Social media account theft is not a crime on its own; Combination of TCK art.243 + 245 and 158/1-f, if any. The first step is in-platform rollback; then prosecutor's complaint + compensation.
Platform refund processes
| Platform | Duration | Contact |
|---|---|---|
| 24-72h | Account recovery + selfie video | |
| 3-14g | Full authentication | |
| X / Twitter | 3-7g | With admin approval |
| TikTok | 2-5g | Selfie + ID |
| 5-10g | ID + selfie for blue tick | |
| YouTube | 1-7g | Google account recovery |
Complaint from the prosecutor's office
- TCK article 243: Unauthorized entry into the information system.
- TCK article 245: Bank/credit card abuse (if there is a registered card).
- TCK Article 158/1-f: If fraud has been committed against followers through the account.
- TCK article 244: Changing account content (system disruption).
Compensation case
- Financial: Loss of product/subscriber income received through the account (loss of blue ticks, loss of sponsorship).
- Moral: Damage to reputation.
- Defendant: If the perpetrator has been identified; If not identified, the platform as a "third party".
What does the prosecutor's office do if the name and surname cannot be determined?
Receives IP logs from the platform with CMK m.134; Country source determination with MLAT. Long processes for IPs outside Türkiye.
2FA was active, they stole it — is the platform responsible?
2FA bypass usually occurs via SIM swap (phone transfer). Operator (Türk Telekom, Vodafone, Turkcell) liability — operator KYC deficiency negligence. A separate lawsuit may be filed.
They defrauded followers through the account — am I responsible?
No, you are a victim. However, if your followers demand compensation from you, the "account theft verified by the platform" report is critical evidence.
There were posts that damaged my reputation — what should I do?
5651 m.9 access block + complaint to Twitter/Instagram + lawsuit for non-pecuniary damages. Deleting shares + archive control when the account is retrieved.
Is it the platform or me that is negligent?
Common flaw theory: Password difficulty, 2FA active, e-mail security is on you; Phishing protection by the platform, account recovery protocols by the platform.
Relevant legislation
- TCK art.243 — Entering the information system (1-3 years + criminal money).
- TCK Article 244 — Preventing/disrupting system operation (1-5 years).
- TCK art.245 — Bank/credit card fraud (3-6 years).
- TCK art.158/1-f — Qualified fraud when the information system/bank/credit institution is the tool (3-10 years).
- CMK article 134 — Computer search, copying, seizure.