Compromised or hacked social media accounts can cause all sorts of trouble and a variety of consequences. It’s important to understand what to do next if your account has been compromised.
It’s important to take immediate steps to lock down the account and potentially kick out any hackers who have wrongfully taken control. Be sure to check the “More Resources” section below to find site-specific guidance on how to regain control of and secure your account.
These are critical, must-do steps that should be done in the following order:
- If you can access your account, log in and look for any unauthorized activity.
- Once inside your account, change your password. Create a new password that isn’t used on any of your other online accounts.
- If you can’t access your account, go to the site’s “Forgot Password” function to see if you can reset your password and log in that way.
- Notify the site that holds your account about your account being compromised. They may ask for evidence (such as unauthorized activity). A list of help pages from some of the top sites is available in our “More Resources” section below.
- If the account is connected to an online payment system, check for any suspicious activity and remove or cancel any credit cards associated with the account.
- If you suspect identity theft, freeze or lock your credit. Read our page on recovering from identity theft.
Now that you’ve taken the first critical steps to protect yourself, it’s time to investigate and learn the extent of any damage you and others may have suffered from your social media account being compromised.
Because each situation can be different at this stage, the following steps are not exhaustive or outlined in any particular order:
- Ensure that your other online accounts are not compromised. If the compromised social media account is linked to other online accounts, log out of those linked accounts and log back in once your compromised account is back in your control.
- (For example, if your Facebook account was compromised, and is used to sign in to a separate website or service, log out of the separate service and log back in only when your Facebook account is back in your control.)
- If the account that was compromised shares a password with any of your other online accounts, check those accounts first, because the hacker may try other popular accounts using the same login information to gain another foothold into your information.
- Check the website https://haveibeenpwned.com/ to see if any of your online accounts have been involved in prior data breaches, hacks, or cyber-attacks. This trusted website is run by a team of cybersecurity experts who have tracked data theft for years.
- If the account is connected to an online payment system, check for any suspicious activity.
- If you are able to access your account, warn others in your network about the breach and that a scammer may try to impersonate you.
- If the compromised account includes private information about others (such as information shared in direct messages), notify those whose information was possibly accessed.
The following steps will better protect you against account compromise and many other forms of online scams. That’s because these steps aren’t isolated to single accounts but relate to overall online security. If you put several of these into practice, you’ll be safer day-to-day. Here are some of the most important ways to stay safe in the future:
- Use a password manager and create and store unique passwords for each individual online account. Repeat passwords are one of the biggest vulnerabilities in account compromise and hacking.
- Set up the defense mechanism known as multi-factor authentication, or MFA for short. To learn more about MFA and how to use it, read our FAQ.
- Speaking of MFA, never share the one-time passcodes that are sent to your phone or email inbox with anyone, and remember that no legitimate company will ever ask you to tell them the one-time passcode over the phone or in a customer support chat.
- Never share login credentials with anyone.
- Never click on unknown links or respond to unsolicited text or email messages.
Setting up multi-factor authentication
- 2FA Directory (find out how to enable two-factor authentication on various accounts and websites)
- PC Magazine article on authenticator apps
The following resources can help guide you in scam education, response, and reporting:
- CyberFlex cybersecurity toolkit
- Report social media or gaming account impersonation (Canadian Centre for Cyber Security)
- BBB Tip: Recovering from a scam
- How to keep your child safe in online gaming (Forbes)
- BBB Scam Alert: Compromised account? Think twice before you panic
- BBB Tip: How scammers use social media accounts
- BBB Tip: How to spot a fake social media account
- BBB Business Tip: What to do if your business’s social media account gets hacked
- BBB Scam Alert: Why you should never pay to recover your social media account
- Loss of control of social media channels (Canadian Centre for Cyber Security)
Social media help pages
- Facebook/Threads
- Snapchat
- TikTok
- Tumblr
- Twitch
- X (Twitter)
- YouTube
Recognizing and preventing future incidents
- Learn more about social media scams (BBB)
- Staying safe on social media (Office of the Privacy Commissioner of Canada)
- Gaming and personal information: Playing with privacy (Get Cyber Safe)
- Phishing: Don’t get reeled in (Get Cyber Safe)
- How to spot the “red flags” of scams (BBB)
- BBB Tip: How to create a strong password
- Learn more about impersonation scams (BBB)
- Learn more about romance scams (BBB)
- How to know if you’ve been hacked, and what to do about it (Wired)