751 words, 4 minutes read time.
Affiliate Link
UPDATE: After months of submitting support requests and being repeatedly told I had access to my account, X finally removed the two-factor authentication that the hacker had added. I was then able to regain control of my account. The notification came unexpectedly, and by that time, I had already created a new X account.
Thankfully, I acted quickly—changing the password and logging out of all sessions—which prevented the hacker from modifying other important information on the account.
———
In January, I went through something that still hasn’t been resolved—my X (formerly Twitter) account was hacked. Like most people, I assumed my account was secure. I had a strong password, I was careful about phishing attempts, and I took basic precautions to protect it. But all of that didn’t matter. Someone gained access to my account, locked me out, and even now, after weeks of trying, I still don’t have control over it.
At first, I thought it was just a glitch. I went to log in one morning, and my password wasn’t working. That happens sometimes, right? Maybe I had mistyped it, or my browser had auto-filled the wrong credentials. I tried again. Still nothing. I went through the usual password reset process, and this time, I was able to get an email allowing me to change the password.
That should have been the end of it. Normally, when you reset a password, you regain full control of your account. But when I logged in with the new password, I ran into a wall—two-factor authentication (2FA). The hacker had enabled 2FA and changed the phone number associated with the account. Now, every time I try to log in, I get a prompt asking me to enter a verification code. The problem? That code is being sent to the hacker’s phone, not mine.
At this point, my own security settings were being used against me. I had my email, I had my password, but I couldn’t get past the 2FA barrier. There was no option to send the code to my email instead, and without access to the linked phone number, I was stuck.
I immediately reached out to X’s support system, which, if you’ve ever had to deal with it, is frustratingly slow and unhelpful. I submitted a support ticket, explained the situation, and waited. And waited. And waited. The first response I got was a generic, automated email that didn’t address my problem at all. I replied, clarifying that I was completely locked out due to 2FA, only to receive another automated response days later, asking me to verify my identity through a process that required the verification code I couldn’t access.
At this point, I was stuck in an endless loop. X’s support system assumes that if you have access to your email, you should be able to reset everything. But because 2FA was enabled and linked to a number I didn’t own, I had no way to authenticate myself. I kept reaching out, hoping to get a real person to assist me, but every response was either a dead-end automated reply or a link to generic troubleshooting articles that didn’t apply to my situation.
Meanwhile, my account was still active—just not in my hands. I could see that new posts were being made, new follows were happening, and in some cases, messages were being sent out in my name. But I had no way to stop it.
This experience has been beyond frustrating, and it’s made me realize just how broken account recovery systems can be. X does have a process in place for recovering hacked accounts, but it seems to assume that users will always have access to at least one authentication method. If a hacker is able to reset the password and immediately enable 2FA with their own number, the original account owner is left powerless.
I’ve exhausted every option available to me, and X support has been less than helpful. Meanwhile, I’ve watched as people with big followings—celebrities, influencers, and public figures—get their accounts restored almost immediately after being hacked. But if you’re an everyday user? Good luck.
So, what’s the takeaway from all this? First, don’t assume that your accounts are safe, even if you follow all the security best practices. Second, if you get hacked and lose access to your account completely, be prepared for an uphill battle with customer support. And finally, if you rely on a social media account for anything important—whether for business, networking, or just personal connections—have a backup plan. Because if it gets taken from you, there’s a real chance you might never get it back.
Disclaimer:
The views and opinions expressed in this post are solely those of the author. The information provided is based on personal research, experience, and understanding of the subject matter at the time of writing. Readers should consult relevant experts or authorities for specific guidance related to their unique situations.
i read till this thinking it would be happy end
were you able to recover your account?
Yes, but after I gave up and started a new account.