Though we protect social accounts with smart passwords, keep browser and protection software up-to-date, and despite all those compelling links (“Someone is spreading rumors about you! Click here to find out what they said...”) we’ve avoided, sometimes social accounts are compromised. Here are some steps to take if one of your accounts has fallen out of your control.
1. If you believe your account has been compromised, go to the source. Go directly to www.twitter.com or www.facebook.com online (not to a third-party client such as Tweetdeck or through an app) and change your password immediately upon seeing anything suspicious posted from your account, or if you accidentally click on a suspicious link.
If you can successfully change your password, proceed to the next step. If you cannot access your account:
On Twitter: From another computer, visit www.twitter.com and in the log-in menu, select the “reset password” option. You’ll get an email from Twitter with instructions to restore access. Complete this process and the next step on the second machine. While awaiting the email or immediately after restoring access, proceed with the remaining steps to ensure continued security. If resetting your password still doesn’t restore access, go to support.twitter.com and file a support ticket, following instructions exactly. While awaiting word from Twitter, proceed to the next step.
On Facebook: If you cannot access your account, visit www.facebook.com/hacked and start the process of reclaiming your account. If possible, visit this website from a different computer and while not logged into Facebook as anyone else for an extra level of security.
2. Limit access. After changing your password (or trying to do so), mitigate further effects of the breach by temporarily revoking access to all apps and add-ons associated with your compromised account. (As a preventive step, regularly review apps and add-ons associated with your accounts and remove items no longer in use.)
To do this on Twitter, select “settings” from the upper-right corner drop-down menu, then the “apps” tab from the left-hand menu on the next page. Click the “revoke access” button to the right of each app.
On Facebook, open the “account” drop-down, select “privacy settings” and the “ads, apps and websites” settings tool (look near the bottom of the page).
3. Clean up. Especially in cases of compromised passwords, before accessing this account again on your original PC, scan your computer with up-to-date, reputable antivirus software.
4. Document and remove. After security has been restored, remove content posted from your account during the compromise, including direct messages.
Doing so will help prevent people in your network from clicking and accessing the content, and potentially suffering an account breach themselves.
But prior to deleting anything posted by your account (especially if the compromised account related to your brand or business), you may want to take a screenshot of the content and save the image. You may also wish to send a tweet (or direct message) to those who were targeted by your account or a status update on Facebook to reassure your social network that security has been restored.
Particular to Facebook, if you mistakenly fell into a “Like” scam, you’ll also need to edit your interests on your profile and remove any links to spam sites you may have acquired.