How to Recover a Hacked X Account
If you need to know how to recover hacked X account access, act quickly: the sooner you respond, the better your chances of regaining control before an attacker changes passwords, email addresses, or recovery settings.
This guide explains the recovery process, what signs to look for, and how to secure the account after you get it back.
X, formerly known as Twitter, is a high-value target because it can be used for phishing, scams, impersonation, and reputational damage.
That is why a fast, structured response matters.
Recognize the signs of compromise
Before starting recovery, confirm that the account was actually breached.
Common indicators include:
- Unrecognized posts, likes, reposts, direct messages, or follows
- Password reset emails you did not request
- Alerts about new login locations or devices
- Changes to your email address, phone number, or username
- Followers reporting spam or suspicious messages from your profile
- Security settings or connected apps you did not authorize
If you still have access, do not assume the attacker is gone.
Attackers often keep a session active even after a password change if they also control your email account or connected devices.
Secure the email account linked to X first
Your email account is usually the primary recovery channel for X.
If an attacker can read your email, they can intercept reset links and regain access.
Do the following immediately:
- Change your email password to a unique, strong password
- Enable two-factor authentication on the email account
- Review inbox rules, filters, and forwarding settings
- Check for unfamiliar recovery addresses or phone numbers
- Sign out of all active email sessions and devices
Popular providers such as Gmail, Outlook, and Yahoo all offer recent activity logs and device management.
Use them to identify unauthorized access before proceeding with X recovery.
Try to reset the X password
If you can still access the account email or phone number on file, start with X’s password reset flow.
On the login screen, select the option to recover or reset the password, then follow the prompts.
When the reset email or text arrives, inspect it carefully.
If the message includes a location or device you do not recognize, continue only after securing the linked email account.
Once you create a new password, make it long, unique, and never reused on any other platform.
After resetting the password, X may ask you to verify your identity or complete additional login checks.
Follow every legitimate prompt from the official X app or website.
What if the attacker changed your email or phone number?
If the attacker altered your account contact details, standard password reset may fail.
In that case, use X’s account access or hacked account support flow.
When submitting a report, provide as much account information as possible, such as:
- Your X handle and display name
- The original email address or phone number connected to the account
- Approximate date and time you lost access
- Examples of suspicious activity
- Proof of identity if requested by X support
Be specific and concise.
Support teams are more likely to help when your report clearly shows that the account was compromised rather than simply inaccessible.
Check for unauthorized app access and sessions
Once back in the account, remove anything suspicious.
Attackers frequently use third-party apps, browser sessions, or connected devices to maintain access.
Review and remove:
- Logged-in sessions from unfamiliar devices or locations
- Connected apps and integrations you do not recognize
- Email forwarding rules or notification changes
- Suspicious OAuth permissions granted through social login
Then sign out of all devices if the option is available.
This forces every session to reauthenticate and helps prevent silent reentry.
Change every related password
Do not stop at the X password.
If the same password was reused anywhere else, those accounts are also at risk.
Prioritize email first, then banking, cloud storage, password managers, and any social platforms linked to X.
A secure password strategy should include:
- Unique passwords for every important account
- A password manager such as 1Password, Bitwarden, or LastPass
- At least 14 characters, ideally more
- A mix of letters, numbers, and symbols, or a strong passphrase
Password reuse remains one of the most common causes of account takeover.
If one site leaks credentials, attackers often test them across multiple platforms.
Turn on two-factor authentication
Two-factor authentication, or 2FA, adds a second verification step and significantly raises the cost of attack.
For X accounts, use an authenticator app or security key whenever possible.
Recommended options include:
- Authenticator apps such as Google Authenticator, Microsoft Authenticator, or Authy
- Hardware security keys that support FIDO2/WebAuthn
- Backup codes stored offline in a secure location
SMS-based 2FA is better than nothing, but it is generally less secure than an authenticator app or security key because SIM swapping and text interception are real risks.
Report impersonation, spam, and phishing activity
Hacked X accounts are often used to target your followers, customers, or coworkers.
If the attacker sent malicious links or impersonated you, notify your contacts quickly through another trusted channel.
Use a short message that tells them to avoid clicking links or opening attachments sent from your X account during the compromise window.
If a business account was involved, alert your internal security team, support staff, or social media manager.
You should also monitor for:
- Phishing replies sent from the account
- Fake giveaway or crypto scam posts
- Profile changes designed to mislead followers
- New DMs containing malicious URLs
How to prevent another X account hack?
Prevention is easier once you understand how the attack happened.
Common attack paths include phishing pages, reused passwords, malicious browser extensions, weak email security, and credential stuffing from previous data breaches.
Reduce your risk by following these practices:
- Use a password manager and unique passwords everywhere
- Keep your phone, browser, and operating system updated
- Review connected apps regularly and revoke anything unnecessary
- Avoid logging in through links in DMs or emails
- Bookmark the official X login page instead of searching for it each time
- Enable login alerts on your email and important accounts
For public figures, brands, and journalists, it is also wise to limit account access to a small number of trusted administrators and to document recovery procedures in advance.
When should you escalate the case?
If the account is tied to a business, verified identity, or paid advertising, escalate quickly when financial loss, brand impersonation, or data exposure is possible.
You may need help from legal, security, or communications teams in addition to X support.
Escalation is especially important if the attacker:
- Changed recovery details and locked you out
- Used the account to send scams to customers or employees
- Accessed private messages with sensitive information
- Attempted to take over linked email, cloud, or payment accounts
Keep screenshots, timestamps, login alerts, and email notifications.
This evidence can help support your report and document the incident for internal records.
What to do after recovery?
After you regain access, keep watching the account for a few days.
Check posts, DMs, account settings, and connected apps regularly.
Attackers sometimes leave hidden changes behind, especially if they had access for more than a few minutes.
A final post or pinned notice can also help clarify that the account was compromised if followers saw suspicious content.
Be transparent, factual, and brief.
By following these steps in order, you can recover control, reduce the chance of repeat compromise, and restore trust in your X presence.