Social media accounts are among the most targeted by hackers, scammers, and identity thieves. They contain a goldmine of personal information — your real name, photos, location, workplace, friends, family, and daily habits. A compromised social media account can lead to identity theft, financial fraud, and serious reputational damage. Here's how to lock down every major platform.
Why Social Media Security Matters
Social media account compromises are more damaging than most people realize:
- Identity impersonation: Hackers use your account to scam your friends and family
- Data harvesting: Your profile information feeds data brokers and identity theft rings
- Account recovery chains: Access to your social media can be used to reset passwords on other accounts
- Reputational damage: Inappropriate posts made by hackers can damage personal and professional relationships
- Stalking and harassment: Your location data, check-ins, and tagged photos reveal your habits and whereabouts
Universal Security Steps (Do These First)
Before diving into platform-specific settings, take these steps on every social media account:
- Use a unique, strong password: Every social media account should have its own password — at least 16 characters, randomly generated by a password manager.
- Enable two-factor authentication (2FA): Use an authenticator app (Google Authenticator, Authy, or your password manager's TOTP feature) rather than SMS. SMS-based 2FA is vulnerable to SIM-swapping attacks.
- Review connected apps: Go to each platform's settings and revoke access for any third-party apps you no longer use. Old app connections are a common backdoor.
- Check active sessions: Most platforms show you where you're currently logged in. Remove any sessions you don't recognize.
- Update your recovery email and phone: Make sure these are current and secure. An outdated recovery email that's been hacked gives attackers a way in.
Facebook Security Settings
Facebook is the most information-rich social media platform and the highest-value target for attackers:
Essential Security Settings
- Settings > Security and Login > Two-Factor Authentication: Enable 2FA using an authenticator app
- Settings > Security and Login > Where You're Logged In: Review and remove unfamiliar sessions
- Settings > Security and Login > Get alerts about unrecognized logins: Turn this on for both notifications and email
Essential Privacy Settings
- Settings > Privacy > Who can see your future posts: Set to "Friends" instead of "Public"
- Settings > Privacy > Who can look you up using your phone number/email: Set to "Friends" or "Only me"
- Settings > Privacy > Do you want search engines outside of Facebook to link to your profile: Turn this off
- Settings > Profile and Tagging > Who can post on your profile: Set to "Friends" or "Only me"
- Settings > Profile and Tagging > Review tags people add to your posts: Turn this on
Facebook Privacy Checkup
Facebook offers a built-in Privacy Checkup tool. Go to Settings > Privacy Checkup to walk through your settings step by step. It covers who can see your posts, how people find you, and your data settings.
Instagram Security Settings
Essential Security Settings
- Settings > Accounts Center > Password and Security > Two-factor authentication: Enable using an authenticator app
- Settings > Accounts Center > Password and Security > Where you're logged in: Remove unfamiliar devices
- Settings > Accounts Center > Password and Security > Login alerts: Turn on
Essential Privacy Settings
- Settings > Account Privacy: Set account to Private unless you have a business reason to keep it public
- Settings > Tags and Mentions > Allow tags from: Set to "People you follow" or "No one"
- Settings > Sharing and Remixing: Disable sharing of your Reels and Stories to limit content spread
- Settings > Connected Experiences > Sharing across profiles: Review and limit what's shared across linked accounts
X (Twitter) Security Settings
Essential Security Settings
- Settings > Security and Account Access > Security > Two-factor authentication: Enable using an authenticator app (note: SMS-based 2FA is no longer free on X)
- Settings > Security and Account Access > Apps and sessions: Review and revoke access for old third-party apps
- Settings > Security and Account Access > Connected accounts: Review linked accounts
Essential Privacy Settings
- Settings > Privacy and Safety > Audience and tagging > Protect your posts: Enable if you want tweets visible only to followers
- Settings > Privacy and Safety > Discoverability and contacts > Let people who have your email find you: Turn off
- Settings > Privacy and Safety > Discoverability and contacts > Let people who have your phone number find you: Turn off
- Settings > Privacy and Safety > Location information: Disable location tagging on posts
LinkedIn Security Settings
LinkedIn is especially important to secure because it contains professional information that can be used for targeted phishing (spear-phishing) attacks:
- Settings > Sign in & Security > Two-step verification: Enable using an authenticator app
- Settings > Sign in & Security > Where you're signed in: Review active sessions
- Settings > Visibility > Profile viewing options: Consider browsing in private mode
- Settings > Visibility > Who can see your email address: Set to "1st-degree connections" or "Only visible to me"
- Settings > Visibility > Who can see your connections: Set to "Only you" to prevent social engineering
- Settings > Data Privacy > Search by email/phone: Disable both to prevent scraping
TikTok Security Settings
- Settings > Security > Two-step verification: TikTok requires at least 2 methods (SMS and Email). Enable both, then the platform automatically chooses the most secure method based on your login context.
- Settings > Privacy > Private account: Enable unless you're a content creator
- Settings > Privacy > Suggest your account to others: Disable all options (contacts, Facebook friends, people who open your links)
- Settings > Privacy > Who can send you direct messages: Set to "No one" or "Friends"
- Settings > Privacy > Who can Duet/Stitch with your videos: Set to "Friends" or "No one"
Watch Out for AI-Powered Phishing
The most common way social media accounts are compromised isn't through weak passwords — it's through phishing. In 2025, over 82% of phishing operations used AI for message generation or image manipulation, and social media phishing incidents increased by 47%. Attackers now create nearly indistinguishable fake login pages and DMs — even deepfake video messages impersonating trusted contacts. Always navigate directly to the platform rather than clicking links in messages.
Audit Your Social Media Regularly
Security isn't a one-time setup. Schedule a quarterly review:
- Check active sessions and remove unfamiliar devices
- Review and revoke third-party app connections
- Update passwords if you haven't recently
- Review your privacy settings — platforms frequently change their defaults
- Search for yourself to see what's publicly visible
Protect Your Information Beyond Social Media
Securing your social media accounts is essential, but it's only one layer of your digital privacy. Data brokers aggregate information from your social media profiles and combine it with public records, making detailed personal profiles available to anyone.
PrivacyOn removes your personal information from 100+ data broker sites that harvest and sell data scraped from social media and public records. Combined with dark web monitoring to alert you if your social media credentials appear in a breach, PrivacyOn provides a complete privacy protection layer that goes far beyond what platform settings alone can achieve.