First, ask yourself these two questions:
1) Am I 100% sure I have not forgotten my password?
2) What makes me think I have been hacked?
If you have been hacked and can no longer access your Twitter account:
Secure your email account. If you lost access because the hacker has changed the password, you must contact your email provider in order to initiate an identification process to recover your account. This step is crucial to re-accessing your Twitter.
Fill out a support request. You can find the form here. Twitter will ask for your username, the email address linked to your account, and a description of your issue. Although you should not include any private information in your request, make sure to add the last time you recall having access to your account.
Only submit one support request, as multiple requests will merely delay your account recovery. Twitter answers them chronologically and will only respond to the last one.
When you get an automated email saying that Twitter has created a support ticket, make sure to quickly answer that email or else Twitter will think you solved your problem and then close your ticket.
Some typical signs include:
Blocked access— You may be suddenly logged out of your account and can no longer access it as your email, phone, username, and/or password are different.
Security email from Twitter— You've received an email alerting you about an email address change.
High data usage— Like longer screen time, a higher-than-usual data usage on the app can signal an account breach.
Suspicious behavior— Any odd tweets/retweets/comments/direct messages sent from your account that you don't recognize can indicate compromise. This can also include following unfamiliar accounts.
The best way to review all of your profile information is to access your Twitter data. This will allow you to examine your connected devices, your login activity, and even your locations while using Twitter.
If you have been hacked but can still access your Twitter, immediately:
Change your account password. Make it strong and unique, and do not share it with anyone. It should be changed every 6 months and can be stored in a password manager.
Enable two-factor authentication (2FA). You can do this directly from your account settings. You may choose from an authenticator app, a security key, or SMS verification codes.
💡 Tip: If you already have 2FA activated but you selected SMS verification codes as your backup method, you should switch to a third-party authenticator app instead as the hacker can intercept the code sent to your phone. However, if you use the authenticator app method and lose your phone, you will need to have access to your backup codes or else you will be unable to enter your account.
Log out of devices you don't use. Remember to sign out of your account if you are not on your primary personal device. This not only includes public computers, but also extends to a friend or relative's device.
Check third-party access. You should remove access for third-party apps and websites you no longer use or trust. You can review them in your account settings under Apps and sessions.
Secure your email account. Change your password so that it is strong and also different from your Twitter one.
Things to keep in mind with Twitter:
You need access to the email address linked to your account, otherwise you will not be able to reset your Twitter password and fully recover your account.
You need to submit a support request if you cannot access your account. Immediately answer the automated email to prevent Twitter from closing your ticket.
Do not submit more than one support request, as that will only delay your account recovery.