My deceased father's social media account started posting strange links. What's happening?
This usually means the account has been hacked, either through a reused password exposed in a data breach or by someone exploiting the fact the account is now unmonitored, and it is being used to spread scam or malware links to his contacts.
Last reviewed: 5 July 2026
Explanation
Accounts belonging to deceased people are attractive targets for hackers precisely because no one is actively monitoring or securing them anymore. If the account had a weak or reused password, or if login credentials were exposed in a previous data breach, criminals can access the account and use the deceased's established network of friends and followers to spread phishing links, fake investment schemes, or malware, since people are more likely to click something posted by someone they know and trust.
Family members often don't realize the account has been compromised until friends of the deceased start messaging to ask about a strange link or unusual post, which by then may have already reached dozens of contacts. Because the account 'belongs' to someone who has passed away, there's also a risk that friends assume any strange activity is simply a glitch or a mistake rather than recognizing it as a hack.
Most major platforms offer a memorialization option that freezes the account in a tribute state and prevents new logins, or a deactivation/removal process for family members with proper documentation, both of which are far safer than leaving an account active and unattended indefinitely.
Common red flags
- Posts, messages, or links appear on the account that don't match anything the deceased would have shared
- Friends report receiving unusual direct messages from the account
- Login notifications or password reset emails arrive despite no family member accessing the account
- Links posted lead to suspicious sites asking for personal information or payment
- Profile details, like profile picture or bio, have been changed unexpectedly
What to do now
- Report the account as belonging to a deceased person through the platform's official memorialization or deceased-user process
- Warn friends and contacts not to click any links posted from the account
- If you have login access, change the password immediately and enable two-factor authentication, or request the platform disable login access
- Document the compromised posts with screenshots before reporting, in case needed for a fraud report
- Consider requesting account deactivation if ongoing monitoring isn't feasible for the family
Frequently asked questions
Can family members get full access to a deceased person's social media account?
Policies vary by platform; some allow a legacy contact or memorialization request, others require formal documentation like a death certificate before granting any access or making changes.
Should we just delete the account to prevent this?
Deletion or memorialization are both reasonable options; memorialization preserves the account as a tribute while preventing new logins, which many families prefer over full deletion.