The first thing you should do if you think your Facebook account has been compromised is to change your password. If you use Facebook as a login to apps such as Spotify or Instagram make sure you change the logins. This will prevent the hacker from accessing those third-party services through your compromised Facebook profile.
A hacked Facebook account can provide hackers with access to a wealth of personal information. Hackers could make use of this information for nefarious motives, such as taking credit card numbers and sending out fake credit card offers or frauds involving phishing. They could also use the hacked account to send threatening messages to friends, or put up a post on your Facebook timeline with your name (as as if you did it yourself).
Hackers are most likely gain access to accounts by exploiting a flaw within the Facebook application code. For instance, a vulnerability in the iOS Facebook app allowed hackers to hijack cookies and access the iPhone user’s “access token.” These tokens are digital keys which grant them complete control over the user’s Facebook account — and, thanks to Single Sign-On, all other websites that the user is logged into using their Facebook credentials.
Hackers also have the ability to gain access to accounts by using brute-force attacks. This technique involves guessing the password, usually the most frequently used ones like 123456789 or 1234567890. Hackers can gain access to accounts by scanning compromised credentials. There are several tools for free that can be used to check for stolen information, such as a popular site called HaveIBeenPwned.