Social Media Account Hacked? How to Check and Recover

"There are posts I didn't make." "I can't log in." "My friends say they're getting weird DMs from me." — These are all signs your social media account has been taken over.

According to Security.org's 2024 Account Takeover report, 29% of US adults — roughly 77 million people — have experienced account takeover. Social media accounts make up 53% of all takeover targets, and credential stuffing attacks hit 26 billion attempts per month (Akamai, 2024). This isn't a rare problem.

This article covers how to spot the signs, what to do immediately, and step-by-step recovery instructions for Instagram, X (Twitter), Facebook, TikTok, and Discord.

Signs Your Account Has Been Taken Over

Account takeover is often discovered too late. If any of the following apply, move to the next section immediately.

Login-related signs:

• Your password no longer works
• You received a "new device login" notification you don't recognize
• You got an email saying your registered email address or phone number was changed

Account activity signs:

• Posts, stories, or reels you didn't create
• You're following accounts you don't recognize
• DMs were sent from your account that you didn't write
• Your profile picture or bio has changed

External signs:

• Friends or followers tell you they received a suspicious DM from you
• Someone reports that your account is sending scam links

The most common way people find out is through a friend's message. You often can't tell from your own view, so take any such report seriously.

Do These 3 Things Right Now

Regardless of which platform was compromised, do these three things first.

1. Change Your Password

If you can still log in, change your password now. Make it completely different from the old one — 12+ random characters is ideal.

Change it everywhere you reused it too. Attackers use credential stuffing — automated tools that try leaked credentials across hundreds of services within minutes. If you used the same password on your email, that's the next target.

2. Log Out of All Devices

Changing your password alone may not kill the attacker's active session. Go to each platform's settings and "Log out of all devices" to invalidate stolen sessions.

3. Enable Two-Factor Authentication (Not SMS)

If you haven't already, set up 2FA with an authenticator app (Ente Auth, Google Authenticator, etc.). SMS-based 2FA can be bypassed via SIM swapping. See "Is SMS 2FA Still Safe? How to Switch" for details.

Instagram — How to Recover a Hacked Account

In December 2025, Meta announced major improvements to Instagram's recovery flow, including selfie video verification and a 30% increase in successful recoveries in the US and Canada.

If you can still log in

1. Go to Settings → Accounts Center → Password and security → Where you're logged in
2. Log out any devices you don't recognize
3. Change your password
4. Enable 2FA (Settings → Accounts Center → Password and security → Two-factor authentication)
5. Review connected apps (Settings → Website permissions → Apps and websites). Remove anything unfamiliar

If you can't log in

1. On the login screen, tap "Forgot password?"
2. Request a reset link via email or phone number
3. If the reset link doesn't arrive (email was changed by attacker) → go to instagram.com/hacked (official help page)
4. Follow the identity verification steps (you may be asked for a selfie video)

X (Twitter) — How to Recover a Hacked Account

If you can still log in

1. Go to Settings → Security and account access → Apps and sessions → Sessions
2. Log out all unfamiliar sessions
3. Change your password
4. Enable 2FA (Settings → Security and account access → Security → Two-factor authentication)
5. Review connected apps (Settings → Security and account access → Apps and sessions → Connected apps)

If you can't log in

1. On the login screen, select "Forgot password?"
2. Reset via email or phone number
3. If that doesn't work → submit a support request at help.x.com (X's official hacked account form)
4. Include your last access date, original registration email, and device info for faster response

Facebook — How to Recover a Hacked Account

In December 2025, Meta launched a centralized support hub with an AI support assistant for Facebook, improving the recovery experience significantly.

If you can still log in

1. Go to Settings → Security and login → Where you're logged in
2. Click "…" → "Log out" next to any unfamiliar sessions
3. Change your password
4. Enable 2FA
5. Review connected apps (Settings → Apps and websites). Remove anything suspicious

If you can't log in

1. Go to facebook.com/hacked
2. Select "My account is compromised"
3. Follow the identity verification steps
4. If you previously set up Trusted Contacts, you can use them for recovery

TikTok and Discord — Recovery Steps

TikTok

If you can log in:

1. Go to Settings → Security → Manage devices and remove unfamiliar ones
2. Change your password
3. Enable 2FA (Settings → Security → 2-Step Verification)

If you can't log in:

1. Use "Forgot password?" on the login screen
2. If email/phone was changed → use the in-app "Need more help?" option
3. TikTok may ask you to verify identity through a previous video you posted

Discord

If you can log in:

1. Go to User Settings → My Account and change your password
2. Enable 2FA under User Settings → My Account → Enable Two-Factor Auth
3. Check User Settings → Authorized Apps and revoke anything suspicious

If you can't log in:

1. Try password reset via email
2. If that fails → go to dis.gd/hackedaccount to submit a support ticket
3. Include your user ID and any proof of ownership

Why 2FA Alone Doesn't Stop Account Takeovers

"I had 2FA enabled and still got hacked" — reports like this surged in 2025. Modern attack methods are designed to bypass two-factor authentication entirely.

Session hijacking

Instead of stealing your password, attackers steal your session token (cookie) after you've already logged in. With a valid session token, no password or 2FA code is needed. Infostealer malware is the primary delivery method — according to Flashpoint's 2025 Midyear report, infostealers extracted 1.8 billion credentials from 5.8 million devices in the first half of 2025 alone, an 800% increase.

OAuth consent phishing

"Allow this app to access your account?" — attackers fake this permission screen. Once you click "Allow," they can control your account without ever needing your password. Since September 2025, OAuth device code phishing campaigns surged, hitting over 340 organizations across multiple countries.

What actually helps:

• Regularly review and revoke connected apps/permissions
• Don't click links you don't expect (see "Opened a Phishing Email? What to Do Next")
• Keep device security software updated (protects against infostealers)
• Use passkeys where available (Facebook, Instagram, and X support them as of 2025)

How to Prevent Future Takeovers

Once you've recovered, lock things down so it doesn't happen again.

Harden your authentication:

• Enable authenticator-app 2FA on every social media account ("Is SMS 2FA Still Safe? How to Switch")
• Set up passkeys where supported (Facebook, Instagram, X as of 2025)
• Use unique passwords per service. A password manager makes this practical ("Can't Remember Your Passwords? You Don't Have To")
• Avoid logging into social media on public Wi-Fi without a VPN — session tokens can be intercepted on unencrypted networks

Monitor regularly:

• Once a month, check login sessions and connected apps on each platform
• Check whether your email or phone number has been leaked ("How to Check If Your Data Is on the Dark Web")

NordVPN Plus and higher plans include Dark Web Monitoring, which alerts you when your email addresses or credentials appear on the dark web. This gives you early warning before credential stuffing attacks hit your accounts.

Frequently Asked Questions

How long does account recovery usually take?

It depends on the platform and how quickly you act. If you can still log in, securing your account takes minutes — change password, log out all sessions, enable 2FA. If you're locked out and need to go through official recovery (instagram.com/hacked, facebook.com/hacked, etc.), expect 5–24 hours for most cases. Severe cases where the attacker changed your email and phone number can take 2–7 days. Instagram's selfie video verification has sped this up considerably since December 2025.

Can I recover my account if the hacker changed my email and phone number?

Yes, but you'll need to use the platform's official recovery tools rather than the standard "forgot password" flow. Instagram, Facebook, and X all have dedicated hacked account pages that walk you through identity verification without needing access to the registered email. You may be asked for a government ID, a selfie video, or to answer security questions. The sooner you start, the higher your chances — some platforms flag accounts for suspicious activity and may freeze changes temporarily.

Can hackers see my private DMs and messages?

Yes. Once an attacker has access to your account — whether through a stolen password or a hijacked session token — they can read all your messages, including archived and deleted conversations (if still stored on the server). They can also download media you've shared. This is why speed matters: the longer an attacker has access, the more private information they can extract. After recovery, assume any sensitive information shared via DMs has been compromised.

Should I create a new account instead of recovering the old one?

In most cases, no. Recovering your original account is better because you keep your followers, content history, and platform trust. Creating a new account also doesn't stop the attacker from using your old account to impersonate you. Focus on recovery first. If the platform ultimately can't restore access after weeks of trying, then a new account becomes the fallback — but make sure to report the compromised account so it gets deactivated.

I have 2FA enabled — why was my account still hacked?

Modern attacks bypass 2FA entirely. The two most common methods are session hijacking (stealing your browser cookie after you've already authenticated, so no password or 2FA code is needed) and OAuth consent phishing (tricking you into granting an app permission to your account). Infostealers are the primary tool — they extract session tokens directly from your browser. 2FA still helps against basic password attacks, but it's not a complete defense.

How do I know if my other accounts were affected too?

If one account was compromised via a reused password, assume every service sharing that password is at risk. Check Have I Been Pwned to see if your email appears in known breaches. Then immediately change passwords on your email (the highest-priority target), banking, and other social media accounts. A password manager with breach monitoring makes this process much faster.

Is it safe to keep using the same device after my account was hacked?

If the hack was due to a phished password or a reused credential, your device is probably fine — just change your passwords and enable 2FA. But if you suspect infostealer malware (multiple accounts compromised at once, unfamiliar software installed, browser acting strangely), you should run a full malware scan before logging into any accounts. On mobile, check for apps you didn't install and consider a factory reset if anything looks suspicious. See "Is Your Phone Hacked?" for a detailed checklist.

Wrapping Up

When a social media account is taken over, speed is everything.

• Spot the signs → act immediately — change password → log out all devices → enable 2FA
• Can't log in? Use official recovery tools — Instagram: instagram.com/hacked, Facebook: facebook.com/hacked, X: help.x.com
• 2FA alone isn't enough — regularly review connected apps and active sessions
• Password reuse is the biggest risk — a password manager is the permanent fix

Check whether your passwords are already leaked at "How to Verify If Your Password Has Been Breached." To understand why password reuse is the root cause of most account takeovers, see "Why Password Reuse Is Dangerous: How Credential Stuffing Works." If you suspect your phone itself may be compromised, see "Is Your Phone Hacked? How to Check and What to Do Now."