How to tell if your Twitter (X) was hacked, and what to do next: Header image
Security 7 min read

How to tell if your Twitter (X) was hacked, and what to do next

byDawna Roberts

Published:Mar 1, 2024

Updated:Oct 10, 2025

X, formerly Twitter, owned by billionaire Elon Musk, is one of the most popular social media platforms on the planet. But because of its popularity and notoriety, Twitter (X) is also a prime target for hackers. So, what happens if your Twitter is hacked?

Use this guide to learn how hackers can gain access to your X account, signs that a Twitter account is hacked, and what to do about it. Plus, we’ll cover how to stay safe in the future. 

How can a hacker gain access to my Twitter account?

Cybercriminals are finding ever more creative ways to break into accounts, steal information, and commit fraud. Unfortunately, your account could be hacked in many ways, depending on your situation and the hacker.

Protect yourself from X hacks

Moonlock analyzes suspicious messages and DMs for signs of social engineering, unusual urgency, and phishing tactics. Use it to catch X fraud early, before you click a link and hand over your account to bad actors.
TRY 7 DAYS FREE

Cybercriminals are engaging in increasingly innovative methods of hacking accounts, stealing data, and defrauding users. Common methods include:

  • Phishing scams: Spoofed emails are sent out claiming to be X. The email directs you to a spoofed login page to steal your account. Verify the sender and URL before clicking anything. If you already clicked something suspicious, follow the steps in our guide on what to do after clicking a phishing link.
  • Weak passwords: Passwords that consist of names, birthdays, or simple dictionary words are easily cracked with brute force tools. 
  • Personal data on the dark web: If your credentials were compromised in a data breach, malicious actors can buy your personal information and directly attack your X account.
  • Man-in-the-middle attacks: When you log in over an insecure public Wi-Fi network, attackers can intercept your session.
  • Malware: Keyloggers and spyware quietly steal your credentials and forward them to malicious individuals. If your device is infected, resetting passwords won’t be enough. Running a scan using Moonlock antivirus will be necessary to get rid of credential-stealing threats. 
  • SIM swapping: A fraudster will persuade your cell phone carrier to port your phone number to their SIM card, and any SMS authentication number sent to that number will be intercepted by them; a text message alone won’t protect your account. 
  • Credential stuffing: Attackers automatically test leaked username/password combos from other breaches against X. When you reuse the same passwords, a single breach elsewhere can affect your Twitter account, too. 
  • Malicious third-party apps: Some apps requesting X access exist solely to harvest your credentials or hijack your session.
Screenshot of Moonlock, a Mac security app: The Malware Scanner screen.

Signs that your Twitter account has been hacked

If your Twitter account has been hacked, you will know it soon enough. The most common scenario is to wake up one morning, see tons of unexplained activity on your account, and realize, “My Twitter got hacked!”

The following are some signs that could indicate your Twitter account is compromised.

Unauthorized tweets

If you see a bunch of tweets on your account that you didn’t post, it could indicate fraud. Pay close attention to what is posted; hackers usually include nefarious links to entice people to click so they can steal their info.

A screenshot showing the app icon for X (formerly Twitter).
A screenshot of a Twitter (X) feed.
X is a trademark of X Corp.

Strange activity

If you see multiple DMs in your account with responses you didn’t initiate, it could be a sign that something is wrong. If your account suddenly follows hundreds of new accounts, that, too, is a sign that a stranger is using your account.

You can check your account’s activity through the X app by utilizing the Apps and Sessions section. Here, you’ll see when and where recent activity has occurred. If you see activity from other countries, take it as a big red flag.

A screenshot showing how to view Twitter history.
A screenshot showing how to check for Twitter account sessions.
X is a trademark of X Corp.

Unexpected notifications

Twitter’s built-in security sends notifications when someone fails to log in or changes important settings on your account. For example, you’ll receive notifications if you change your account password or fail a login attempt. If you start getting messages like this from Twitter but you didn’t change your account password or fail a login attempt, take action immediately. 

What to do if your Twitter account is hacked

Finding out that your Twitter account is hacked is not the end of the world. That said, you will need to take quick action to fix the problem. Follow the steps below to restore access to your account and start fresh. 

Reset your Twitter password

If you can still log in to your account and the hacker hasn’t changed the password, change your password. To do this:

  1. Open the X app.
  2. Tap the profile icon at the top left.
  3. Scroll down to “Settings and privacy.”
  4. Tap “Your account.”
  5. Tap “Change your password.”
  6. Enter your current password.
  7. Type in a new, long, strong password.
  8. Tap Done at the top right. 
A screenshot showing the security settings for X (Twitter).
A screenshot showing how to change your Twitter (X) password after your account is hacked.
X is a trademark of X Corp.

How to reset your Twitter password if locked out

If the hacker changed the password and locked you out of your account, you can still regain access: 

  1. Open the X app.
  2. On the login screen, tap the “Forgot password?” link at the bottom left.
  3. Select email or phone for the confirmation code to reset your password.
  4. Enter the code.
  5. Change your password.

This method will work if the hacker hasn’t changed the email and phone numbers associated with the account. Fortunately, many hackers don’t bother to do this. 

How to report a hacked Twitter account

If someone has hacked your Twitter account and the strategies listed above aren’t helping, visit the Twitter Help Center and follow the prompts on this page to recover the account and report the fraud. 

How to recover a hacked Twitter account

To recover a hacked Twitter account, you must contact Twitter’s Help Center and follow their process. You will need to answer a few questions like, “Are you able to log into your X account?”

Preventive measures to safeguard your Twitter

Taking back control of your Twitter account is just step one. The next step is to formulate a plan going forward to keep your account safe in the future. It begins by making cybersecurity best practices part of your regular online routine. Here are a few tips. 

Turn on 2FA

Turning on 2-factor authentication on your Twitter account makes it more difficult for cybercriminals to change your password and lock you out. Use SMS sparingly, as it can be compromised by SIM swapping. Instead, use an authenticator application or security key.

A screenshot showing how to turn on 2FA on Twitter (X).
A screenshot showing how to enable a security key on Twitter (X).
X is a trademark of X Corp.

Use an authenticator app

For the strongest protection, use an authenticator app like Google Authenticator, a hardware security key, or X’s passkey option. Enable this at Settings > Security and account access > Security > Two-factor authentication.

SMS 2FA can be bypassed by SIM swapping, but authenticator apps cannot.

Be wary of phishing emails and suspicious DMs

The majority of takeovers begin with a bogus alert or counterfeit DM. Use Moonlock to check any suspicious message before clicking a link.

Screenshot of Moonlock, Moonlock Scam Detector message

Here’s how:

If the likelihood of a scam is high, Moonlock will walk you through exactly what to do next so you can respond to the fraud.

Screenshot of Moonlock, Moonlock Scam Detector scam

Use an authenticator app

For the strongest protection, use an authenticator app like Google Authenticator, a hardware security key, or X’s passkey option. Enable this at Settings > Security and account access > Security > Two-factor authentication.

SMS 2FA can be bypassed by SIM swapping, but authenticator apps cannot.

Bolster your password

Always use long, strong passwords consisting of a sequence of letters, numbers, and symbols. Do not use dates or names, and do not use passwords that one can easily guess. To make sure that credential stuffing is eliminated, use a password manager such as 1Password or Bitwarden to create unique credentials.

Never share credentials

Never disclose your credentials to anybody, not even someone you know. The cybersecurity habits of a friend or family member might not be as secure as yours.

Be wary of phishing emails

Never click on links in emails or SMS messages; you could put your information at risk. Above all, do not provide personal information or login credentials to anyone who asks for it unsolicited.

Turn on real-time protection to reduce the risk of keyloggers

Should a keylogger have been installed on your Mac, every new password can be stolen in real time. Getting access back is not sufficient, as you must eliminate the threat and completely re-secure your Twitter account following a hack. Moonlock’s real-time protection quarantines credential-stealing malware used by attackers before your information leaves your computer.

Screenshot of Moonlock, a Mac security app: The Dashboard screen.

Keep control of your device

Lock your device with biometrics such as Face ID or Touch ID if possible, and never let it leave your sight. A bad actor only needs a few seconds to make critical changes.

Never download unsafe apps, and audit the ones you already have

Check related apps at Settings > Security and account access > Apps and sessions > Connected apps. Disallow any apps you do not know or no longer need. Only download apps from trusted sites. Never use third-party sites, as unverified applications may contain malware.

Overall, your best defense against hackers is common sense. If someone contacts you out of the blue asking for information, don’t give it. A bit of caution now can save you a lot of headaches later. 

This is an independent publication, and it has not been authorized, sponsored, or otherwise approved by X Corp. X is a trademark of X Corp.

MoonLock Banner
#Social Media
Dawna Roberts

Dawna Roberts

Dawna has spent her entire career in web dev, cybersecurity, and IT. Her work has been featured on Forbes, Adobe, Airtable, Backblaze, Cyberleaf, Lifewire, and other online publications for the past ten years.
Promo Banner

You might also like

Snapchat hacked? Signs to watch for and how to recover
Snapchat hacked? Signs to watch for and how to recover your account
May 30, 2026
13 min read
How smishing works and how to spot a smishing attack: Header image
How smishing works and how to spot a smishing attack
May 16, 2026
17 min read
How to identify and remove remote access trojan (RAT): Header image
How to identify and remove a remote access trojan (RAT)
Apr 10, 2026
12 min read