A hand holding a padlock with a keyhole in a social media caption frame.

Cybercrime on social media is so bad that 40 US states (and DC) called on Meta to do something about all the Facebook and Instagram accounts getting hijacked. And while major corporations may be dragging their heels, you are not left alone and defenseless. Read this article to find out more about what you can do to avoid hackers on social media.

Table of contents

    9 tips on how to avoid getting hacked on social media

    There are countless ways to lose your data on social media — and to get hacked as well. But you’re not defenseless in the face of such depravity. Follow these common cybersecurity tips to secure your social media accounts from hackers:

    1. Create strong and unique passwords

    Passwords are still important in the year 2024. At this point, we probably already know all the tips’ greatest hits:

    • More than eight characters long;
    • Combines letters and numbers;
    • Includes at least one special character;
    • Is not used on any other account. 

    That is annoying, yes — you have to remember many combinations of random letters and other characters — but that is the price of safety. Passwords combining letters, numbers, and special symbols are impractical to crack within a human lifespan. Meanwhile, non-unique passwords can be leaked in data breaches and reused to hack into your accounts. That’s why you should use a password manager to generate and store passwords — you’ll only need to remember the one strong password for the vault!

    1. Two-Factor Authentication

    Suppose somebody got your social media account’s password in a data breach or by stealing the sticky note you wrote it down on. What’s to stop that person from logging in and doing you harm? Two-Factor Authentication (2FA), baby!

    With 2FA, every login has to be confirmed via another service or app, like entering a code generated by Google Authenticator, clicking a link in an email, or using a dedicated app. That way, a criminal would need a lot more than just your username and password to manipulate your online accounts. 

    1. Secure your email accounts

    The password and 2FA advice are also applicable to your email accounts. What’s more, you may also want to hide your email address itself. How? You can do it by getting a temporary email, of course.

    Most services like that will not only give you an address that doesn’t even hint at your current one but will also forward the mail to your inbox. And services like Alternative ID can do even more.

    Get Alternative ID
    Generate a new online persona and an alternative email address
    Surfshark
    1. Avoid logging into your accounts on unprotected or public Wi-Fi 

    Free public Wi-Fi is always a major draw of any location. That’s why it’s also a great draw for cybercriminals. They have ways to compromise the security of the local hotspot. From bribing employees to hosting their fake hotspots, they have ways to gather your data. 

    Of course, you can still spoil their efforts by protecting your connection with a VPN. Once your data is encrypted, it becomes useless to anyone who intercepts it.

    1. Never click suspicious links

    No matter how they’re delivered — via emails, instant messaging, private messages, appearing on your social media feeds, etc. — never click on suspicious links online. At best, you’ll get face-full spam or get exposed to a phishing attempt; at worst, you’ll get viruses and account hijacking.

    1. Purchase trustworthy antivirus software

    Antivirus software is a must to fight against malware, viruses, and other such malicious software. They can provide real-time shields against new threats to your device and offer scans that would check your system for threats already present. May we recommend Surfshark Antivirus?

    1. Do not engage in piracy

    Digital piracy is the most successful incarnation of the phrase “the best things in life are free,” but it’s not without its risks. Unlawfulness aside, pirated files and websites hosting them may not be run by charitable folk. It’s an excellent breeding ground for scams and viruses. The best thing to do is not engage in that in any way.

    1. Update your software

    An important part of software updates is patching out security issues. These are uncovered all the time as vulnerabilities are constantly discovered or created by updates, causing unforeseen interactions in the code.

    1. Be cautious with friend requests

    Just because you get a friend invite on Facebook, Instagram, Twitter, Bluesky, Discord, Steam, or literally any other platform doesn’t mean that your new “friend” actually wishes you well. Social media contacts are often used to push scams and phishing attempts. 

    How to know if your social networking account has been hacked

    Not all hackers are going to cut you off from your social media accounts instantly. Some are like parasites, happy to allow you to use the account to better maintain the illusion that you’re still the actual person posting everything. Then again, there will be signs that your social networking account has been hacked. Some signs are common to all major social media platforms:

    • Receiving emails about changing the username, password, email, or other account settings when you haven’t changed anything;
    • Having issues logging in;
    • Posts made by your account that you never made; 
    • Following or sending friend requests to people you don’t know; 
    • Sending messages that you didn’t;
    • Spotting an account that seems to be a copy of yours; 
    • Logins from unrecognized devices/locations you’re not at.

    All of these signs can apply to basically any social network. And here are some that may be specific to the platform:

    Signs that your Facebook account has been hacked

    • Posts are appearing on your timeline that you didn’t post;
    • Going to Settings, then Security and Login, then Where You’re Logged In and discovering you’re logged in in locations you don’t go to.

    You can also read detailed instructions on our dedicated blog post: How to tell if your Facebook has been hacked

    Signs that your Instagram has been hacked

    • Account suspended for spamming other users;
    • Personal details changing;
    • Posts and reels that you didn’t post. 

    Signs that your X account has been hacked

    • Mass follows/unfollows you didn’t do;
    • Comments (with spam links) that you didn’t post; 
    • Account getting locked for spam. 

    Signs that your TikTok account has been hacked

    • Your videos have been deleted;
    • New videos that you didn’t post posted;
    • Your registration phone number changed. 

    Signs that your LinkedIn account has been hacked

    • Posts on your timeline that you didn’t make;
    • Unknown invites accepted; 
    • Messages to users you didn’t message.

    What do hackers look for on social media?

    A scammer may turn to your social media profiles to gain data even without hacking — or to gain valuable information for later scam attempts. Here’s what cybercriminals may collect without doing a single bit of hacking:

    • Your name and surname; 
    • Email addresses and phone numbers;
    • Your location (country, city, address); 
    • Your date of birth and age; 
    • What you look like; 
    • Your workplace and position; 
    • Past education and employment history;
    • Your relationship status;
    • Your family’s and friends’ names and other details;

    Of course, if the hackers actually hack your account and gain the power to make posts and send messages, they may:

    • Send spam links to people you know;
    • Go through messages looking for login and financial data;
    • Post spam links on your timeline and in comments; 
    • Look for blackmail data.

    Which social media gets hacked the most?

    Hard data is hard to come by, but there are some ways to look into this. According to 2021 data from Statista, 37% of users had their social media accounts hacked. Of these users:

    • 77% experienced Facebook hacks;
    • 35% had their Instagram accounts hacked;
    • 25% experienced TikTok, Twitter and/or YouTube hacks. 

    What should you do if you’ve been hacked on social media?

    If your social media account is hacked, don’t panic and follow these steps:

    1. Change your password immediately

    A hacker can’t really use your account if they don’t have the password. So go to the social media site and change your password.

    Then, you should log out of the account on any other device it’s logged in on.

    If you used that password for multiple accounts, change the passwords on all the accounts to which it would apply.

    1. Contact the social media platform

    The support staff at the social media platform have protocols and procedures to follow in case of a hack or a breach. Contact them if you need help changing the password or if you need to take any other steps to secure your account again. 

    1. Check for any suspicious activity on your account

    Hackers may have used access to your account to post scam links in comments and send spam to you to contacts, follow pages, and so on. Make a grand tour of your account to check for such activities.

    In conclusion: stay safe on social media

    Social media platforms remain relatively insecure despite the attempts made to make them safe. Hacking them is just too lucrative a business to pass up on. That’s why you should take care of your safety online, no matter your platform. Consider starting by using a VPN to secure your data anytime you browse on public Wi-Fi.

    Maintain your safety on social media
    Your data should remain yours
    Surfshark

    FAQ

    How can a person’s social media account be hacked?

    Hackers can access your social media account in several ways: 

    • Getting your login information via a phishing attack; 
    • Stealing your logins via malware;
    • Using logins gained from a data breach.

    How do I recover my hacked social media account?

    Hacked social media accounts can potentially be recovered by contacting official support for specific social media platforms. 

    You will sometimes see commenters online offering services to reclaim lost social media accounts. Those are all scams. 

    However, not all social media platforms may allow you to reclaim your social media accounts. It all depends on the website you’re using. 

    What should I do if my social media account is hacked?

    If your social media account has been hacked:

    1. Reset your password: go to the social media website in question and reset the password via settings. 
    2. Contact the site support: notify them of what happened and listen to any advice they might give. 
    3. Inspect your messages and posting: the hackers may have used their time with your account to spam friends and other contacts.

    Why is everyone getting hacked on social media? 

    Cybercrime has been on the rise for a long time. COVID stranded a lot of people at home. They used online services a lot more often, making for a target-rich environment. And increased social media use does not coincide with increased cybersecurity awareness. 

    So hackers have more motivation to go after users on social media, using fraudulent advertisements, leaving scam comments, and sending spam links via messages. It also doesn’t help that social media companies are cutting down on security and experiencing massive leaks.