What’s Facebook’s policy on disabling or deleting hacked, unused or unconfirmed accounts?
Removing hacked, unused, or unconfirmed accounts helps reduce the amount of potential abuse on our platform and protects the privacy, integrity and security of your data and your account.
We may disable or delete your account if it appears to have been hacked or compromised and we are unable to confirm ownership of the account after a year, or if the account is unused and remains inactive for an extended period of time. Additionally, if you do not confirm your account after registration, we may disable or delete your account after one year of inactivity.
Hacked or compromised accounts
If we notice unusual activity on your account, we may take steps to try to protect you and lock your account. If this happens to you, there are steps you can take to unlock your account. If you do not unlock your account after a year, we may delete it to reduce the risk of it being used for harmful conduct.
We may disable and delete accounts that are unused and remain inactive for a long period of time. We look at several signals to understand whether your account is unused, including whether you’ve recently logged in to your account or into another service using your Facebook account. We also take into consideration prior activity on your account such as whether you’ve added any photos or friends, or followed any Pages.
It’s important to confirm your email address or phone number when you first create your Facebook account. If your account is unconfirmed and hasn’t been used at all for a year after creation, it may be disabled and deleted. This helps protect the account against being taken over or hacked, and reduces the risk of it being used for harmful conduct.