32blogby StudioMitsu

Social Media Account Hacked? How to Check and Recover

Signs of a social media account takeover, what to do immediately, and step-by-step recovery for Instagram, X, Facebook, TikTok, and Discord. Plus why 2FA alone isn't enough.

8 min read
securityprivacyauthenticationNordVPN

This article contains affiliate links.

On this page

"There are posts I didn't make." "I can't log in." "My friends say they're getting weird DMs from me." — These are all signs your social media account has been taken over.

According to Security.org, 29% of US adults — roughly 77 million people — have experienced account takeover. Social media accounts make up 53% of all takeover targets, and credential stuffing attacks hit 26 billion attempts per month (Akamai, 2024). This isn't a rare problem.

This article covers how to spot the signs, what to do immediately, and step-by-step recovery instructions for Instagram, X (Twitter), Facebook, TikTok, and Discord.

Spot signsUnfamiliar activityVerifyEmergency responsePassword + 2FARespondPlatform recoveryOfficial toolsRecoverPreventionAuth hardening

Signs Your Account Has Been Taken Over

Account takeover is often discovered too late. If any of the following apply, move to the next section immediately.

Login-related signs:

  • Your password no longer works
  • You received a "new device login" notification you don't recognize
  • You got an email saying your registered email address or phone number was changed

Account activity signs:

  • Posts, stories, or reels you didn't create
  • You're following accounts you don't recognize
  • DMs were sent from your account that you didn't write
  • Your profile picture or bio has changed

External signs:

  • Friends or followers tell you they received a suspicious DM from you
  • Someone reports that your account is sending scam links

The most common way people find out is through a friend's message. You often can't tell from your own view, so take any such report seriously.

Do These 3 Things Right Now

Regardless of which platform was compromised, do these three things first.

1. Change Your Password

If you can still log in, change your password now. Make it completely different from the old one — 12+ random characters is ideal.

Change it everywhere you reused it too. Attackers use credential stuffing — automated tools that try leaked credentials across hundreds of services within minutes. If you used the same password on your email, that's the next target.

2. Log Out of All Devices

Changing your password alone may not kill the attacker's active session. Go to each platform's settings and "Log out of all devices" to invalidate stolen sessions.

3. Enable Two-Factor Authentication (Not SMS)

If you haven't already, set up 2FA with an authenticator app (Ente Auth, Google Authenticator, etc.). SMS-based 2FA can be bypassed via SIM swapping. See "Is SMS 2FA Still Safe? How to Switch" for details.

Instagram — How to Recover a Hacked Account

Instagram significantly improved its recovery flow in December 2025, including selfie video verification and a reported 30% increase in successful recoveries.

If you can still log in

  1. Go to Settings → Accounts Center → Password and security → Where you're logged in
  2. Log out any devices you don't recognize
  3. Change your password
  4. Enable 2FA (Settings → Accounts Center → Password and security → Two-factor authentication)
  5. Review connected apps (Settings → Website permissions → Apps and websites). Remove anything unfamiliar

If you can't log in

  1. On the login screen, tap "Forgot password?"
  2. Request a reset link via email or phone number
  3. If the reset link doesn't arrive (email was changed by attacker) → go to instagram.com/hacked
  4. Follow the identity verification steps (you may be asked for a selfie video)

X (Twitter) — How to Recover a Hacked Account

If you can still log in

  1. Go to Settings → Security and account access → Apps and sessions → Sessions
  2. Log out all unfamiliar sessions
  3. Change your password
  4. Enable 2FA (Settings → Security and account access → Security → Two-factor authentication)
  5. Review connected apps (Settings → Security and account access → Apps and sessions → Connected apps)

If you can't log in

  1. On the login screen, select "Forgot password?"
  2. Reset via email or phone number
  3. If that doesn't work → submit a support request at help.x.com
  4. Include your last access date, original registration email, and device info for faster response

Facebook — How to Recover a Hacked Account

Facebook began testing AI-assisted account support in late 2025, improving the recovery experience.

If you can still log in

  1. Go to Settings → Security and login → Where you're logged in
  2. Click "…" → "Log out" next to any unfamiliar sessions
  3. Change your password
  4. Enable 2FA
  5. Review connected apps (Settings → Apps and websites). Remove anything suspicious

If you can't log in

  1. Go to facebook.com/hacked
  2. Select "My account is compromised"
  3. Follow the identity verification steps
  4. If you previously set up Trusted Contacts, you can use them for recovery

TikTok and Discord — Recovery Steps

TikTok

If you can log in:

  1. Go to Settings → Security → Manage devices and remove unfamiliar ones
  2. Change your password
  3. Enable 2FA (Settings → Security → 2-Step Verification)

If you can't log in:

  1. Use "Forgot password?" on the login screen
  2. If email/phone was changed → use the in-app "Need more help?" option
  3. TikTok may ask you to verify identity through a previous video you posted

Discord

If you can log in:

  1. Go to User Settings → My Account and change your password
  2. Enable 2FA under User Settings → My Account → Enable Two-Factor Auth
  3. Check User Settings → Authorized Apps and revoke anything suspicious

If you can't log in:

  1. Try password reset via email
  2. If that fails → go to dis.gd/hackedaccount to submit a support ticket
  3. Include your user ID and any proof of ownership

Why 2FA Alone Doesn't Stop Account Takeovers

"I had 2FA enabled and still got hacked" — reports like this surged in 2025. Modern attack methods are designed to bypass two-factor authentication entirely.

Session hijacking

Instead of stealing your password, attackers steal your session token (cookie) after you've already logged in. With a valid session token, no password or 2FA code is needed. Infostealer malware is the primary delivery method — it extracted 1.8 billion credentials in 2025 alone.

OAuth consent phishing

"Allow this app to access your account?" — attackers fake this permission screen. Once you click "Allow," they can control your account without ever needing your password. Microsoft reported that 47% of detected attacks in 2025 involved this technique.

What actually helps:

  • Regularly review and revoke connected apps/permissions
  • Don't click links you don't expect (see "Opened a Phishing Email? What to Do Next")
  • Keep device security software updated (protects against infostealers)
  • Use passkeys where available (Facebook, Instagram, and X support them as of 2025)

How to Prevent Future Takeovers

Once you've recovered, lock things down so it doesn't happen again.

Harden your authentication:

Monitor regularly:

NordVPN Plus and higher plans include Dark Web Monitoring, which alerts you when your email addresses or credentials appear on the dark web. This gives you early warning before credential stuffing attacks hit your accounts.

NordVPN

The world's leading VPN — fast, secure, and easy to use

  • 6,400+ servers across 111 countries
  • NordLynx protocol (WireGuard-based)
  • Threat Protection Pro (ads & malware blocking)

Wrapping Up

When a social media account is taken over, speed is everything.

  • Spot the signs → act immediately — change password → log out all devices → enable 2FA
  • Can't log in? Use official recovery tools — Instagram: instagram.com/hacked, Facebook: facebook.com/hacked, X: help.x.com
  • 2FA alone isn't enough — regularly review connected apps and active sessions
  • Password reuse is the biggest risk — a password manager is the permanent fix

Check whether your passwords are already leaked at "How to Verify If Your Password Has Been Breached." To understand why password reuse is the root cause of most account takeovers, see "Why Password Reuse Is Dangerous: How Credential Stuffing Works." If you suspect your phone itself may be compromised, see "Is Your Phone Hacked? How to Check and What to Do Now."