Recovering from the Worst: What to Do When Your Social Media Channel is Hijacked

Print Friendly

Recovering-from-the-Worst-What-to-Do-When-Your-Social-Media-Channel-is-Hijacked-V1 copy

By now we all know that LinkedIn recently disclosed that up to 6.5 million user account credentials were breached.

LinkedIn has claimed that no accounts have been compromised as a result of this incident. LinkedIn is primarily a site that your employees use personally and so isn’t one that CIOs necessarily need to worry about. Nonetheless it’s forced a lot of people who don’t normally worry about online security incidents to think about what to do when it happens.

For a social media marketer, there’s probably nothing worse than finding one day that you’ve lost control of your social media channel. One day your channel is giving you good interactions with your customers,  providing them with valuable information, and building a real, trusted relationship. The next day you awake to find that someone has taken over that trusted channel and is using it to spread spam and viruses, insult your company and customers, and sometimes even post and disseminate offensive materials.

The reality is that this can and does happen. Some big companies like Fox News, the Obama campaign and even Sesame Street have seen their social media channels hijacked.

It doesn’t make sense to stay up nights worrying about this happening. But if it does happen, knowing what to do can help cut through the panic and lost feeling that events like this can cause.

As someone who’s handled major incidents like this, I can tell you that recovering your social media channel and working to restore your trust consists of a few simple but key steps. If you take time now to learn these and build a recovery plan before this happens, you have your answer to the first question that arises when this happens: what do we do now?

  1. Assess the situation: Your first step is to assess the situation and understand what you’re dealing with. What channel was hijacked? Were any others hijacked? What’s being done on your channels? Build up a list of what’s been compromised so that you can use that to systematically guide your recovery efforts.
  2. Update and clean your systems: Before you work to regain control of your channels, you want to make sure that the systems that you use to manage those channels aren’t used to re-take control away from you. Some hijackings occur because of viruses on your systems, so the next step is to update, scan and clean your systems. These are things you want to always be doing on your systems, so if you haven’t been doing these two things, make sure you make them a regular practice.
    1. Ensure systems that access your channels have updates for all software: viruses often spreads through known security issues in software, so make sure you’re fully up-to-date for software updates on the systems you use for social media. Microsoft and Adobe products and Java are particular favorites for attackers. All of these have “auto update” capabilities so make sure you’ve enabled those features.
    2. Update your antivirus and perform a full scan of your systems: Running a full antivirus scan will identify and remove any viruses that may have stolen your account information and been used to hijack your channel.
  3. Regain control of your social media channel:Now that you understand the scope of the event, and have cleaned your system you can start your recovery efforts. You want to regain control of all the channels that have been hijacked and take steps to better protect your access to ensure you retain control.Each social media site has different options for account hijacking recovery, so go to the “help” section for the relevant sites and follow the instructions for regaining control of your account. Some sites offer expedited account recovery options that you can set up ahead of time  (like those I outlined for Facebook): use those if you’ve set them up. If you haven’t already, you also want to go ahead and implement enhanced security where you can to help you retain control. Specifically, look to implement these options where you can:
    1. Implement a strong password (this Microsoft guide can help you build a strong password)
    2. Implement security questions that are hard to guess or answer through research on the Internet (e.g. don’t use your high school name if it’s on your LinkedIn profile)
    3. Configure the site to use a secure connection (HTTPS) where available
    4. Utilize two-factor authentication where possible (for example, Google and Facebook offer two factor authentication)
  4. Notify your customers:When something like this happens, it happens in full view of your customers, so transparency is the rule. Your customers can see that your channel has been hacked: don’t try to cover it up. Once you’ve gained control, use your channel to let your customers know that your channel was hacked but that you’ve regained control.Apologize and let them know that you’re working to address the issue and take steps to ensure it doesn’t happen again. Your tone should be contrite and factual. Be concise and clear. If this is a complex or ongoing situation, go early with a message showing you’re in control and handling the situation and follow up later with more details.Every company that has followed this playbook for communications has come out of these situations with credit for their handling of the situation. Depending on the complexity and severity of the issue, you may also want to consider bringing in expert help around communications in online security and privacy incidents.
  5. Clean up your social media channel: Once you’ve taken control of your social media channel and the situation by communicating with your customers, you can focus on “clean up”. What you do here will depend on what your attacker did with your channel while they had control. Quite simply, you want to undo as much of what they did as you can. Here too, you may want to consider bringing in expert technical resources to identify and undo all the damage to your channel. Clean up can be a lengthy process but it’s important to take the time to do it right and remove all traces of the attacker’s malicious activity.

Following these steps will help you regain and retain control over your social media site after a successful hijacking. But while the goal is to undo what the attacker’s did to your site, once you’ve accomplished this, then the hard work begins: working to rebuild trust with your customers.

By following these steps quickly, efficiently and most of all, with open, clear communication, you’re as well-placed as you can be to begin rebuilding that trust. A key step in rebuilding that trust is taking steps to ensure that a situation like this never happens again. Implementing these online security practices can help.

Of course, there’s no reason not to take the time to review these steps today, build a plan to handle this situation should it arise and most of all, implement these online security practices now, before something bad happens.

Has your company built a social media account recovery plan to prepare for the worst in advance?

Christopher Budd
This monthly Social Media & Online Security column is contributed by Christopher Budd. Christopher works for Trend Micro, an Internet security company, and is an expert on communications, online security, and privacy. Christopher combines a former career as an Internet security engineer with his current career in communications to help people bridge the gap between the technical and communications realms and “make awful news just bad.” Before Trend Micro, he worked as an independent communications consultant and, prior to that, as a ten-year veteran of the security response group at the Microsoft Corporation. +Christopher Budd
Christopher Budd


Communications professional focused on online security/privacy, technology, social media and crisis communications.
@GavinDonovan @marknca @LinkedIn seems to always be trying to be more than it is. Reminds me of @google and Google+ - 1 month ago
Christopher Budd
LinkedIn Ebook


  1. says

    Christopher, I am curious to know what’s the worst situation you have ever handled?

    I mean, losing control of either your Twitter or your Facebook account is bad, but it’s not the end of the world. But what if there is a concerted attack by someone determined to cut you off from your customers? Has it ever happened that everything- social media, email password, customer list, blog password-the whole enchilada has been taken away?


    • says

      Thanks for the comment.

      Truthfully, the worst situations I’ve handled I can’t talk about. :)

      As you say, losing control of social media is painful but it’s not a direct impact to a business the way financial fraud or loss is.

      By and large there’s a hard break between actions that are intended to cause repetitional harm (like social media hijacking) and those that cause more tangible financial harms. Attackers will typically focus on one or the other.

      If someone is gunning for you such that they’re determined to take down all channels, then you’re looking at a very serious situation and one where you’ll need professional help. In security we always say that a truly determined attacker will succeed if they set their mind to it. If that happens you need active protections in the form of active, expert assistance.

  2. says

    I am one of them (Linkedin password leak) but luckily nothing happen. Admit is there is no privacy and 100% security online. When your profile goes online, everyone knows it. And the social media marketing channel recovery plan is very important.

Please Leave a Comment!