Your profile pic is now a crypto monkey. Your bio says you’re giving away free iPhones. Your mom just called to ask if you really made $10K from dropshipping. Bad news: you’ve been hacked. Good news: you can fix it.
Let’s walk through exactly what to do—whether you’re still logged in or completely locked out.
Signs that your social media account has been hacked
In the situation we’ve just described above, the signs of being hacked are pretty much impossible to miss. In other cases, however, they can be subtle—like a friend asking about a weird message you don’t remember sending.
Recognizing these red flags early can help you act swiftly and minimize potential damage:
- Unexpected posts or messages: If your account is sharing content you didn’t create—be it spammy links, odd messages, or unfamiliar posts—it’s a strong indicator that someone else has access.
- Login alerts from unfamiliar locations: Receiving notifications about logins from places you’ve never been? This could mean someone has breached your account.
- Friends reporting suspicious activity: When friends or followers reach out about strange messages or posts from your account, take it seriously. Cybercriminals often use compromised accounts to spread malicious content.
- Changes to account details: Noticing alterations to your email, phone number, or profile information that you didn’t make? Unauthorized changes are a clear sign of a breach.
- New apps or permissions: Spotting unfamiliar apps connected to your account or new permissions granted? Malicious actors might have linked third-party applications to maintain access.
- Sluggish device performance: A sudden slowdown in your device’s performance can indicate malware running in the background, possibly linked to a compromised account.
- Unusual account activity: Check your account activity logs. If you see actions or logins you don’t recognize, it’s time to investigate further.
Being vigilant about these signs can help you catch unauthorized access early. If you notice any of them, it’s crucial to take immediate steps to secure your account.
Immediate steps to take after your account is hacked
Realizing your social media account has been hacked is unsettling, but acting quickly can limit the damage, protect your information, and help you recover access.
If you can still log in, start there. If you’re locked out, there are still steps you can take to regain control.
If you still have access to your account
- Change your password right away: Make it strong, completely new, and don’t reuse one from another site. If you used that same password elsewhere, change it there, too.
- Sign out on all devices: Most social media platforms let you view and manage the devices where your account is logged in. Use this feature to sign out everywhere. This forces any unwanted sessions to end and makes sure no one else stays connected to your account after the breach.
- Check your account settings: Look for any changes to your email, phone number, or recovery options. If something’s been updated and it wasn’t you, fix it immediately.
- Let your contacts know: If anything suspicious was sent from your account, give your friends or followers a heads-up so they don’t fall for it.
If you’ve been locked out
Being locked out of your social media account can be alarming. Here’s how you can work toward regaining access:
- Start with the platform’s account recovery process: Most social media platforms have a “Forgot Password” or “Need Help?” option on the login page. Use this feature to start the account recovery process.
- Check your email for recovery links: Look for recovery emails from the platform—don’t forget to check your spam folder. They often include a link or code to reset your password. Once you regain access, follow the steps above to secure your account.
- If recovery attempts fail, report the issue: Contact the platform’s support team and share any details that can help verify your identity.
Long-term security measures to protect your social media accounts
Recovering your account is just the start. These simple habits can help keep it protected moving forward.
Use strong, unique passwords (and update them regularly)
Reusing the same password across accounts makes things easier—for attackers. Choose long, unique passwords with a mix of characters, and avoid anything guessable. A password manager like the one included with every ExpressVPN subscription helps you keep track and makes updates a lot easier.
Be wary of phishing attempts and scams
Not every threat looks suspicious. Malicious actors often pose as friends, brands, or support teams to trick you into clicking shady links. If something feels off, don’t rush—double-check before you click or share anything.
Strengthen your privacy settings
Your social accounts may be revealing more than you think. Take a few minutes to review who can see your posts, tag you, or search for you. Tighter settings limit how much info is out there—and who can use it against you.
Enable two-factor authentication across all platforms
Two-factor authentication adds an extra step at login, and that one step can stop someone in their tracks. Most platforms offer it, and once it’s on, it does a lot to keep your account secure.
Monitor your accounts regularly for suspicious activity
Keep an eye out for anything unusual—strange posts, login alerts, or changes you didn’t make. The sooner you catch it, the easier it is to deal with. A quick check now and then goes a long way.
To further protect your accounts and your online activity, consider using a VPN. A trusted VPN like ExpressVPN can help secure your data, especially when you’re on public Wi-Fi or using unsecured networks.
FAQ: Common questions about hacked social media accounts
How do I know if my social media account has been hacked?
Some common signs include posts or messages you didn’t send, login alerts from unfamiliar locations, or being locked out of your account. Friends might also tell you they got strange messages from you.
What happens if you get hacked on social media?
An intruder might change your login info, message your contacts, post spam or scams, or try to access other accounts linked to yours. The longer they have access, the more damage they can do—so it’s important to act fast.
What should I do if I can’t recover my hacked account?
Start with the platform’s official recovery process. Use the “forgot password” option and check for backup methods like a secondary email or phone number. If that doesn’t work, contact the platform’s support team directly and follow their instructions to verify your identity.
What is the first thing you do when you get hacked on Facebook?
Change your password immediately if you can still log in. Then enable two-factor authentication and review your account for changes. If you’re locked out, go to Facebook to start the recovery process.
How do I protect my accounts from future hacks?
Use strong, unique passwords for every account, turn on two-factor authentication, and be cautious with links and messages—especially if they seem urgent or out of character. Regularly check your account activity and privacy settings to stay on top of things.
Thank you so much for the article, really helpful
not only di my social media get hacked but they got into my emails, and cell phone!! i really dont know what to do other than buy a new phone!
…also when it says to email a link to my devices it never asked for my devices info all it said was the email was ready but i cant find it anywhere