SOS action plan if your social media account or email has been hacked

What to do in the first minutes after a hack: general procedure

In general, the signs of a hacked social media account are similar: you can't log in, notice suspicious activity, unexpected posts, changes to your personal information, or receive reports from friends about spam posted in your name.

First, you should check your email. This is where attackers consolidate their account hacks by changing your password, email, or enabling multifactor authentication without your knowledge.

If you see an email with information about any of the described actions and realize it's not yours, immediately click «It wasn't me». This is often the only chance to regain access to a lost account.

At the same time, it's a good idea to take screenshots of all emails and warnings — you'll need them when you contact support. If the account was linked to payment services, you should contact your bank immediately.

An equally important step is to warn your loved ones. When a page is hacked, scammers often launch phishing scams, exploiting your trust in your name.

These are the basic steps to regain control of your account, regardless of the platform.

Below, we'll share step-by-step procedures for dealing with hacked accounts on the most popular social networks.

What to do if your Instagram is hacked

In this situation, the first thing you should do is follow the standard recovery procedure:

1. Go to the account recovery section.

• ‒ Go to the Instagram login page and select «Forgot your password?» or «Need help?».
• ‒ Select «My account was hacked».

2. Verify your identity.
Instagram will prompt you to provide:

• ‒ the email address or phone number associated with your account;
• ‒ your username.

An email or text message with instructions will be sent to the contact information you provided.

3. Fill out the security form.
In some cases, the system redirects the user to a special form where they must:

• ‒ describe the problem (unauthorized access);
• ‒ confirm that the account is yours;
• ‒ indicate the profile creation date (if possible).

4. Complete verification via photo or video.
For personal accounts, Instagram may request a selfie with a code sent by support, or a short video confirming your identity, requiring you to turn your head in different directions.

After successful verification, you will receive an email with a link to reset your password and regain access to your account. It is important to click the link as quickly as possible, as it has an expiration date.

If the standard method doesn't work, you will need to contact Instagram technical support.

What to do if your Facebook page is hacked

In this situation, it's important to act quickly and use the standard Facebook account recovery process, which includes identity verification and profile security checks. This allows you to regain control of your page and prevent further unauthorized activity.

To regain access to your Facebook page:

1. Go to the recovery page.
Go to the recovery section for your hacked Facebook account and select «My account was hacked».

2. Identify your account.
To do this, you will need to provide:

• ‒ the email or phone number linked to the account;
• ‒ the profile name or page URL.

3. Confirm your identity.
Facebook may request:

• ‒ enter your previous password;
• ‒ email or SMS confirmation;
• ‒ upload an identity document (passport, ID card).

4. Review your security changes.
After access is confirmed, the system allows you to:

• ‒ send a review; undo unauthorized changes (email, phone number);
• ‒ view the attacker's activity;
• ‒ regain control over pages and advertising accounts.

5. Set a new password.
Create a new password and confirm it.

What to do if your TikTok page is hacked

If you lose control of your TikTok account, there's no fully automated process like Instagram or Facebook. The main way to regain access to your social media page is to contact support via the form.

Identity verification is performed by verifying:

• ‒ account information (registration date, nickname);
• ‒ device and login region;
• ‒ approximate number of followers and content.

Videos or selfies are rarely requested for identity verification. Communication is primarily via email.

What to do if your Telegram account is hacked

Signs that scammers have hacked Telegram include:

• You received the message «New login from [unknown device/country]»;
• You see active sessions you don't recognize;
• You receive messages you didn't send;
• Your profile photo or bio has changed;
• You see yourself in groups you didn't join.

In such cases, the following steps should be taken:

1. Check your active sessions.

• 1) Open Telegram.
• 2) Go to «Settings» → «Privacy» → «Active sessions».
• 3) Review the list of devices.
• 4) If you see anything suspicious (for example, logging in from an unfamiliar device, from a country you've never been to, or a login date when you weren't online), tap the session → «End session».

2. End all other sessions (except the current one).
At the bottom of the list of active sessions, there's a button labeled [End All Other Sessions]. Tap it to log out the hacker from all devices.

3. Change your password (if two-step verification is enabled).

• 1) Go to «Settings» → «Privacy» → «Two-step verification».
• 2) Tap «Change password».

If you don't have two-step verification, set it up now:

• 1) Go to «Settings» → «Privacy» → «Two-step verification».
• 2) Create a strong password.
• 3) Enter a backup email.

4. Check your privacy settings:
If hackers gain access to your account, they can change the following settings:

• ‒ Who can see your phone number.
• ‒ Who can add you to groups.
• ‒ Who can see your «Last Seen» status.

Check: «Settings» → «Privacy».

What to do if you've lost access to your phone number

A unique feature of Telegram is that it's linked to your phone number. If you've lost access to it, there are several options:

Option 1. Transfer your number to a different SIM card.
To do this, contact your carrier and obtain a new Telegram login code.

Option 2. Contact support.
Write to @TelegramSupport or recover@telegram.org. However, please be patient in this case, as it can take 2-4 weeks for a response.

If you don't follow these steps and don't log in to your account for six months, it will be automatically deleted. You can then create a new one using the same number.

What to do if Viber is hacked

Signs that Viber has been hacked include:

• you've been logged out of your account without your permission;
• you receive an SMS with an activation code you didn't request;
• friends receive suspicious messages in your name;
• new chats or calls you didn't make appear.

Viber is linked to a phone number, so attackers typically try to intercept the SMS activation code or activate the account on another device.

The standard Viber recovery procedure is as follows:

1. Immediately reinstall Viber.
Delete the Viber app from your smartphone and reinstall it from the official app store (Google Play or App Store).

2. Reactivate your account.
During launch:

• ‒ enter your phone number;
• ‒ receive an SMS with an activation code;
• ‒ confirm your login.

Important: activating Viber on a new device automatically deactivates your account on all other devices, including those that may have been used by attackers.

3. Check your connected devices.
After logging in, go to «Settings» → «Account» → «Computers and Tablets». Disconnect any suspicious or unfamiliar sessions.

4. Enable additional security.
Recommended:

• ‒ enable a Viber PIN («Settings» → «Privacy»);
• ‒ set a screen lock on your phone;
• ‒ don’t share codes via SMS with third parties.

5. Check your smartphone.
Since Viber hacking is often related not to the service itself, but to accessing the phone:

• ‒ check your phone for malicious apps;
• ‒ change your email, Google, or Apple ID passwords;
• ‒ if possible, contact your mobile operator regarding SIM protection.

If access is not restored after completing these steps, please contact Viber support via the feedback form. Please provide your phone number, a description of the issue, and the time of the suspicious activity.

What to do if your Google account has been hacked

A Google account is often the «key» to other services. Therefore, it's helpful to know what to do in advance if your Gmail account is hacked.

Recovery is performed through the official Google form, specifying the account creation date, devices, and usual login locations. While the investigation is ongoing, it's important to change your passwords on other services and notify your bank (if your Google account was the «key» to financial services).

If your corporate email or work accounts were hacked, it's no longer just your problem. In such cases:

1. Immediately report the hack to your IT department/management.
2. Change passwords on all corporate services: corporate email, CRM systems, server access, corporate instant messaging.
3. Check to see if any confidential data was stolen: client databases, financial documents, trade secrets.
4. Document the incident: when the hack was discovered, what exactly was compromised, what actions were taken, and who was notified. This may be necessary for an internal investigation or data breach report.

How to prevent your account from being hacked again

Prevention is the foundation of digital security. To protect your account from future hacking, follow these recommendations:

1. Enable multi-factor verification.
Multi-factor verification is not an option, but a necessity. Even if a hacker knows your password, they still need the code from your phone or app.

How to enable multi-factor authentication (MFA):

• Instagram:
  «Settings» → «Security» → «Two-Step Verification» → «Enable».
• Facebook:
  «Settings and Privacy» → «Settings» → «Password and Security» → «Two-Step Verification».
• Telegram:
  «Settings» → «Privacy and Security» → «Two-Step Verification».
• Google:
  «Google Account» → «Security» → «Two-Step Verification» → «Enable».

Viber doesn't have classic multi-factor authentication like Google, Facebook, or Telegram. Instead, the Viber PIN serves as an additional layer of account security.

To enable it:

• 1) Go to Viber → «More» → «Settings».
• 2) Select «Privacy».
• 3) Tap «Viber PIN».
• 4) Create a PIN (4-6 digits) and confirm it.
• 5) Enter your recovery email (recommended).

2. Use unique passwords for each service.
To remember them, it's helpful to use a password manager: 1Password, KeePass, StickyPassword, Keeper, or others.

3. Add a backup email and phone number.
Be sure to include:

• ‒ a backup email address;
• ‒ a backup phone number;
• ‒ a contact friend (Facebook allows this).

This is your backup. If your primary email and phone number fail, your backups will save you.

4. Regularly check your active sessions.
4. Regularly check your active sessions.

Where to check:

• ‒ Instagram: «Settings» → «Security» → «Login Activity».
• ‒ Facebook: «Settings» → «Security & Login» → «Where You're Logged In».
• ‒ TikTok: «Settings & Privacy» → «Security» → «Devices».
• ‒ Telegram: «Settings» → «Privacy» → «Active Sessions».
• ‒ Viber: «More» → «Options» → «Account» → «Computer & Tablets».

5. Don't click suspicious links.
Typical «bait» offers might look like this:

• ‒ «See who's viewing your profile».
• ‒ «You've won an iPhone — fill out the form».
• ‒ «Verify your account using this link».

So, be sure to check the URL before clicking.

6. Keep your apps and operating system updated.
Older versions have vulnerabilities that hackers exploit. To prevent this, enable automatic updates:

• on iOS devices: «Settings» → «App Store» → «App Updates (automatic)»;
• on Android devices: «Play Store» → «Settings» → «Auto-update apps».

7. Don't use other people's Wi-Fi without a VPN.
Public Wi-Fi in coffee shops, hotels, and airports is like talking on a crowded street. Everyone around you can eavesdrop on your passwords. To avoid this:

• ‒ don't log into important accounts on public Wi-Fi;
• ‒ use a VPN (changes your IP address and encrypts traffic);
• ‒ or use mobile data instead of Wi-Fi.

Hacks are unpleasant, but not catastrophic. The key is to understand what to do and act quickly and methodically. And it's the first few minutes that determine whether you can regain access to your lost account without serious consequences.

A reliable Internet connection, proper account settings, and basic cybersecurity principles will give you peace of mind. Save these instructions — you might never need them. But if you do, you'll know exactly what to do.