I've regained control of my hacked X account
But no thanks to X support
10 April 2026 Update: Having finally regained access to my X account it was suspended again on 5 April and I have been unable to gain access since. The message from X simply said that there was ‘suspicious activity’ on my account. As I have 2-factor authentication, I know that this time there could not have been another attempt to hack my account - I received no notification of an attempted sign-in. So this time it is likely the suspension is due to my posting articles critical of the Covid vaccine or supportive of Israel.
On 18th March 2026 I lost control of my X acount account as I described here:
How I got (limited) control of my account back
After X Support told me they could not verify that I was the account holder, I sent multiple follow-up emails. There was no response until the early hours of 24 March.
That email said they were prepared to return my account if I could provide an email address not previously linked to any X account. I did so and, after a somewhat tortuous process involving verification codes sent to that new address, I regained limited control (see below for the limitations).
Many others who were hacked in the same way have been unable to recover their accounts. If this helps anyone, I do not believe it is coincidental that a recorded delivery “Letter Before Action” I sent was delivered and signed for on the afternoon of 23 March.
It is also possible that appeals by public figures, notably my friends Leilani Dowding and Steve Kirsch may have triggered X to act.
Limitations on my account
Because X still classifies my account as “compromised,” it will not allow me to add my mobile number as a verification method. Since email is currently the only available verification route, I was unable to set up two-factor authentication for the first 24 hours after regaining access, because X initially would not send the required code to my email address.
The more serious issue, however, is the scale of the damage caused while the account was under the hacker’s control.
After sending a spam “vote for me” direct message (with a malicious link) to all my mutual followers on 20 March, the attackers began posting spam publicly. Not sporadically, but continuously: the bot was posting roughly once per second, pausing only intermittently to repost content from accounts I follow.
By the time I regained access, there were thousands of spam posts and reposts.
I reported this to X Support. They responded that all content posted during the compromise had been removed. That is not the case. Despite further follow-ups, the posts remain.
I have spent hours trying to delete them manually, but it is like trying to empty an ocean one bucket at a time. While there are third-party tools that can bulk-delete posts, they require sharing account access details, which is something I am understandably reluctant to do.
For now, anyone visiting my timeline will see little but pages of spam like the following:
One small silver lining is that these posts appear to have generated almost no impressions, which suggests very few people actually saw them. While that is reassuring, it does rather underline a separate issue, namely, just how effectively my account seems to have been shadow banned all along. Even a hacker posting at industrial scale couldn’t get any reach out of it.
Other ramifactions of the hacking
I have lost around 1,500 followers since the hack, including several large accounts.
The attackers also blocked a number of accounts on my behalf, among them some prominent users who I know had raised awareness about the hack. Given that I have also blocked accounts recently in response to antisemitic abuse, it is now extremely difficult to distinguish which blocks were made by me and which were made by the attackers.
Final thoughts
This experience has exposed serious weaknesses in X’s account security and recovery processes.
Support responses were slow, inconsistent, and at times obstructive. More troublingly, even after I reported the hack, the platform allowed automated abuse to continue unchecked, resulting in the mass distribution of malicious links via direct messages and the flooding of my account with spam.
That should not be possible on a platform of this scale, especially as many people reported my account as hacked.
Regaining access to my account ultimately required persistence, external pressure, and, quite likely, legal escalation. Many users facing similar attacks will not have those options.
If X cannot reliably protect accounts, respond promptly to verified compromise reports, and restore control without unnecessary barriers, then users are left dangerously exposed.
What’s clear right now is that when things go wrong, you will be largely on your own.
This is an excellent example of how sweeping protocols enacted automatically by AI controlled action are not at all effective in the real world.
Imagine if this had happened before all of that computer control:
I suggest that Norman would have fairly quickly managed to talk to a real human being with executive powers, for example like an old school head of accounts or someone with bank manager type powers.
It would have all been sorted out easily and quickly.
It really could be that straightforward. And this example also tells us why that doesn't happen any more, it is simply about disempowering ordinary, flesh and blood humans.
Someone from X was reading your Substack that day, I'm convinced. I wrote in the comments that the same thing had happened to me, and that I hadn't gotten any response from X for months (it was actually last August). THAT NIGHT I got an e-mail from X saying my account had been restored (I too had to go through the frustrating "sent you a code" process. It took me about three tries before I got it to work. Someone at X is following you, Norm!