Recovery guide

Recover a Hacked Social Media Account

Regain control of a compromised social account and protect your identity, contacts, and linked services.

Last reviewed: 1 June 2026

First 10 minutes

Go to the platform's official login page and use 'Forgot password' or 'Account recovery'
Check your email for any recovery or login alert messages from the platform
If still in the account, change the password immediately and enable 2FA
Log out all other active sessions in account settings
Warn close contacts by another method that your account has been compromised

First 24 hours

Report the compromise to the platform's Trust & Safety or support team
Check for changes to your profile, bio, linked email, or phone number
Review posts, messages, or stories published without your knowledge
Remove any new connected apps or third-party access
If the account was linked to your email, secure the email account too

Contact your bank or payment provider

If you had payment methods saved on the platform, check for unauthorised charges
Contact your bank if card details stored on the account may have been exposed

Evidence to preserve

Screenshot any unauthorised posts, messages, or profile changes
Note the date and time you lost control and when you regained it
Save any suspicious login alerts or security notifications from the platform
Record what data or contacts the attacker could have accessed

Secure your accounts and devices

Enable app-based two-factor authentication on the recovered account
Use a unique, strong password not shared with other services
Remove any third-party apps you do not recognise in account settings
Update your linked email address and recovery phone if they were changed
Review privacy settings to limit future exposure

Report it

Report to your national fraud/cybercrime service
Report to the platform, bank, or provider involved
Keep any reference numbers you're given

A hacked social media account can be used to scam your friends and followers, spread misinformation, sell fake products, or harvest personal data from your messages. The fastest actions focus on regaining access, reversing attacker changes, and warning your network.

Each platform has its own account recovery path — use it immediately and only through the official app or website, never through a link someone else sends you. If the attacker changed your linked email, you may need to go through identity verification with the platform's support team.

Once recovered, treat the incident as a lesson in account hygiene: unique passwords, app-based 2FA, and regular review of connected apps go a long way toward preventing a repeat.

Frequently asked questions

The platform says my account doesn't exist anymore — what happened?

Attackers sometimes rename or transfer accounts. Contact the platform's support team with proof of ownership (creation date, linked email or phone, previous activity) to request investigation and recovery.

Should I tell my followers?

Yes, once you have recovered the account, a brief public post explaining the compromise and warning people not to act on messages sent during that period is good practice.

Can I get my account back if the recovery email was changed?

Often yes, through the platform's identity verification process. Most platforms can confirm ownership using past activity, trusted devices, or ID. Contact support directly.

The attacker is posting as me — can I get those posts removed?

Report the posts through the platform's reporting tools and explain they were posted by an unauthorised party. Once you recover the account, you can delete them yourself.

Sources

First 10 minutes

Go to the platform's official login page and use 'Forgot password' or 'Account recovery'

Check your email for any recovery or login alert messages from the platform

If still in the account, change the password immediately and enable 2FA

Log out all other active sessions in account settings

Warn close contacts by another method that your account has been compromised

First 24 hours

Report the compromise to the platform's Trust & Safety or support team

Check for changes to your profile, bio, linked email, or phone number

Review posts, messages, or stories published without your knowledge

Remove any new connected apps or third-party access

If the account was linked to your email, secure the email account too

Secure your accounts and devices

Enable app-based two-factor authentication on the recovered account

Use a unique, strong password not shared with other services

Remove any third-party apps you do not recognise in account settings

Update your linked email address and recovery phone if they were changed

Review privacy settings to limit future exposure

Frequently asked questions

The platform says my account doesn't exist anymore — what happened?

Should I tell my followers?

Yes, once you have recovered the account, a brief public post explaining the compromise and warning people not to act on messages sent during that period is good practice.

Can I get my account back if the recovery email was changed?

Often yes, through the platform's identity verification process. Most platforms can confirm ownership using past activity, trusted devices, or ID. Contact support directly.

The attacker is posting as me — can I get those posts removed?

Report the posts through the platform's reporting tools and explain they were posted by an unauthorised party. Once you recover the account, you can delete them yourself.