Nearly 2 out of 5 Americans say that hackers have taken over their social media accounts. And those numbers are likely to rise as more and more account information gets leaked in breaches of big corporations.
“[Hackers are] taking those credentials and, in an automated fashion, they’re gonna bounce those up against every other account out there on the web,” says Lisa Plaggemier, executive director of the National Cybersecurity Alliance. Even if you don’t reuse the exact same password on other accounts, hacker software can easily generate iterations until they get a hit.
(Chances are, you’ve been involved in multiple data breaches. To find out, visit the site have i been pwned?, enter your email address, and see how you’ve been affected.)
Other times, people hand their logins to crooks by responding to scam emails saying, for instance, that your Facebook page has been scheduled for deletion and you must log in immediately (at the bogus link below) to appeal the action.
There are probably things you could have done better (or not done) to prevent getting hacked. But the past is the past. Let’s get back online first and then protect your accounts better going forward.
The steps for regaining access to your account vary from online service to service—sometimes by a little and sometimes by a lot. But they follow a general pattern — escalating from easy password resets and proving your identity to (sometimes) getting help from actual humans. Unfortunately, if hackers have manipulated your account too much, such as changing your username, password, and contact info, you may not be able to recover your account.
First, you have to realize that you’ve been hacked. Here are some signs:
- Pics or videos you never shot appear as your Facebook, Instagram, or TikTok posts.
- Friends are getting bogus messages from you on Facebook or Twitter.
- Spotify is playing music you never queued up.
- A device you don’t own logged in with your Apple ID.
- New contacts appear in your Snapchat account.
- A genuine email from Instagram says that your email address was changed.
If anything like this happens, the first thing tech companies advise is to log in and change your password — assuming hackers haven’t already changed it to one only they know. When you do change your password, make sure it’s a good one. (I’ll describe how to do that further down.)
If your password no longer works, you’ll have to take other steps to recover your account. On Instagram and elsewhere, for instance, you can request a login link be emailed to your registered address or a security code be texted to your registered phone number (assuming hackers haven’t changed those as well). Some services, such as Apple and Spotify, provide human support for assistance.
If the mechanics of app-centric services vary a lot between Android and iOS (like with Instagram), I’ll provide instructions for the web interface. If not (as with TikTok), I’ll give instructions for mobile.
Your Apple ID is the key to a lot of personal information, including purchases and online subscriptions. And if you use iCloud extensively, hackers might access your contacts, calendar, photos, notes, and even your GPS location.