’s right, bro! 2-Factor! Word up. I love it. It’s pointless, you ain’t gettin’ it, bro! Try another Facebook lol. I love those fake profile friend requests, too. It’s just like back on AOL, they did the same thing. And it still occurs in e-mail, different scams but they all resemble one another and are easy to spot. I love this article. I appreciate your knowledge and personality in computer/internet and mostly security-based situations. Thank you for the experience, the knowledge, the help, and also the entertainment.
Why would I get a text message saying my Facebook password has been reset
If it says your password has been reset, then your account may just have been hacked. If it’s saying that an attempt failed (which I suspect is the case), then someone’s trying to change the password — either maliciously, or by mistake. Make sure your account is properly secured!
I get a email at least3x daily in spam saying my FB has been reset ! Yet I have no problem getting into FB ! This has been going on off and on for months ! I can’t ask THEM anything since when I get frustrated and ask THEY NEVER BOTHER TO
ANSWER !
So, ignore those messages. As long as you can access your Facebook account normally and you have your security set appropriately it’s very likely that they’re nothing more than spam. Facebook CAN’T do anything about spam, since it’s not something they’re sending.
* Have changed my e-mail address to something you definitly won’t type in by mistake.
* Have removed the old e-mail address.
* Have enabled two-factor authentication
Bur still get these messages (not e-mails) on facebook, from facebook that someone is trying to login and I must change password.
Happens very, very often, and is driving me crazy.
Do you use a VPN? That can cause that message sometimes as it looks like logins are being attempted from different countries or regions. Logging in from different computers and sometimes from different computers can also trigger that warning.
what if i can’t find my code generator? i go through all the steps and it asks for a code. once or twice i was able to enter a code. Now it does not show onscreen.
Depends on the kind of code generator you use — can you be more specific?
Hello sir, just wanted to ask about a serious problem i’m having with my mothers facebook account. So my mother has passed away due to a terminal illness and she wanted me to take over her facebook account. So a couple days ago, i signed into the account and I was just going through my mothers posts etc, so the next day, i log into the account and suddenly it says “Someone may have logged into your account – In order to keep your information secure, we’ve locked your account. Before we can unlock it, please verify your identity and change your password.
Your account will remain hidden until you complete this process.” So i clicked continue and it brings me to two verification options. “1. Text a security code to your phone
2. Confirm your identity on another phone or computer” so i chose the first option because i have my mothers sim card with the same number the verification code was allocated to. I can clearly see its the exact same number where its supposed to send me a 6 digit code to verify that the account is “mine”. No matter how many times i’ve tried, it just isn’t working. Please help me with this problem as the account has been secured from public view, i was supposed to download pictures from what my mom has uploaded here for her memorial that is coming soon. Please help me.
I have tried the 2nd verification option it gave me, but instructions were vague and it said “Login was not approved” but after failing both options, the 3rd option pops up which is “Upload a photo ID”. Very strange request but I can’t really do this option.
Cannot receive verification code on my mobile number is there something I need to set up in order to receive this code?
You shouldn’t need to, generally. Depends on the kinds of verification, but generally if you can receive text messages you should be able to get the codes. Make sure that the phone number is configured correctly.
Google recently notified me that my someone who “knew my password” tried to hack my gmail account. Within a week, facebook contacted me telling that someone other than me logged into my account. BOTH instances were traced to Charlotte, NC, but I have DIFFERENT email addresses associated with my Gmail and FB accounts. Was this likely someone who knew me (my old login information saved on their computer)?
Thank you so much for the insight.
Two logins from the same place to two different accounts of yours certainly sounds like someone who knows you or has had access to your computer. Did you sell or give your computer away, or did you use someone else’s computer to log into those accounts?
It’s impossible to say. It certainly could be, but there are other possibilities as well.
Hellow everyone .
my Facebook account just before 5days disappear.
i had already activated 2way verification.
the problem is when i enter my password it said wrong password so i try to change my password through forgot password but when i enter reset code which i recieved& create a new password it load to login and suddenly ask me “ente the code on your phone down” then Google popup came with code but when i enter this code Facebook warns me it is wrong code then i hate having trouble receiving reset code button and it said “we couldn’t send you a reset code as you have reached maximum number. . . “.
I don know why
my email+my 2-way verification is still synchronized with my account
please please i hav more than 50k followers including all my life time friends.
We cannot recover hacked accounts, lost or forgotten passwords. Please see:
https://askleo.com/how_do_i_recover_my_facebook_log_in_password/ and/or
https://askleo.com/how-do-i-recover-my-hacked-facebook-account/
Unfortunately, if you no longer have access to the recovery email account or phone number, your account may be lost forever. It’s important to always keep these up to date on your account.
https://askleo.com/a-one-step-way-to-lose-your-account-forever/
Please help someone tried to login on my Facebook, I ended up deactivating my account, now I’m trying to activate it and it says I’m trying to login with an older password. Then when I try to have a new password I cant because my username is an email address which I no longer have access to.
If you no longer have access to that email address you may not be able to regain access to your account. You MUST keep that email address functional for exactly this reason.
Good morning sir………..someone hacked my facebook account yesterday by changing my login password and my email.please help me to recover my password .This is my Facebook name,{name and phone number removed}
Never post your phone number, email address or other personal information on a public forum.
We cannot recover hacked accounts, lost or forgotten passwords. please see:
How do I Recover my Facebook Login Passsword? and/or
How do I Recover my Hacked Facebook Login Account?
I’ve been talking to this guy on Hangouts. He did ask me my phone number and I give it to him. Then another day he told me that I was going to get some codes andFacebook was sending me the code so. I was suspicious but I did not give this guy the codes he’s waiting on for me to do that I wonder I wonder if the I guess there are the codes for my for my Facebook right? Am I supposed to change my password now
He’s trying to change your password. DO NOT GIVE HIM THE CODES. And stop responding to him. I’d block him in Hangouts and wherever else you can.
Hi Leo,
I have received the exact email you mentioned above on th 14th October…in fact two of them, and I was the one wanting to change my password in Facebook. Sadly i have a hit of whom might be the person, who tried doing it. However, i do not have concrete proofs but I would like to make an official complaint.
Would an investigation bring up, from where the access took place?
I am truly not expert and I would really appreciate some help with this.
Looking forward to hearing from you.
Best
Unlikely. These are best ignored.
I had the scenario #1 , most of the time they actually dont know your personal email address (strangers) but they type your facebook username instead which is username@facebook.com , this happens often to people with common usernames ( your first name only or a popular word), I got tired of receiving emails in 2016 so I started pressing the option saying I wasn’t the one requesting them and around 2-3 months later after doing so for the 1000th time facebook asked me to login which I thought was weird but they then brought me to a page allowing me to disable the option of resetting my password through emails linked to my account, I havent got a facebook password reset link since
Is there a way to verify that the email reallly came from Facebook? I noticed mine says it was from security{at}facebookmail.com, wouldn’t all email from facebook be from @facebook.com?
I have two factors authentifications on, and I do not wan’t to click on any of the link in that email, until I am sure it is from Facebook.
That is a legitimate email address.
Why am I receiving email notifications from Facebookmail.com?
You can look for signs to determine whether an email is a phishing attempt.
Phishing: How to Know It When You See It
There is a simpler way to address this: what is the sender address? I just received this message from: Facebook
Does facebook ever send from this address or not?
If facebook had any kind of decent support service, we could get help. But Facebook support is virtually non-existent.
the system stripped the email from my reply. it was @facebookmail dot com. I am suspicious that is not a valid Fb email address.
Actually it is. You can see who owns it with a “who is” look up: https://whois.domaintools.com/facebookmail.com
“From:” addresses can be, and often are, faked. So a hacker could easily make it look like the email cam from a legitimate Facebook email address, when in fact it did not.
Lack of support is the one of the prices we pay for using a free service. Real support is expensive to provide.
That’s because it would cost Facebook millions to provide support. And remember, we are the product, not the customer. They probably provide support for their paying customers.
As an occasional advertiser on facebook (i.e. one of the “real” customers) … no, there’s not a lot of support there either. I’ll bet the big accounts get something, though.
I’m sure Putin gets support :-)
Bro can you log in my account to help me bro my account is hacked someone is log my accunt without my permission
Pls pls pls dilado account
Bro, I cannot.
Please follow the account recovery steps as outlined in this article: https://askleo.com/how-do-i-recover-my-hacked-facebook-account/
If Facebook’s recovery process doesn’t work for you — maybe you don’t have the recovery email or phone — MAKE SURE to follow Facebook’s instructions CAREFULLY and COMPLETELY.
If the Facebook recovery process can’t be made to work, I know of no way to recover the account. If that’s your situation I’m very sorry.
“As long as that hacker-wannabe doesn’t have access to one of your email accounts, they can’t get in…”
Might be mentioned in some of the many comments, but of equal (actually greater) importance is of course also to secure the associated mail accounts. They will need good passwords, two-factor authentication, good recovery addresses (that are also secured), updated phone numbers, etc.
I’m not sure how many times – per week – I see someone losing access to their own data because they have not secured an account, and have not kept recovery information up to date, and hence have no way of actually getting their “free” account back.
Account might be free, but the data stored in an account often represents years of “work” and a real loss for most.
They managed to hack my account! I had been getting the same emails saying someone is trying to get in my facebook account and 2 days ago they actually did it! I don’t know how because I had recently changed my password to a new, strong & unique one that I don’t use anywhere else and I also had 2-factor-authentication turned on. Yet I didn’t receive a prompt asking me for a code or to confirm that it is me trying to log in. Instead I just got an email informing of a login from an unusual location (Vietnam). After that everything happened very quickly – before I was able to react. They changed my password, removed both my email addresses and phone numbers and replaced them with their own, so I can’t log in or recover my account in any way. And then in less than an hour I saw that my account has been deactivated due to ‘violating the community standards’.
Now I’ve been desperately trying to get in touch with someone from Facebook to help me recover my account, but there’s been no response whatsoever.
I don’t understand how they did it. I thought I had a good protection. That’s 18 years of my life shared on Facebook with friends & family – down the drain within minutes!