How to Recover a Hacked Twitter/X Account (2026)
How to Recover a Hacked Twitter Account
If your Twitter account got hacked, act fast. Every minute a hacker has access, they can change your email, enable their own two-factor authentication, follow spam accounts, send malicious DMs to your followers, and damage your reputation. The good news: most hacked X accounts are recoverable if you follow the right steps.
Phishing attacks targeting X accounts surged in 2025–2026, with sophisticated campaigns impersonating X's verification emails and Premium subscription notices. Here's exactly how to recover your account and lock it down.
Signs Your X Account Has Been Hacked
Before starting recovery, confirm the hack. Common signs:
- You can't log in — your password was changed
- Unexpected tweets or DMs — posts you didn't write, especially spam links or crypto scams
- Email/phone changed — you received a notification that your contact info was updated
- New follows — your account is suddenly following hundreds of accounts you don't recognize
- Missing followers — the hacker blocked or removed your real followers
- Profile changes — new bio, profile picture, display name, or header image
- Connected apps you don't recognize — unauthorized third-party access
- Login alerts from unknown locations — email notifications about sign-ins from unfamiliar IPs
Step-by-Step Recovery
Step 1: Try Resetting Your Password
If you still have access to your email:
- Go to x.com → Log in → Forgot password?
- Enter your email, phone number, or username
- Choose how to receive the reset code (email or SMS)
- Enter the code, set a new strong password
- Log in immediately
If this works, skip to Step 4 (Secure Your Account). If the hacker changed your email, continue to Step 2.
Step 2: Use the Identity Verification Form
If you can't reset via email because the hacker changed it:
- Go to help.x.com → I need login and account support → I need to regain access to my account
- Fill out the form with:
- Your original email address
- Your phone number (if it was linked)
- Your username (@handle)
- When you last had access
- Description of what happened
- X may ask for a government ID to verify ownership
- Response time: 24–72 hours for Premium accounts, 1–3 weeks for free accounts
Step 3: Check Connected Email Account
Often, hackers first compromise your email, then use it to access X:
- Check your email account's security — change your email password immediately
- Look for password reset emails from X that you didn't request
- Check your email's "sent" folder for messages the hacker may have sent
- Review your email's login history for unfamiliar access
- Enable 2FA on your email if you haven't already
If your email was compromised, recover it FIRST, then use it to reset your X password.
Step 4: Secure Your Account (Post-Recovery)
Once you're back in, lock everything down immediately:
Change Your Password
- Use a strong, unique password — at least 12 characters with mixed case, numbers, and symbols
- Don't reuse passwords from other accounts
- Consider a password manager (1Password, Bitwarden)
Enable Two-Factor Authentication
- Go to Settings → Security and account access → Security → Two-factor authentication
- Choose your method:
- Authentication app (recommended) — Google Authenticator, Authy, or 1Password
- Security key (most secure) — hardware key like YubiKey
- SMS (least secure) — better than nothing, but vulnerable to SIM-swap attacks
- Save your backup codes in a secure location
Review and Update Email
- Settings → Your account → Account information → Email
- Confirm your email is correct (hacker may have changed it)
- Make sure your email itself has 2FA enabled
Revoke All Third-Party Access
- Settings → Security and account access → Apps and sessions → Connected apps
- Revoke access for ALL apps — reconnect only the ones you trust later
- Check Sessions and log out of all devices you don't recognize
Review Login Activity
- Settings → Security and account access → Apps and sessions → Account access history
- Look for logins from unfamiliar locations or devices
- Note the times — this helps you understand the timeline of the hack
Step 5: Clean Up the Damage
After securing your account, undo what the hacker did:
Delete Unauthorized Tweets and DMs
- Remove any spam tweets the hacker posted
- Check your DMs — hackers often send phishing links to your contacts
- Consider posting a tweet informing your followers about the hack
- If your account was suspended during the hack, see our guide on how to get unsuspended
Audit Your Following List
Hackers often follow hundreds of spam or bot accounts to inflate those accounts' numbers. Use Unfollr to:
- Compare your current following list against a previous snapshot
- Identify accounts you're now following that you don't recognize
- Check if your follower count dropped — the hacker may have blocked real followers
- Track any ongoing unfollows from followers who saw the spam and left
Restore Profile Information
- Check and fix your display name, bio, profile picture, header image, and website link
- Verify your birthday, location, and other profile details
- Check your privacy settings — hackers sometimes make private accounts public or vice versa (privacy settings guide)
- Follow our full account cleanup guide to restore your account to a healthy state
Common Hack Methods in 2026
Understanding how accounts get hacked helps you prevent future attacks:
Phishing Emails
The most common method. Fake emails that look like they're from X, asking you to:
- "Verify your account" via a fake login page
- "Update your Premium subscription" billing info
- "Review a login attempt" through a spoofed security alert
How to spot them: Check the sender's actual email address (hover over it). Real X emails come from @x.com domains. Never click links in emails — go directly to x.com in your browser.
SIM-Swap Attacks
Attackers convince your phone carrier to transfer your number to their SIM card, then use SMS-based 2FA to access your account.
Prevention: Use an authenticator app instead of SMS for 2FA. Contact your carrier to add a PIN to your account.
Credential Stuffing
Hackers use leaked passwords from other data breaches to try logging into X. If you reuse passwords, you're vulnerable.
Prevention: Use unique passwords for every account. Check if your credentials were leaked at haveibeenpwned.com.
Malicious Third-Party Apps
Some apps request X permissions that are broader than needed, then use that access to hijack your account.
Prevention: Only connect apps you trust. Review permissions carefully — does a follower tracker really need "write" access? Read-only tools like Unfollr are safer because they don't require permissions to modify your account.
Session Hijacking
Attackers steal your active session token through malware, public Wi-Fi attacks, or browser extensions.
Prevention: Avoid logging into X on public Wi-Fi without a VPN. Don't install unknown browser extensions. Regularly review and end active sessions.
Prevention Checklist
Protect your account before it gets hacked:
| Action | Priority | Status |
|---|---|---|
| Enable 2FA (authenticator app) | Critical | ☐ |
| Use a unique, strong password | Critical | ☐ |
| Remove unnecessary connected apps | High | ☐ |
| Enable email 2FA | High | ☐ |
| Check haveibeenpwned.com | Medium | ☐ |
| Add PIN to phone carrier account | Medium | ☐ |
| Review login activity monthly | Medium | ☐ |
| Use a password manager | Recommended | ☐ |
| Avoid logging in on public Wi-Fi | Recommended | ☐ |
What to Do If Recovery Fails
If X hasn't responded to your appeal or denied it:
- Submit a new appeal after 30 days with additional evidence of ownership
- Contact X support on other channels — try @XSupport on a different account
- If you have X Premium, mention your subscription in the appeal — Premium accounts get priority support
- Document everything — screenshots of original account activity, emails from X, and proof of identity
- As a last resort, report the hacked account as impersonating you from a new account
FAQ
How long does it take to recover a hacked Twitter account?
If you can reset your password via email, recovery takes minutes. If you need X's identity verification process, expect 24–72 hours for Premium accounts and 1–3 weeks for free accounts.
Can I recover my account if the hacker changed the email and phone number?
Yes, but it requires X's identity verification process. You'll need to provide your original email, username, and potentially a government ID. Go to help.x.com and file a recovery request.
Will I lose my followers if my account is hacked?
Not permanently. Your follower list is preserved even during a hack. However, some followers may unfollow if they see spam posted from your account. Use Unfollr after recovery to check who left and track your follower restoration.
Should I create a new account if I can't recover the old one?
Only as a last resort. First, report the hacked account to X so it can be suspended (preventing further damage). Then create a new account and inform your community through other channels.
How do I know if a recovery email from X is real?
Real X emails come from @x.com domains. They'll never ask for your password directly in the email. When in doubt, don't click links — go to x.com directly in your browser and navigate to your settings.
Can hackers access my DMs?
Yes. If a hacker has access to your account, they can read all your DMs, including those marked as "confidential." This is why acting fast to secure your account is critical.
Final Thoughts
A hacked Twitter account is stressful but recoverable in most cases. Act fast — reset your password, enable 2FA, revoke unauthorized apps, and clean up the damage. The best defense is prevention: unique passwords, authenticator-based 2FA, and minimal third-party app connections.
After recovery, use Unfollr to audit the damage — check who the hacker followed, track any followers you lost, and monitor your account health as you rebuild trust with your audience.