For many of us online, social media has become a daily window to the world. It is how we communicate with friends and family (and remember their birthdays). For some of us, it is an integral part of our business.
Losing control of a social media account is frustrating, but, unfortunately, it happens too often. A 2022 NordVPN survey found that 90% of Americans say they knew someone whose social media account was hacked, and 37% say they’ve had their social media profiles hacked!
When a hacker takes over your socials, they can pretend to be you online and have access to your sensitive personal data.
If you’ve lost control of a social media account, here are our tips to get it back.
You should know that social media platforms aren’t known for their customer support. Many offer a “free” service to the public to make money off each user’s data. Depending on the severity of the cyberattack, it can be difficult to dislodge a hacker from your social media account, so you should be careful about what platforms you join and focus on adopting good security behaviors.
Have you really lost control?
You might get an alert through email or other means saying that your social media account has been compromised. You shouldn’t take any unexpected urgent message like this at face value. Also, a friend or follower might tell you that your profile is making posts or sending messages that seem out of the ordinary, like posting about a deal on sunglasses.
If you suspect any suspicious behavior, check to see if you can log into your social media account. If you can, immediately do the following:
- Reset your password, and make it unique to the account, at least 16 characters long, and a mix of letters, numbers, and symbols.
- Enable multi-factor authentication, which adds a whole new level of security to your login beyond your password.
- Report the incident to the platform – you can even use screenshots as evidence.
- If you’ve reused the old password for any other account, change those passwords, too, and start using a password manager to generate and store all of your special, extra-strength passwords.
Contact the platform
If you cannot log into your account, you need the social media platform to help you.
- See if you can report the account takeover through the platform’s website.
- Call the social media network’s customer service line if they have one.
- Follow instructions on the platform’s “forgot my account” or “account recovery” webpage.
If contacting the platform doesn’t work initially, you must be persistent. Take screenshots of anything your hacked profile posts, or have your followers record evidence, so you can better explain the situation to the platform.
Account recovery help
Here are the webpages with information on account recovery for several major social media websites:
- YouTube
- TikTok
- Snapchat
- X (Twitter)
- Twitch
- Discord
- Blue Sky
- Mastodon
Contain the damage
Once you get back into your formerly hacked social media account, you should take a few actions right away:
- Change the social media password to one that is at least 16 characters long, unique to the account, and a random mix of letters, numbers, and special characters.
- Change the password of any email account associated with the social media account (like the recovery email address).
- If you ever reused your former social media account password, change it for all other accounts.
- To generate, maintain, and store all your unique passwords, use a password manager!
Look up recent activity on your profile page and in the accounts settings:
- Delete anything posted or sent by the hacker after taking a record.
- See if privacy or security settings were changed and adjust them to your comfort level.
- Check to see what devices have logged into the account and make a record of anything suspicious.
Take records of everything through screenshots. You can send this evidence to the social media platform or if you talk to law enforcement about it.
Let your audience know you were hacked, even if it is embarrassing. People understand, and it is the best way to staunch any reputational damage the hacker did to you.
Finally, review any personal data that was stored in the social media account, like credit card numbers or private DM communications. That data was compromised, and you might want to take further steps, like contacting your credit card issuer to cancel your card.
Fortify your social media
To best prevent a cybercriminal from taking over your social media account, we have a few recommendations. Even if your account was hacked before, you can take action to make it much harder for it to happen again.
- Enable account access notifications so you know when anyone (especially people that aren’t you) logs into your account.
- Every password should be unique to the account, at least 16 characters long, and a random mix of uppercase letters, lowercase letters, numbers, and symbols (like % or $) – use a password manager to generate and store all your passwords.
- Enable MFA for all social media platforms and any other account that permits it.
- Review your privacy settings on a regular basis (every few months or so), including checking to see who can see your posts.
- Always be on the lookout for phishing attempts through email, DMs, and other communication avenues – these messages might even ask to click a link to “confirm” your password, but you should go to the platform’s website instead of clicking.
- Delete social media accounts that you don’t plan to use anymore so they can’t be zombified by a hacker.
