Social Media & Account Compromise
Guidance for recovering personal accounts (social media, shopping, etc.) that have been hacked. Criminals may use these accounts to scam your friends or damage your reputation.
Based on guidance from the Australian Cyber Security Centre (ACSC).
Stop Financial Harm
Check Connected Payment Methods
Does this account have your credit card or PayPal saved? (e.g., Amazon, Apple ID, Uber). If so, check for charges and consider cancelling the card if the account is out of your control.
Secure Your Email
An attacker often needs access to your email to request password resets. Ensure your email account is secure with a strong password and MFA.
Get Your Account Back
Use Official Help Channels
Go directly to the service's "Help" or "Safety" centre. Look for "I think my account was hacked" tools.
Secure Connected Accounts
In the "Security" or "Settings" menu of your recovered account, look for "Logged in devices" or "Sessions" and log out of anything you don't recognise. Also check "Connected Apps".
Damage Control
Notify Contacts
Warn friends and family not to click links sent from your account or send money if asked. Attackers often pretend to be you in distress to scam your contacts.
Enable Multi-Factor Authentication
Turn on MFA immediately to stop the attacker getting back in. Use an app like Microsoft Authenticator or Google Authenticator.