'%3e%3cpath%20d='M0,0%20v30%20h60%20v-30%20z'%20fill='%23012169'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23fff'%20stroke-width='6'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23C8102E'%20stroke-width='4'%20clip-path='url(%23s)'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23fff'%20stroke-width='10'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23C8102E'%20stroke-width='6'/%3e%3c/g%3e%3c/svg%3e)
UK
%20--%3e%3cuse%20href='%23s'%20x='0'%20y='0'/%3e%3cuse%20href='%23s'%20x='494'%20y='0'/%3e%3cuse%20href='%23s'%20x='988'%20y='0'/%3e%3cuse%20href='%23s'%20x='1482'%20y='0'/%3e%3cuse%20href='%23s'%20x='1976'%20y='0'/%3e%3cuse%20href='%23s'%20x='2470'%20y='0'/%3e%3cuse%20href='%23s'%20x='247'%20y='210'/%3e%3cuse%20href='%23s'%20x='741'%20y='210'/%3e%3cuse%20href='%23s'%20x='1235'%20y='210'/%3e%3cuse%20href='%23s'%20x='1729'%20y='210'/%3e%3cuse%20href='%23s'%20x='2223'%20y='210'/%3e%3cuse%20href='%23s'%20x='2717'%20y='210'/%3e%3cuse%20href='%23s'%20x='0'%20y='420'/%3e%3cuse%20href='%23s'%20x='494'%20y='420'/%3e%3cuse%20href='%23s'%20x='988'%20y='420'/%3e%3cuse%20href='%23s'%20x='1482'%20y='420'/%3e%3cuse%20href='%23s'%20x='1976'%20y='420'/%3e%3cuse%20href='%23s'%20x='2470'%20y='420'/%3e%3cuse%20href='%23s'%20x='247'%20y='630'/%3e%3cuse%20href='%23s'%20x='741'%20y='630'/%3e%3cuse%20href='%23s'%20x='1235'%20y='630'/%3e%3cuse%20href='%23s'%20x='1729'%20y='630'/%3e%3cuse%20href='%23s'%20x='2223'%20y='630'/%3e%3cuse%20href='%23s'%20x='2717'%20y='630'/%3e%3cuse%20href='%23s'%20x='0'%20y='840'/%3e%3cuse%20href='%23s'%20x='494'%20y='840'/%3e%3cuse%20href='%23s'%20x='988'%20y='840'/%3e%3cuse%20href='%23s'%20x='1482'%20y='840'/%3e%3cuse%20href='%23s'%20x='1976'%20y='840'/%3e%3cuse%20href='%23s'%20x='2470'%20y='840'/%3e%3cuse%20href='%23s'%20x='247'%20y='1050'/%3e%3cuse%20href='%23s'%20x='741'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1050'/%3e%3cuse%20href='%23s'%20x='0'%20y='1260'/%3e%3cuse%20href='%23s'%20x='494'%20y='1260'/%3e%3cuse%20href='%23s'%20x='988'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1260'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1260'/%3e%3cuse%20href='%23s'%20x='247'%20y='1470'/%3e%3cuse%20href='%23s'%20x='741'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1470'/%3e%3cuse%20href='%23s'%20x='0'%20y='1680'/%3e%3cuse%20href='%23s'%20x='494'%20y='1680'/%3e%3cuse%20href='%23s'%20x='988'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1680'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1680'/%3e%3c/g%3e%3c/svg%3e)
USA
uk Technology & digital loss social media hacked • account posting by itself • posts i did not make • random posts on my account • someone took over my account • account compromised • unauthorized posts • my profile got hacked • my instagram got hacked • my facebook got hacked • my x twitter got hacked • unknown login activity • password changed without me • messages sent from my account • scam posts from my profile • account takeover • digital account breach • suspicious account activity • hacked after clicking a link • hacked through third party app What to do if…
What to do if…
your social media account starts posting content you did not create
Short answer
Treat it as an account takeover: secure your email first (if it’s linked), then regain control of the social media account and force a sign-out everywhere.
Do not do these things
- Don’t make lots of rapid repeated login attempts to “test” passwords — it can trigger security blocks and slow recovery.
- Don’t post arguments or threats to the attacker from the compromised account (it can escalate scams and confuse followers).
- Don’t click “security alert” links from DMs/emails unless you’ve navigated to the platform’s help pages yourself.
- Don’t pay anyone who claims they can “recover” your account — recovery is done through the platform.
- Don’t assume it’s only the social media account; the linked email may be the real entry point.
What to do now
- Move to a calmer, safer setup (2 minutes). Use a device you trust, on a private connection. If you can, avoid public Wi-Fi.
- Secure the email account linked to the social profile first.
- Change the email password.
- Turn on 2-step verification for the email.
- Check the email account’s “security / recent activity” and sign out of other sessions if offered.
- Start the platform’s official account recovery process (don’t improvise).
- Use the platform’s “hacked/compromised” or “regain access” flow from its Help/Support pages.
- If you can still log in, change the password immediately and use “log out of all devices/sessions” if available.
- Remove the attacker’s footholds inside the account. (Do this once you’re back in.)
- Check account email address and phone number and change back anything you don’t recognise.
- Revoke third-party app connections you don’t recognise (often under “Apps”, “Connected apps”, or “Security”).
- Turn on 2-factor authentication (prefer an authenticator app where the platform offers it).
- Stop further harm to others quickly.
- Delete obvious scam posts only after you’ve secured access (otherwise they may reappear).
- Post one brief warning to followers (e.g., “My account was compromised — ignore recent posts/DMs and don’t click links”) once you’re confident you’re back in control.
- Check for money-risk settings (especially if you run ads or have a business page).
- Review ad accounts, payment methods, and any “promotions” you didn’t start.
- If you see charges or attempted charges, contact your bank/card provider immediately using the number on the back of your card.
- Preserve a minimal record in case you need to report it.
- Take screenshots of unauthorised posts, changes to email/phone, and any “login from new location/device” notices.
- Report it if there’s fraud, threats, or you’ve lost money (use the right UK route).
- If you live in England, Wales, or Northern Ireland: report cyber crime/fraud to Report Fraud (the police reporting service for fraud and cyber crime).
- If you live in Scotland or it happened there: report to Police Scotland (online or by calling 101 for non-emergencies).
- If the crime is happening right now or someone is in immediate danger, call 999.
What can wait
- You do not need to figure out exactly how the attacker got in right now.
- You do not need to contact every follower individually — a single warning post (once secure) is enough for the first phase.
- You do not need to decide today whether to delete your account; stabilise control first.
Important reassurance
This happens to ordinary people and can look “worse than it is” because posts/DMs are public and fast. If you focus on securing the linked email, regaining access through official recovery, and logging everything out, you usually stop the spiral quickly.
Scope note
This guide covers first steps to regain control and limit harm. Later steps (like deeper device checks, longer-term security, or dealing with reputational fallout) can come after you’ve stabilised access.
Important note
This is general information, not legal or professional advice. If you feel unsafe, are being blackmailed, or there are credible threats, prioritise immediate safety and contact police using the appropriate route.
Additional Resources
- https://www.ncsc.gov.uk/guidance/recovering-a-hacked-account
- https://www.ncsc.gov.uk/guidance/setting-2-step-verification-2sv
- https://www.reportfraud.police.uk/
- https://www.reportfraud.police.uk/reporting-a-fraud/
- https://www.scotland.police.uk/advice/internet-safety/cybercrime/
- https://www.gov.uk/report-suspicious-emails-websites-phishing