How to Access Business Manager If Your Account Was Stolen

• Home | FAQ about Facebook Ads Arbitrage | How to access Business Manager if the account was stolen?

If a personal Facebook account was stolen, access to Business Manager can disappear even when the BM itself still exists. Most often, the issue is that the business portfolio was accessed through a personal admin profile, and after the compromise you can no longer open business assets, ad accounts, Pages, or payment settings.

In this situation, do not try to “get in somehow,” create chaos with new access, or share account details with strangers. First, recover the personal account, then check whether roles inside Business Manager were changed, and only after that review ad assets, payments, and partners.

Recover the personal Facebook account first

Business Manager is usually connected to people, not to a separate “business login.” So if the personal admin profile was stolen, the first step is to recover the Facebook account through Meta’s official recovery tools. This may involve email or phone checks, password reset, suspicious login review, and confirmation that the owner controls the account again.

Do not start with deleting assets or changing roles if the personal profile is not recovered yet. Without access to the admin profile, you may only see part of the issue and accidentally make the situation more confusing.

If the question is broader and you need to understand business access recovery in general, check the guide on recovering a Facebook business account. This article focuses specifically on the case where the account used to enter BM was stolen.

Check who is still inside Business Manager

After the personal profile is recovered, open Meta Business Suite and go to business portfolio settings. Start with people, partners, and assets. You need to see whether unknown users, partner Business Managers, new roles, or suspicious access changes appeared.

Pay special attention to full control. If an attacker managed to add another admin or a partner with broad permissions, the risk of losing access again remains even after changing the password. Remove only the access you clearly do not recognize so you do not accidentally remove a real employee or contractor.

If the BM contains many people and assets, do not act randomly. First, identify who has access to the Page, ad account, Instagram account, pixel, domain, and payments. For this, use the separate guide on roles and access levels in Business Manager.

Review Pages, ad accounts, and payments

After checking people and partners, move to assets. See whether the Facebook Page, Instagram account, ad accounts, pixels, datasets, domains, catalogs, and apps are still in place. It is not enough to see the asset — you also need to understand who controls it now.

Check ad accounts separately: active campaigns, new ads, limits, payment methods, recent transactions, and unpaid balances. If someone launched unknown campaigns or there are unclear charges after the account was stolen, save screenshots and Billing details before contacting support.

If the problem affected payments or unclear charges, do not mix that with BM login recovery. For the financial part, use the guide on how to delete Facebook ads and check a refund request.

When to contact Meta support

Contact support if you recovered the personal profile but Business Manager is still unavailable, if unknown admins appeared, if the business portfolio was connected to an unknown partner, or if you no longer see your Pages and ad accounts.

Keep the message calm and factual: when access disappeared, which business portfolio was affected, which assets were inside, what changes you noticed, and what you have already done. Screenshots, ad account ID, Page name, business portfolio name, and dates of suspicious actions can help.

If you need a clear first message without extra emotion or confusion, use the guide on how to write to Facebook support about an account issue. In a hacking case, the goal is not to argue but to show the sequence of events and prove the connection to the assets.

What to enable after access is restored

After access is restored, change the password, log out of unknown sessions, check the email and phone number on the account, turn on two-factor authentication, and save backup codes. Use an authenticator app if that option is available and convenient for the account owner.

Inside Business Manager, keep only the people and partners who are actually needed. Full control should belong to a limited number of responsible people, while everyday tasks are usually better handled with partial access to specific assets. This is easier to maintain and safer for the business.

If you work with several business assets, keep the structure clear: who owns the BM, who manages the Page, who runs ads, who checks payments, and who can change roles. In the Business Manager Facebook section, you can review related materials about BM structure and business asset management.

What not to do when an account was stolen

Do not buy “quick access,” do not share your password with unknown people, do not add random admins, and do not try to replace account recovery with new questionable profiles. That does not solve ownership of business assets and can make communication with support harder.

Do not delete Pages, ad accounts, or the business portfolio in panic. First, understand what exactly changed after the compromise. Access recovery is not a race through buttons; it is a careful check: profile, roles, partners, assets, payments, and security.

This order does not guarantee instant BM recovery, but it reduces the risk of losing evidence and accidentally removing needed assets. The main point is to regain control through official channels, record the changes, and clean up access again.