How to Tell if Your X Account Has Been Compromised
If you are trying to learn how to check if X account was hacked, the first step is to look for changes you did not make.
X account takeovers often start quietly, with a password change, new posts, unfamiliar follows, or login alerts that seem easy to miss.
This guide explains the most reliable signs of compromise, how to inspect account activity, and the fastest recovery and security steps to take if something looks wrong.
Common Signs Your X Account May Be Hacked
A compromised X account usually shows one or more of the following warning signs.
Some are obvious, while others only appear when you inspect account settings and login history.
- Posts, replies, or DMs you did not send
- New follows or unfollows you do not recognize
- Password or email change notifications
- Login alerts from unknown devices or locations
- Profile changes such as name, bio, website, or avatar edits
- Security settings that no longer match what you set
- Followers reporting spam, scam links, or suspicious messages
- Sudden lockout from your account
Any one of these signs can indicate unauthorized access.
Multiple signs together usually mean the account should be treated as compromised immediately.
How to Check if X Account Was Hacked
To verify whether your X account was hacked, review the account from the inside and from the outside.
Start with the easiest checks, then move into security settings and login-related information.
1. Review your recent posts, replies, and DMs
Check your timeline, replies, reposts, and direct messages for anything you did not create.
Hackers often use compromised accounts to send scam links, promote crypto fraud, or message followers with phishing attempts.
If you see suspicious activity, capture screenshots before deleting anything.
This can help if you need to report the incident later.
2. Check your profile details
Look at your display name, username, bio, profile photo, header image, website link, and location.
Attackers may make subtle changes to make the account look legitimate while using it for spam or impersonation.
Even small edits matter.
A changed website field or unfamiliar bio link can be a sign that someone else has access.
3. Inspect account email and phone settings
Open your account settings and verify that the recovery email and phone number are yours.
If these have been changed, the attacker may be trying to keep you out of the account.
Also check whether alerts are being sent to an email address you do not control.
That can reveal whether the account recovery pathway has been altered.
4. Look for login alerts and active sessions
X may send notifications when a new login occurs.
Review any security messages for unfamiliar devices, operating systems, or locations.
If X shows active sessions or connected devices, sign out of anything you do not recognize.
Unusual login data, especially from another country or a device you have never used, is one of the strongest indicators of compromise.
5. Confirm connected apps and third-party access
Many account takeovers happen through OAuth-based third-party apps, browser extensions, or services connected to X.
Review the apps with access to your account and remove anything unfamiliar or unused.
Be especially cautious with apps that request broad permissions, such as the ability to post, read messages, or manage your profile.
6. Ask trusted contacts if they noticed suspicious activity
If your account was used to DM followers or post malicious content, trusted contacts may notice before you do.
Ask whether they received strange links, odd messages, or requests that do not sound like you.
This external check is useful because attackers often target your network as soon as they gain access.
What to Do Immediately If You Suspect a Hack
If your checks suggest unauthorized access, act quickly.
The sooner you secure the account, the less damage an attacker can do.
- Change your X password immediately
- Change the password for the email account tied to X
- Enable two-factor authentication using an authenticator app or security key
- Log out of all active sessions and remove unknown devices
- Revoke access to unfamiliar third-party apps
- Review and correct profile, email, phone, and recovery settings
- Delete suspicious posts or DMs after documenting them
If you cannot access the account, start account recovery as soon as possible through X’s login help and support flow.
Use the most current recovery email and follow the verification steps carefully.
Why X Accounts Get Hacked
Understanding the common causes helps you identify how the breach may have happened and how to prevent another one.
- Phishing emails or fake login pages that steal credentials
- Password reuse across multiple sites after a data breach
- Malicious browser extensions or untrusted apps
- Weak passwords that are easy to guess or brute-force
- Compromised email accounts that control X recovery options
- Social engineering tricks that convince users to share codes or login links
In many cases, the X account is not the first target.
Attackers often compromise email or a connected app first, then use that access to take over X.
How to Secure Your X Account After a Breach
Once you regain control, focus on closing every possible entry point.
A partial cleanup is not enough if the attacker still has a password, token, or recovery path.
Use a unique, strong password
Create a password that has not been used anywhere else.
A password manager can generate and store a long, random password that is harder to crack and easier to manage.
Turn on two-factor authentication
Use an authenticator app or hardware security key rather than SMS when possible.
These methods are more resistant to SIM swapping and message interception.
Check your email account security
Because email often controls password resets, secure the associated email account with a new password, 2FA, and a review of recovery options.
Remove any unfamiliar forwarding rules or recovery addresses.
Audit connected devices and app permissions
Remove old phones, tablets, browsers, and third-party apps you no longer use.
If a token or session was stolen, revoking access is often necessary to fully block the attacker.
Warn your followers if needed
If the account sent spam, phishing links, or scam messages, post a short warning once the account is secure.
This helps reduce harm to followers who may have clicked suspicious content.
How to Reduce the Risk of Future X Account Takeovers
Preventing repeat incidents depends on basic account hygiene and careful behavior around links, apps, and login prompts.
- Never reuse passwords across important accounts
- Avoid logging in from public or shared devices
- Check the URL before entering credentials
- Only install trusted extensions and apps
- Review security settings regularly
- Keep your phone, browser, and operating system updated
- Be skeptical of urgent messages asking for codes or logins
For high-profile users, brands, and creators, it can also help to use a dedicated business email, limit admin access, and maintain a written recovery plan for social accounts.
When to Contact X Support
Contact X support if you cannot reset your password, the attacker changed your recovery information, or the account is actively posting harmful content.
Include screenshots, dates, and a clear description of what changed.
The more precise your report, the easier it is to show that the account was compromised and that you are the legitimate owner.