Back to blog
Account Security
9 min

How to Recover a Hacked Instagram, Facebook, X, or Google Account

Platform-specific recovery steps for hacked social media accounts. Detailed guides for Instagram, Facebook, X/Twitter, and Google account recovery.

LOCK.PUB
2026-01-13
How to Recover a Hacked Instagram, Facebook, X, or Google Account

How to Recover a Hacked Instagram, Facebook, X, or Google Account

Each social media platform has its own recovery process, and knowing the right steps can mean the difference between getting your account back in minutes versus weeks. This guide covers the exact recovery procedures for the four most commonly hacked platforms.

Before you start, if you have not yet taken emergency measures, read our account hacked response guide first.

Instagram Account Recovery

Instagram is one of the most targeted platforms for account takeovers. Hackers often change the email and phone number immediately, making standard recovery difficult.

If You Can Still Log In

  1. Go to Settings > Account Center > Password and security
  2. Change your password immediately
  3. Enable two-factor authentication
  4. Check Login activity and log out of unknown sessions
  5. Go to Account Center > Personal details and verify your email and phone number

If You Are Locked Out

  1. Go to the login screen and tap "Forgot password?"
  2. Enter your username, email, or phone number
  3. Check for a login link in your email or SMS
  4. If the email was changed, look for a message from security@mail.instagram.com with the subject "Your email address was changed" — it contains a "revert this change" link

If Standard Recovery Fails

  1. Open the Instagram app and tap "Get help logging in"
  2. Enter your username and tap "Need more help?"
  3. Request a security code — Instagram will send it to your original email or phone
  4. Video selfie verification — Instagram may ask you to record a short video of yourself turning your head. This is compared against photos on your profile
  5. Submit a support request at help.instagram.com under "Hacked Accounts"

Important Notes for Instagram

  • Video selfie verification only works if your profile has photos of your face
  • Business accounts can contact Facebook Business support for faster help
  • Recovery can take days to weeks; keep checking your email for responses
  • Do not create a new account with the same email while recovery is pending

Facebook Account Recovery

Facebook has one of the most structured recovery systems. The key is acting quickly before the attacker modifies all recovery options.

If You Can Still Log In

  1. Go to Settings > Security and login
  2. Under "Where you're logged in," remove all sessions you do not recognize
  3. Change your password
  4. Enable two-factor authentication
  5. Review Authorized logins and remove unfamiliar devices

If You Are Locked Out

  1. Visit facebook.com/hacked — this is the official entry point
  2. Click "My Account Is Compromised"
  3. Enter your email, phone, username, or full name
  4. Enter your old or current password — Facebook accepts both for verification
  5. Choose "Secure My Account" and follow the guided steps

If the Email and Phone Were Changed

  1. Go to facebook.com/login/identify
  2. Search for your account by name, email, or phone
  3. Select your account from the results
  4. Choose to receive a recovery code via a method you still have access to
  5. If none are available, tap "No longer have access to these?"
  6. Facebook may ask you to identify friends by their photos (Trusted Contacts), or submit a government ID

Trusted Contacts Recovery

If you set up Trusted Contacts before the hack:

  1. Ask 3 to 5 of your trusted contacts to go to facebook.com/recover
  2. They will each receive a unique security code
  3. Collect the codes and enter them on the recovery page

Important Notes for Facebook

  • facebook.com/hacked is the fastest route — do not use the general help center
  • Government ID verification usually takes 1-3 business days
  • If your account is being used to scam others, you can report it via facebook.com/help/reportcompromised

X/Twitter Account Recovery

X (formerly Twitter) recovery depends heavily on whether you still have access to your associated email.

If You Can Still Log In

  1. Go to Settings > Security and account access > Security
  2. Change your password
  3. Under Sessions, review and log out of unfamiliar sessions
  4. Enable two-factor authentication
  5. Review Connected apps and revoke anything suspicious

If You Are Locked Out

  1. Go to twitter.com/account/begin_password_reset
  2. Enter your email, phone, or username
  3. Choose your recovery method — email or phone
  4. Enter the code sent to your recovery method
  5. Set a new password

If the Email Was Changed

  1. Check your old email for a notification from X about the email change — it includes a link to revert the change
  2. If no email is found, go to help.twitter.com
  3. Select "I need to regain access to my account"
  4. Fill out the support form with:
    • Your account username
    • The email address you used to create the account
    • The approximate date you lost access
    • A description of what happened
  5. Check your email for responses from X support

Important Notes for X/Twitter

  • X prioritizes accounts with phone numbers associated — add one as soon as you recover access
  • Verified accounts may get faster support
  • If your account was suspended (not hacked), the process is different — use help.twitter.com/forms/general

Google Account Recovery

A hacked Google account is especially critical because it serves as the backbone for Gmail, YouTube, Google Drive, and Android devices.

If You Can Still Log In

  1. Go to myaccount.google.com > Security
  2. Change your password
  3. Under "Your devices," sign out of all unfamiliar sessions
  4. Review "Third-party apps with account access" and remove unknown ones
  5. Enable 2-Step Verification with an authenticator app
  6. Check Gmail > Settings > Forwarding for unauthorized email forwarding rules

If You Are Locked Out

  1. Go to accounts.google.com/signin/recovery
  2. Enter your Gmail address
  3. Google will try several verification methods in sequence:
    • Your most recent password
    • A verification code sent to your recovery phone
    • A verification code sent to your recovery email
    • A security code from Google Authenticator
    • Answering security questions
  4. Answer as many as you can — Google uses a confidence score; the more you answer correctly, the more likely you are to regain access

If All Recovery Methods Fail

  1. Use a device and browser you have previously used to log into this account — Google recognizes trusted devices
  2. Try recovering from your home or work network — a familiar IP address strengthens your claim
  3. Wait 24 hours and try again — Google sometimes throttles recovery attempts
  4. If nothing works, fill out the Google Account Recovery form

Important Notes for Google

  • Recovery is significantly easier from a device you have used before
  • The location from which you attempt recovery matters
  • Google does not offer live support for free accounts — the process is entirely automated
  • Google Workspace (business) accounts should contact their administrator

General Tips That Apply to All Platforms

Before a Hack Happens

Action Why it matters
Enable 2FA on every account Blocks login even with stolen password
Add a recovery phone AND email Gives multiple paths back into your account
Use unique passwords Prevents credential stuffing across platforms
Keep recovery codes safe Last resort when all other methods fail

During Recovery

  • Act within 24 hours — The longer you wait, the more changes the attacker can make
  • Check your email for security alerts — Most platforms send notifications when settings change
  • Do not delete the hacked account — This makes recovery impossible
  • Screenshot everything — Save evidence of unauthorized activity for support requests

After Recovery

  • Change passwords on all accounts that used the same credentials
  • Enable 2FA everywhere
  • Review and revoke connected third-party apps
  • Monitor for suspicious activity over the next several weeks

Keep Your Recovery Information Secure

During the recovery process, you may receive temporary passwords, security codes, or recovery links. Instead of letting these sit in your iMessage or Messenger history, store them temporarily in a password-protected memo on LOCK.PUB with a short expiration time. Once the recovery is complete, the information expires and disappears.

After recovery, use LOCK.PUB to securely store your new passwords and backup codes — protected by a master password that only you know.

Create a Secure Memo -->

Keywords

recover hacked Instagram
recover hacked Facebook
hacked Twitter account recovery
Google account hacked
social media account recovery
hacked account help

You might also like

Encrypt Link: How to Encrypt Any URL for Free

Learn how to encrypt any link for free. Create encrypted URLs with password protection, expiration dates, and one-time access. Complete guide to link encryption.

How-To Guide

How to Hide Photos on Your Phone — iPhone & Android Complete Guide

Learn to hide photos using iPhone Hidden album, Android Secure Folder, Google Photos Locked Folder, and third-party encryption apps.

Device Privacy

How to Safely Share Your Solana Wallet Key (Phantom, Solflare, etc.)

Learn how to securely back up and share your Solana wallet seed phrase and private key. A security guide for Phantom, Solflare, and Solana CLI users.

Crypto Security

Create your password-protected link now

Create password-protected links, secret memos, and encrypted chats for free.

Get Started Free
How to Recover a Hacked Instagram, Facebook, X, or Google Account | LOCK.PUB Blog