Few digital experiences are as jarring as discovering that
your social media account has been taken over by someone else. The moment you
realize you cannot log in, or you see posts you never made, messages sent in
your name, or friends receiving suspicious links from your profile — the panic
is immediate and understandable.
Social media account hijacking is extremely common and
growing. Attackers want your account for many reasons: to run scams targeting
your followers, to extort money in exchange for returning access, to use your
identity for fraudulent advertising, or simply to harvest personal information.
This guide gives you a clear action plan for recovery on every major platform,
plus what to do once you are back in.
Immediate Actions: The First 15 Minutes
Move fast. Every minute that someone else controls your
account, they can do more damage — sending messages to your contacts, posting
embarrassing content, or changing settings to make recovery harder. Here is
what to do right now:
1. Try
your current password. If it works, change it immediately and skip to the
section on securing your account.
2. If
your password does not work, click "Forgot password" and use the
email or phone number linked to your account to request a reset.
3. If
the recovery email or phone number was changed, use the platform's dedicated
account recovery form (not just the standard "Forgot password" flow).
4. While
attempting recovery, do NOT click any links in emails purporting to be from the
platform unless you triggered the recovery process yourself.
Platform-by-Platform Recovery Guide
Instagram Recovery
On the login page, tap "Forgot password," then
"Need more help?" If recovery via email/phone is unavailable (because
the hacker changed them), Instagram offers a video selfie verification process
where it compares your face to photos in the account. For hacked accounts with
changed information, go to the login page, enter your username, and follow the
"Get more help" flow. Instagram's recovery for hijacked accounts has
improved but can take 1–3 business days.
Facebook Recovery
Visit facebook.com/hacked and follow the guided recovery
process. Facebook allows you to identify yourself through trusted contacts,
code-generating devices you've previously used, or by providing a government
ID. If the attacker changed your email and phone number, use the "No
longer have access to these?" option and provide your previous email
address and date of birth. Facebook may ask you to confirm your identity with a
photo ID.
Twitter / X Recovery
Go to twitter.com/account/begin_password_reset. If your
linked email or phone was changed, click "I don't have access to
these" and follow the support form. Twitter requires you to submit a
support ticket for hacked accounts with changed recovery information. Response
times vary but are typically within 48 hours.
TikTok Recovery
Use the TikTok app and tap "Already have an account?
Log in" then "Trouble logging in?" Select the method to receive
a reset code. If your linked phone and email are gone, use "Feedback"
to submit a hacked account report. TikTok's support form asks for your
username, linked phone number or email (even if changed), and description of
how the account was compromised.
Once You Are Back In: Damage Assessment
After regaining access, work through these checks
systematically:
•
Check what posts, stories, or reels were published from
your account. Delete anything malicious.
•
Review messages sent from your account to your
contacts. Alert anyone who received suspicious links.
•
Check the account's linked email address and phone
number — change both if they were altered.
•
Review connected apps and revoke access to any you do
not recognize.
•
Check active sessions or login history and remove all
sessions except your current one.
•
Review any profile information changes (bio, website
links, name) and restore them.
Securing Your Account After Recovery
Enable Two-Factor Authentication
This is the single most important step. On every social
media platform, navigate to security settings and enable 2FA with an
authenticator app. This means even if someone has your password again, they
cannot log in without the code from your phone.
Use a Strong, Unique Password
Change your password to something you have never used
anywhere else. A password manager generates and stores strong passwords so you
do not have to remember them.
Audit Third-Party App Connections
Third-party apps with access to your social accounts can
sometimes be used as an entry point for takeover. Remove any apps you do not
actively use or trust.
Notify Your Followers If Necessary
If the hacker sent scam messages or posted links to malware
from your account, post a notice explaining what happened. Keep it simple and
factual: "My account was recently compromised. I am now back in control.
Please disregard any messages you received from my account between [dates] and
do not click any links from those messages." This protects your followers
and maintains your credibility.
Final Thoughts
Social media account recovery can be frustrating, especially
when platforms are slow to respond. The key is to start the recovery process
immediately, document everything as you go, and be persistent with support
channels. Once you have recovered your account, treat the experience as a
wake-up call. Two-factor authentication and unique passwords would have
prevented almost every social media takeover you can read about online.
