The results of an account compromise can be devastating. If one of your social media accounts are compromised, do the following things: take action, assess and contain, and protect.
Take action: Regain control of the compromised account
- Report the suspected compromise to the social media provider. Most providers have mechanisms (web links or contact numbers) to report compromised accounts.
- Follow on-screen instructions in the “forgot my account” or “account recovery” page to begin the recovery process.
- Update your password to something new, strong, and unique. Better yet, use a passphrase.
- Verify the email address and mobile number associated with the social media account.
- Log in to any email account associated with the social media account and change the password to something strong and unique..
Assess and contain any damage
- Delete any information posted by the threat actor once you regain control.
- Change the compromised password immediately if you used it for other accounts, as the threat actor may use it to access those accounts.
- Use the auditing services that your social media accounts provide, which outline information such as recent activity and devices used to log in to the account.
- Review privacy and security settings to see if they were changed.
- Verify which applications and devices are currently connected to your social media account.
- Review any personal information stored in the affected account as it may be compromised.
- Treat strange or unsolicited personal messages, emails, and texts with suspicion, particularly if they contain a link, attachment, or request account information such as your password.
- Enable account access notifications.
- Use unique passwords or passphrases for all social media accounts.
- Use multi-factor authentication (MFA), if available.
- Review your privacy settings. Set them as high as possible for your campaign work.
- Use only a trusted device to access your online accounts. Untrusted devices such as hotel business stations may be infected with malware designed to capture sensitive information.
- Use hardware-based tokens to store sensitive information like passwords. You may also use tokens in the authentication process for some social media platform providers.
- Close old or unused social media or email accounts as threat actors can use these accounts to gather information, target contacts or impersonate you.
If you need to recover access to your social media, be aware that threat actors often use the recovery method to hijack account access. Any secondary account used for recovery, such as email, should be secured by a password that is not shared and protected by MFA. If the account recovery method uses personal questions, do not have answers that your social media pages easily provide.