If your Telegram account was hacked or your phone disappeared, act in this order: keep any Telegram session you still have, enable Two-Step Verification, terminate the lost or unknown device in Settings → Devices, and ask your mobile provider to block the old SIM and issue a replacement with the same number. If you are locked out everywhere, recovering control of the phone number is the first practical step. Telegram does not promise account recovery without access to the number or to an existing Telegram session.
This guide separates two situations: you can still open Telegram somewhere, or you cannot access the account at all. Do not delete the account in a panic. Account deletion is irreversible and is not a shortcut for recovering access.
Emergency action order
- Do not log out of a device that still has your account. It may be your only working session.
- Secure your phone number. Contact your mobile provider and ask them to block the old SIM and issue a replacement with the same number. If the phone was stolen, also use your device maker's remote-lock or erase tools if you had prepared them in advance.
- Enable Two-Step Verification in Telegram: Settings → Privacy and Security → Two-Step Verification. Choose a strong password and protect the recovery email as well.
- Review active sessions: Settings → Devices or Privacy and Security → Active Sessions. Terminate the lost phone and every device you do not recognize.
- Warn close contacts through another channel if the account sent messages, links, or payment requests while it was compromised. Do not forward login codes to anyone.
- Change passwords for related accounts if the lost phone or attacker could access your email, password manager, SIM account, or device unlock code.
Telegram's official instructions for a stolen phone are in its FAQ: My phone was stolen, what do I do?. The FAQ is the source for the recovery sequence above.
If you still have access to Telegram
Keep the session open and work from a device you trust. The exact labels can vary slightly between Android, iOS, Desktop, and Web, but the security areas are the same.
1. Turn on Two-Step Verification
Open Settings → Privacy and Security → Two-Step Verification and set an additional password. Telegram says a new login then requires both the login code and this password. Add a recovery email only if you can secure that mailbox with a strong, unique password and its own two-step protection.
Do not send the password, recovery email code, Telegram login code, or a screenshot of a login screen to anyone claiming to be support. Telegram's FAQ says official login codes should not be shared.
2. Check every active session
Open Settings → Devices. On some clients the same screen is called Privacy and Security → Active Sessions. Review the device type, approximate location, and last active time. Terminate:
- the lost or stolen phone;
- any browser, desktop app, or phone you do not recognize;
- sessions created around the time you noticed suspicious activity.
If you are unsure, terminate the session. Use Terminate All Other Sessions when you want to keep only the device you are using. Then check the list again after replacing the SIM and signing in on your recovered device.
3. Check what the attacker may have changed
Review your profile name, photo, username, bio, recent messages, groups, channels, connected devices, and privacy settings. Remove unfamiliar profile details or messages where possible. If you own a group or channel, check administrators and permissions. Ask contacts to ignore suspicious messages sent during the incident.
For a broader privacy review, see our Telegram privacy settings guide. It covers phone-number visibility, calls, groups, passcode lock, and other settings.
4. Protect the phone and number
Ask the mobile provider to block the old SIM and issue a replacement with the same number. Set a carrier account PIN if the provider offers one, and check whether the account has an unexpected SIM replacement or number change. These are carrier-account precautions, not Telegram features, so follow the provider's own process.
On the recovered phone, install Telegram from an official app store or Telegram's official apps page, update the operating system, use a screen lock, and enable Telegram's app passcode in Settings → Privacy and Security → Passcode Lock.
If you have lost access everywhere
Telegram's official FAQ says that the phone number is the way it identifies an account. If you have neither an existing Telegram session nor access to the number, Telegram cannot identify you through a different recovery detail.
- Contact your mobile provider immediately. Ask for the old SIM to be blocked and a replacement SIM or eSIM with the same number.
- Once the replacement is active, sign in to Telegram using the number in international format.
- If Telegram sends the login code to another connected session, check any device you still control. Never share that code.
- After signing in, enable Two-Step Verification and terminate the old or unknown sessions.
- If the provider cannot return the number, use the official Telegram FAQ and login help for the current instructions. Do not pay an unofficial "recovery" service or trust accounts that promise to bypass Telegram's login process.
Recovery is not guaranteed. It depends on regaining control of the phone number or having a still-authorized Telegram session.
How to verify that your account is secure
Use this short checklist after the emergency is over:
- Devices / Active Sessions: only your current, trusted devices remain.
- Two-Step Verification: enabled, with a password you do not reuse elsewhere.
- Recovery email: accessible and protected with its own strong password and two-step verification.
- Phone number: still belongs to you and is shown in Telegram's account settings.
- Passcode Lock: enabled on phones and computers that other people might access.
- Profile and admin rights: no unfamiliar username, bio, messages, group admin, or channel admin.
- Contacts: people who received suspicious messages know to ignore them.
Telegram's official 2-Step Verification FAQ explains the extra password and recovery email. For a separate guide to notifications and missed security alerts, see Telegram notification settings.
What not to do
- Do not share a Telegram login code, even with someone who knows your name or username.
- Do not uninstall or log out of your only active session before securing the number and terminating the attacker.
- Do not assume that changing the app password alone removes an existing device; check Devices / Active Sessions.
- Do not create a new account on a different number and expect the old chats or identity to move automatically.
- Do not use third-party bots, websites, or people who claim they can restore an account without the number or an active session.
FAQ
Can a username recover my account?
No. A username can help people find a profile, but Telegram's official FAQ identifies the phone number as the account credential for this situation. You need the number or an existing authorized session.
Should I delete the account after it is hacked?
Usually, no. First secure the number, enable Two-Step Verification, and terminate unknown sessions. Deleting an account permanently removes its data and cannot be undone.
Are Secret Chats restored on a new phone?
No. Telegram says Secret Chats are device-specific and tied to their login session. Cloud chats are different: they can sync after you sign in again.
Does a replacement SIM automatically remove the attacker?
No. A replacement SIM helps you receive login codes on the number you control. After signing in, open Devices / Active Sessions and terminate the old session.
Official sources
- Telegram FAQ: My phone was stolen, what do I do?
- Telegram FAQ: How does 2-Step Verification work?
- Telegram FAQ: I have a new phone number, what do I do?
- Telegram FAQ: Troubleshooting login and SMS
Updated: July 10, 2026.
