Kit #1. My email, Facebook or Twitter account was hijacked

I lost access to my email, Facebook or Twitter user account. What should I do if someone stole my log-in information and I can no longer log in?

One day you switch on your computer and you can no longer log in to your email, Facebook or Twitter account. You are sure that you remember your passphrase correctly and you suspect that someone else has changed it.

What you should do

You need to double-check first of all that you are on the correct log-in page; that the link and interface you are seeing are genuine. Look carefully for slight variations in the URL. In particular, make sure that the URL starts with https in your browser.

It might be useful to ask someone around you, or visit a service-monitoring site like, to check that the service you are trying to access is not out of order; this sometimes happens even to the biggest service providers.

While you are without access to your account, it is a good idea to have a person you trust to write to your key contacts and warn them that you are without access to your account and someone may be acting as an impostor. You can also consider informing your contacts through the social media accounts that you still have access to.

Once you regain access to your account be sure to review all of the account settings (especially your security and privacy settings) and contacts list to make sure no changes have been made that could compromise your security.

How to prevent future problems

Once you recover access to your service, do the following immediately:

  1. Go to your account settings to change your passphrase and add a secondary email address.

  2. Consider enabling “two factor authentication” (2FA) by adding your mobile phone number to your account. This will require you to enter not only your passphrase, but also a short code received/generated on your phone, which will improve the security of your account.

If you enable 2FA then be sure to save the backup codes that are provided to you when setting it up. These backup codes can be used to log in if you are unable to receive the short code on your phone for any reason (such as if you are travelling outside of the country, or you lose/damage your phone).

  1. Go to your account’s security settings and activate log-in alerts or log-in verification. On Gmail and Facebook you can review recent activity on your account and their locations and sign yourself out of sessions that are unfamiliar.

  2. Review the third-party applications that have been granted permissions on your account and remove any unnecessary apps.

  3. On Facebook you can select a number of friends to be “Trusted Contacts”. If you get locked out of your account, Facebook can send them information to help you regain access.

  4. Check carefully all the accounts in your Facebook friend and Twitter following lists to make sure that you are not newly associated with any suspicious, unknown accounts. This is important on Facebook because depending on your privacy settings, your posts could now be visible to these accounts.

Keep in mind

Where to find more help

<< Go back to Kit