TikTok Account Hacked: How to Recover Access and Stay Safe

Recognizing a hack early gives you the best chance of recovery. Watch for these warning signs:

• Password no longer works – if you can't log in despite using the correct password, someone may have changed it.
• Email or phone number changed – check any notification emails from TikTok about account changes you didn't make.
• Unfamiliar videos posted – attackers sometimes post content to promote scams or redirect your audience.
• DMs sent to your contacts – hacked TikTok accounts are often used to send phishing links or scam messages.
• Profile information changed – username, bio, or profile picture modified without your knowledge.
• Login alerts from unknown locations – TikTok may notify you about sign-ins from unfamiliar devices.

If you notice any combination of these, treat it as a confirmed compromise and take immediate action.

The first minutes after discovering a hack determine your recovery chances. Here's what to do right away:

• Try to log in – if you still can, change your password immediately to something unique and strong.
• Check your email – look for any TikTok notifications about password or email changes. Some may contain links to reverse recent changes.
• Log out other devices – in TikTok settings, go to Security → Manage Devices and remove any sessions you don't recognize.
• Secure your email account – if the attacker got into TikTok through a compromised email, securing your email comes first.
• Don't panic-post or announce – announcing a hack publicly can alert the attacker to move faster.

If you can't log in at all, move to the recovery process.

TikTok's recovery is primarily handled through the mobile app. Here's how to approach it:

• Open TikTok and tap "Log in"
• Tap "Use phone/email/username" and then select the "Log in with phone number" option
• Enter the phone number linked to your account – TikTok will send a verification code
• If the phone number works, you can reset your password from there

If the phone number method doesn't work, try the email recovery option. TikTok will send a code to the email address on file. If neither works because the attacker changed both, you'll need to go through TikTok's support process.

Use the same device you normally access TikTok from, as this may help the system recognize you as the legitimate owner.

When the attacker has changed both your email and password, standard recovery becomes significantly harder. Here's your approach:

• Check for reversal links – TikTok sends email notifications when account details change. If you act fast, some of these contain options to undo the change.
• Try your phone number – even if the email was changed, the linked phone number may still work for verification.
• Use the "Need help?" option – on the login screen, tap "Need help?" or "Can't access my account" to enter TikTok's guided recovery flow.
• Gather evidence of ownership – screenshots of your profile, original email confirmations from TikTok, or any other proof that you're the account owner.

The key is to avoid random attempts from multiple devices. Consistency from a single, trusted device works better. If you're stuck, review our guide on what to do when account recovery doesn't work.

If in-app recovery fails, TikTok's support team is your next step. Here's how to reach them effectively:

• In-app report – go to Settings → Report a Problem → Account and Profile → Can't log in
• Online form – visit TikTok's support website and submit a detailed request with your username, linked email, and a description of what happened
• Be specific – include dates, what changed, and any evidence of ownership you have

TikTok's support response times vary – it can take anywhere from a few days to several weeks depending on the complexity and volume of requests. During this time, do not create a second account with the same phone number, as this can complicate recovery.

Keep all communication with TikTok documented. If you don't hear back within a reasonable time, submitting a follow-up request is acceptable.

Once you regain access, don't stop at just changing the password. A thorough security review prevents repeat incidents:

• Set a new, unique password – never reuse passwords from other platforms.
• Verify linked email and phone – make sure both are yours and secure.
• Remove unknown devices – check Manage Devices and log out any sessions you don't recognize.
• Review third-party app connections – revoke access for any apps you don't use or recognize.
• Check for posted content – remove any videos or comments the attacker may have posted.
• Alert your followers – if scam content was posted, let your audience know the account was compromised.

For a comprehensive approach to securing all your accounts, see our guide to protecting social media accounts.

Enabling two-factor authentication is one of the most effective things you can do to protect your TikTok account. SMS-based 2FA is the most practical option – it works reliably and doesn't require any additional apps.

To enable 2FA on TikTok:

• Open TikTok and go to Settings → Security → 2-Step Verification
• Select SMS as your verification method
• Confirm your phone number and enter the verification code

Once enabled, TikTok will require a code sent to your phone whenever someone tries to log in from a new device. This means that even if your password is compromised, the attacker can't access your account without your phone.

To learn more about how 2FA works and why it matters, read our guide to two-factor authentication.

Some TikTok hacks go beyond what self-service recovery can handle. Consider professional help if:

• TikTok support hasn't responded after multiple attempts
• The attacker changed all recovery details and enabled 2FA
• The account is monetized or has significant business value
• You suspect the breach extends to your email or other platforms
• Scam content was posted and your reputation is at risk

In these situations, a structured professional approach saves time and prevents further damage. RelyShield helps when standard methods fail – with clear process and transparent pricing.