"Olli, what kind of stuff are you writing on the internet?!" The message from my friend Eva makes me wonder. On the internet? I haven't published anything there for about half a year. I navigate to the app to take a closer look. In my online profile I discover dozens of messages and comments. Apparently I uploaded a video two hours ago that shows the worst animal cruelty. Someone must have illegally gained access to my social media account and posted this video using my profile! What do I do now?*

Olli's social media account was hacked: someone unauthorized gained access to it. This allowed them to spread content in Olli's name. Cyber criminals use such hacked accounts, for example, to publish posts that damage reputations, false reports or even content with criminal consequences. They may also try to gain the trust of close contacts such as family members and ask them to support them financially in a feigned emergency.
In this case, Olli was lucky: the intruders had not yet changed the password. That way, he could still access his account. But that is not always the case. We explain how those affected can proceed.

How do I regain control of a hacked social media account?

Case 1: You can still log in.

• Change the access data for the affected social media profile as soon as possible.
• End all ongoing sessions. Such sessions may exist if you access the social media platform from different devices. Many platforms allow you to deactivate or close all ongoing logins or sessions with one click in their settings. Afterwards, the new password must be entered individually on each device when reopening the platform.
• Then change the password for other accounts, for example your email account, if you have used the same password there as for the hacked account. Use strong passwords as well as different passwords for different accounts.
• Check whether settings have been changed. For example, intruders can publish a private profile or change the email address that can be used to request a new password. Keep an eye on your profile over the next few weeks.
• Also check accounts for which you use the "single sign-on" function. This is the case if, for example, you have not created your own login data on an online shopping portal, but also log in there using the hacked social media account.

Case 2: You can no longer log in.

• Report the incident to the respective social media platform. Find out whether the platform can reset your password.
• Also change the password for other accounts for which you have previously used the same password as for the hacked account. Follow our tips for strong passwords and give each account a different password.
• Also report the incident to platforms where you log in with the hacked account using the "single sign-on" procedure described in the first case. Find out whether the platforms can deactivate the function and allow you to set your own password instead.

In both cases, you should also inform your contacts about the identity theft - preferably in person. This way, they know that content such as the video that Olli's profile shared in our use case was actually not from you. You can also report the incident to the online watchdog of the local law enforcement agency, for example your state police.

Social media profiles are not the only accounts that are interesting for cybercriminals: The BSI therefore has its own recommendations for those affected by hacked email accounts as well as for those affected by devices infected with malware.

How do cybercriminals get hold of my user data?

There are various ways in which cybercriminals obtain user data. In Olli's case, for example, the following may have been the case:

• Olli rarely uses social media apps and has not set automatic updates. Therefore, he missed several updates that were supposed to close security gaps. Criminals took advantage of this to read his data.
• Olli recently received a fake email in the name of the social media provider, a so-called phishing email. He opened a link listed there and entered his access data on an equally fake website. His access data was skimmed off in the process.
• Olli uses the same password for all social media accounts. Since cyber criminals were able to read out the data of another platform after a data leak, all his profiles are now affected.

Security measures such as strong passwords and two-factor authentication make it more difficult to hack an account. As soon as you have control over your account again, it is therefore advisable to pay more attention to the protection of your accounts. The BSI provides tips on how to protect yourself against digital identity theft.

*fictitious case