If you suspect that your Facebook account is compromised, you must change your password immediately. If you use Facebook as a login for applications such as Spotify or Instagram then you should change your logins. This will stop the hacker from accessing those third-party services from your hacked Facebook profile.
Hackers can uncover a wealth of personal data in compromised Facebook accounts. Hackers could make use of this information for nefarious reasons, like taking credit card numbers and sending people fake credit card offers or phishing scams. They can also use the compromised account to send threatening messages to friends, or put up a post on your Facebook timeline with your name (as if you did it yourself).
One of the most frequent ways hackers get into an account is to exploit an error in Facebook’s application code. A flaw in the iOS Facebook application allows hackers to hijack cookies, and then steal the «access token» of an iPhone user. These tokens which are digital keys, give the hackers full control over the user’s Facebook Account, as well as any other websites they access with their Facebook credentials.
Hackers also have the ability to gain access to accounts by using brute-force attacks. This technique involves guessing passwords, mostly the most popular ones such as 1234567890 and 123456789. Also, hackers may gain access to accounts by scanning for compromised credentials. There are numerous free tools that can be used to scan for stolen data, including the popular website called HaveIBeenPwned.