'%3e%3cpath%20d='M0,0%20v30%20h60%20v-30%20z'%20fill='%23012169'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23fff'%20stroke-width='6'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23C8102E'%20stroke-width='4'%20clip-path='url(%23s)'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23fff'%20stroke-width='10'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23C8102E'%20stroke-width='6'/%3e%3c/g%3e%3c/svg%3e)
UK
%20--%3e%3cuse%20href='%23s'%20x='0'%20y='0'/%3e%3cuse%20href='%23s'%20x='494'%20y='0'/%3e%3cuse%20href='%23s'%20x='988'%20y='0'/%3e%3cuse%20href='%23s'%20x='1482'%20y='0'/%3e%3cuse%20href='%23s'%20x='1976'%20y='0'/%3e%3cuse%20href='%23s'%20x='2470'%20y='0'/%3e%3cuse%20href='%23s'%20x='247'%20y='210'/%3e%3cuse%20href='%23s'%20x='741'%20y='210'/%3e%3cuse%20href='%23s'%20x='1235'%20y='210'/%3e%3cuse%20href='%23s'%20x='1729'%20y='210'/%3e%3cuse%20href='%23s'%20x='2223'%20y='210'/%3e%3cuse%20href='%23s'%20x='2717'%20y='210'/%3e%3cuse%20href='%23s'%20x='0'%20y='420'/%3e%3cuse%20href='%23s'%20x='494'%20y='420'/%3e%3cuse%20href='%23s'%20x='988'%20y='420'/%3e%3cuse%20href='%23s'%20x='1482'%20y='420'/%3e%3cuse%20href='%23s'%20x='1976'%20y='420'/%3e%3cuse%20href='%23s'%20x='2470'%20y='420'/%3e%3cuse%20href='%23s'%20x='247'%20y='630'/%3e%3cuse%20href='%23s'%20x='741'%20y='630'/%3e%3cuse%20href='%23s'%20x='1235'%20y='630'/%3e%3cuse%20href='%23s'%20x='1729'%20y='630'/%3e%3cuse%20href='%23s'%20x='2223'%20y='630'/%3e%3cuse%20href='%23s'%20x='2717'%20y='630'/%3e%3cuse%20href='%23s'%20x='0'%20y='840'/%3e%3cuse%20href='%23s'%20x='494'%20y='840'/%3e%3cuse%20href='%23s'%20x='988'%20y='840'/%3e%3cuse%20href='%23s'%20x='1482'%20y='840'/%3e%3cuse%20href='%23s'%20x='1976'%20y='840'/%3e%3cuse%20href='%23s'%20x='2470'%20y='840'/%3e%3cuse%20href='%23s'%20x='247'%20y='1050'/%3e%3cuse%20href='%23s'%20x='741'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1050'/%3e%3cuse%20href='%23s'%20x='0'%20y='1260'/%3e%3cuse%20href='%23s'%20x='494'%20y='1260'/%3e%3cuse%20href='%23s'%20x='988'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1260'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1260'/%3e%3cuse%20href='%23s'%20x='247'%20y='1470'/%3e%3cuse%20href='%23s'%20x='741'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1470'/%3e%3cuse%20href='%23s'%20x='0'%20y='1680'/%3e%3cuse%20href='%23s'%20x='494'%20y='1680'/%3e%3cuse%20href='%23s'%20x='988'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1680'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1680'/%3e%3c/g%3e%3c/svg%3e)
USA
us Technology & digital loss social media hacked • account posting by itself • posts i did not make • random posts on my account • someone took over my account • account compromised • unauthorized posts • my profile got hacked • my instagram got hacked • my facebook got hacked • my x twitter got hacked • unknown login activity • password changed without me • messages sent from my account • scam posts from my profile • account takeover • digital account breach • suspicious account activity • hacked after clicking a link • hacked through third party app What to do if…
What to do if…
your social media account starts posting content you did not create
Short answer
Assume an account takeover: lock down your email first, then use the platform’s official recovery flow, reset credentials, and sign out all sessions.
Do not do these things
- Don’t follow “recovery” links sent by DM/text from “support” accounts — navigate to the platform’s help pages directly.
- Don’t negotiate with the attacker from the compromised account or post emotional back-and-forth.
- Don’t pay anyone offering “account recovery” services — it often becomes a second scam.
- Don’t ignore your email account security; if your email is compromised, the takeover will keep coming back.
- Don’t make lots of rapid repeated login attempts if you’re getting blocked — it can slow you down.
What to do now
- Shift to a safer, steadier moment. Use a trusted device if possible. If you suspect your phone/computer is acting strangely, use another device to do recovery steps.
- Secure the email address tied to the social account first.
- Change the email password.
- Turn on multi-factor authentication.
- Check “recent activity” / “devices” and sign out other sessions if the email provider offers it.
- Use the platform’s official “hacked/compromised” recovery route.
- If you can still log in: change password immediately and use “log out of all devices/sessions.”
- If you can’t: complete the platform’s identity/recovery steps from its help center until you regain access.
- As soon as you’re back in, remove anything you don’t recognize that could let them return.
- Verify the account email/phone are yours; remove anything unfamiliar.
- Revoke unknown connected apps / third-party access.
- Turn on 2FA/MFA (prefer an authenticator app when offered).
- Protect other people quickly (without amplifying the scam).
- After you’ve secured access, remove the scam posts and send one short warning post to followers (ignore links/DMs).
- Check for financial exposure if the account can run ads or store payments.
- Look for ad campaigns, billing changes, or connected payment methods you didn’t authorize.
- If you see charges or attempted charges: contact your bank/card issuer immediately using the number on your card/statement.
- Document the minimum you might need later.
- Save screenshots of unauthorized posts, changed account details, suspicious logins, and any receipts/charges.
- Report if money loss, identity theft, or coordinated fraud is involved.
- File a report with the FBI’s Internet Crime Complaint Center (IC3). Be wary of look-alike “IC3” reporting portals and make sure you are using the official FBI reporting site.
What can wait
- You don’t need to figure out the exact attack method right now — focus on control, logout, and MFA.
- You don’t need to message everyone individually; one warning post is enough for the first pass.
- You don’t need to decide today whether to delete the account — secure it first.
Important reassurance
Seeing your account post things you didn’t create is jarring and feels personal, but it’s usually opportunistic. Regaining access through official recovery + securing your email + enabling MFA often stops it quickly and prevents repeats.
Scope note
This is first-step guidance to stabilize access and prevent immediate harm. Deeper cleanup (device checks, password manager setup, long-term monitoring) can happen after you’re back in control.
Important note
This is general information, not legal or professional advice. If there are credible threats, stalking, extortion, or immediate safety concerns, prioritize safety and contact local law enforcement or emergency services as appropriate.
Additional Resources
- https://consumer.ftc.gov/how-recover-your-hacked-email-or-social-media-account
- https://www.ic3.gov/CrimeInfo/AccountTakeover
- https://www.ic3.gov/
- https://help.x.com/en/forms/account-access/regain-access/hacked-or-compromised
- https://www.cisa.gov/sites/default/files/publications/CISA_CEG_Social_Media_Account_Protection_508.pdf