What to do if your social media account gets hacked

Did an unknown device just sign in to your Facebook account? Or has your password changed unexpectedly, blocking you from your Instagram account? Your account’s been hacked!

Your social media account is hacked or hijacked when someone gains unauthorized access to it. This usually means they have found out your password and have logged in to your account, likely then changing the password to block you from logging in.

What they want from hacking your account varies. They could be trying to steal your account and sell it to parties that are looking to spread spam or propaganda or using your account to impersonate you to scam your friends and family. Some might even hold an account ransom, if it belongs to an influencer or a business.

Here is what to do if your social media account has been hacked or hijacked.

Signs that your social media account has been hacked

How to know if your Facebook, Instagram, or Twitter account has been hacked? Here are the signs (some of these go without saying!).

• You can’t sign in to your social media account, e.g., because your password has been changed
• Your social media account recently has posts that you didn’t make
• There are chat messages from your account that you didn’t send
• Your connections on the platform say they have been getting spam messages from you
• You were notified that your password had been changed or someone just signed in to your account from an unknown device

What to do if your social media account is hacked

1. Check if you can still sign in with your password

The first thing you can do is to check if you can sign in to your account. It is possible that a hacker has been logging in to your account without changing your password. If you are able to log in, immediately change your password to protect your account.

2. Claim you forgot your password

If your password isn’t working, you can try regaining access to it using procedures normally for forgotten passwords. You’ll be able to do this on the login page. This could work because your account is typically connected to your email or even your phone number, which the hijacker might not be able to change. You’ll get a link in your email to reset your password.

3. Report a compromised account

If the above don’t work, you can report your account getting hacked. Each social media platform has different procedures.

Here are helpful links for each service:

Facebook: Go to Facebook’s page to report your account has been compromised, then use your email address or phone number to recover your account.

Instagram: Visit this help page if you think your account has been hacked.

YouTube: Follow the instructions from Google to sign in to your YouTube account.

LinkedIn: On the login page, click Forgot password? Enter your email address and phone number to reset your password. You should also report your compromised account.

Twitter: Fill out this form to regain access to your account.

4. Change your passwords

You’re not out of the woods yet even if you can sign in to your social media account.

Change your password immediately because there’s a good chance it’s been compromised. Use a unique, complex password, ideally with the help of a password manager.

In case you’ve been using the same password for any of your other accounts, change those as well. A hacker can easily try your password and email address on a string of other websites in an attempt to obtain more of your personal data.

Read more: Why you should use a unique password for every online account

5. Turn on two-factor authentication

Two-factor authentication requires a user who’s trying to sign in to their account to provide not only their password but also a verification code that’s usually sent through an email or a text message. It offers an extra layer of security because even someone who has your password won’t be able to access your account.

Turn on two-factor authentication on Facebook

1. Open your Security and login settings.
2. Under Two-factor authentication, click Edit.
3. Choose the security method you want to use and follow the instructions.

Turn on two-factor authentication on Instagram

1. In your profile, tap the hamburger icon > Settings.
2. Tap Security > Two-factor authentication > Get Started.
3. Tap the security method you want to use and follow the instructions.

Turn on two-factor authentication on Youtube

As you use your Google account to sign in to YouTube, turning on two-factor authentication in your Google account will do the trick:

1. Open your Google Account.
2. Select Security.
3. Under Signing in to Google, select 2-Step Verification > Get started.
4. Choose the security method you want to use and follow the instructions.

Here’s how to set up two-factor authentication on Twitter and LinkedIn.

6. Check for any unusual activities in your account

Noticed new contacts in your social media account you don’t remember adding? Or new posts you didn’t put out yourself? These are definitely traces of your account having been hacked. Remove them immediately. Also unlink any suspicious services or apps linked to your account.

7. Remove all your active sessions

Suspect someone is signed in to your social media account? Remove all your current, active sessions.

Sign out of all your Facebook active sessions

1. Open your Security and login settings.
2. Go to Where you’re logged in.
3. Click Log Out of All Sessions.

Sign out of all your Instagram active sessions

1. In your profile, tap the hamburger icon > Settings.
2. Tap Security > Login activity.
3. For the sessions that are suspicious to you, tap the three-dot icon > Log Out.

Sign out of all your YouTube active sessions

Since YouTube uses your Google account to sign in, you can sign out of your account on all devices:

1. Open your Google Account’s devices page.
2. For the device you want to remove, tap the three-dot icon > Sign out.

Here’s how to sign out of all your active sessions on Twitter and LinkedIn.

8. Let your social media contacts know you’ve been hacked

Let your contacts know your account has been hacked so they know not to open or click on

any messages or links that are sent to them. In case they opened or clicked on any of them in the past, advise them to secure their account immediately.

9. Tighten up your privacy settings

After your social media account has been hacked, it’s best to tighten up your privacy settings. At the very least, you should set these things to private: your profile, contact list, the posts you create, and your account activities. On top of that, you can restrict permissions for the social media platform, and the apps and games you used the social media account to sign in to.

Read more: Guide to Facebook’s new privacy settings

4 ways to prevent your social media accounts from hacks

1. Use unique, complex passwords for all your accounts with the help of a password manager.
2. Avoid signing in to your social media accounts on public Wi-Fi. If you do, use a VPN.
3. Always opt-in for two-factor authentication in your account settings.
4. Do not click on any suspicious links even if they are sent out by your contacts.