Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Should I Just Hire a Hacker to Recover My Account?

Desperate times can lead to bad decisions.

Kid for Hire
(Image: canva.com)
Desperation can lead you to consider hiring so-called "legit", "ethical", or "white-hat" hackers to regain control of a your account. Don't do it.
Question: I lost access to my Instagram account. I keep seeing comments and ads for people who offer to hack my account and give it back to me. Are they legit? Do they work? Should I try them?

No, you should not.

It’s probably illegal, possibly immoral, and very likely just a scam anyway.

Even if it were legitimate, it’s just not likely to work. Even if you think of them as “good guys”, these hackers aren’t any different than the “bad guys” when it comes to how they go about hacking an account.

Become a Patron of Ask Leo! and go ad-free!

TL;DR:

Hire a hacker?

Online services work hard to prevent all hacking, good or bad. Hackers don’t have any magical back door, and all rely on the same techniques to compromise accounts by fooling the current account holder. If that account holder is another hacker, the techniques are unlikely to work. If the account isn’t being used, there’s no one to fool. The vast majority of so-called “hacking services” are scams out for nothing more than your money. Carefully follow the account recovery process offered by the service in question — it’s your best (and only) hope.

No such thing as good hacking

I’m not making a value judgment here. To the services in question — Instagram, Facebook, Outlook.com, Google, and others — hacking is hacking. There’s no difference between hackers supposedly operating for good and those causing mayhem.

These services deploy their resources to stop hackers, no matter what the hackers’ intentions are. From the service’s perspective, all hackers are bad and to be stopped.

The measures they’ve taken to stop hacking are very likely what landed you here in the first place. You’ve been unable to successfully prove you are the legitimate account holder and should be allowed back into your account.

Hackers face that same battle — be it on your behalf or as they attempt to steal your account from you.

No magic back door

My sense is many people believe hackers have some magic back door or special tricks they use to gain access to any account they like.

That’s not true. If there were such a back door, it would be quickly discovered and blocked by the services in question.

Hackers hack using the kinds of techniques we’ve been warning you about for years, like:

  • Phishing emails
  • Malicious email attachments
  • Bogus downloads
  • Telephone and confidence scams
  • Malware on your machine

Those are the tools they use to hack accounts — for good or evil.

There is no hacker magic.

If your account is in use

Let’s say you hire a so-called “ethical” hacker who is legitimately working on your behalf to regain access to your account.

If another hacker is using your hacked account, they are extremely unlikely to fall for the various techniques hackers use. They’d recognize them and laugh at the attempt.

A hacker in control of your account isn’t going to let another hacker hack it out from underneath them.

If your account is inactive

Honestly, things get worse if your account is inactive and no longer being used.

The dirty secret is that accounts don’t get hacked — people do. If there isn’t anyone using the account, then there’s no one to trick into giving away access or otherwise letting your hacker recover it.

And as I said above, there’s no magical back door that hackers can use in lieu of tricking a real, live, person.

Most hacker ads are scams

Whenever I post an account-recovery-related article, there are lots of comments from so-called “ethical” hackers offering to recover accounts for you — or fake testimonials on their behalf.1

So-called. Fake.

They’re all scams, folks. Every one of them.

They’re not hackers at all. They’re con artists taking advantage of the desperate. You can bet you’ll pay for their services upfront and never hear from them again.

Don’t fall for it.

So how do you get your account back?

You might not.

As hard as that is to hear, it’s important not to waste your time or money on things that are doomed to failure.

Here’s what you do: use the account recovery process offered by the service. It usually starts with a “Trouble logging in?” or “Forgot password?” link. Follow the process deliberately and carefully. Use all the options offered. Be as complete in your answers to the questions as you possibly can be.

The account recovery process offered by the service is the only way to get your account back.

If it doesn’t work — and you’ve taken care to be as complete and careful as you can be — then you’re out of luck.

No hacker is going to change that.

If you find yourself in that situation, I strongly recommend you learn from the experience. Figure out as best you can how you were hacked, and avoid letting that happen again. Figure out as best you can why account recovery didn’t work for you, and prepare for the next time.

One specific article I would point you to is A One-step Way to Lose Your Account Forever. It covers the steps you need to take before you lose your account to be able to recover it in the future should you ever need to.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

Podcast audio

Play

Footnotes & References

1: Especially on YouTube, for some reason. But it’s the reason I expect to have to close comments on this article shortly after publication.

10 comments on “Should I Just Hire a Hacker to Recover My Account?”

  1. If it were possible for a hacker to recover an account, it would be equally possible for hackers to steal accounts. If that were possible, accounts would be hacked left and right. When you hear of data breaches, that’s something different. In those cases the website is hacked and all the passwords are compromised. But even then, if a company is doing encryption correctly, that password database shouldn’t be crackable.

  2. If you think about it, if it were possible to have a third-party service or individual employ some technique to hack into an account (Instagram, Facebook, Google, etc.) on your behalf, why would you want to use that social media or email service in the first place?
    If it were that easy to pull off no account would be secure and the whole concept of using the internet would fail. Without safeguards in place to protect accounts it wouldn’t be of any use.
    There needs to be a greater push to educate people to ensure they know how to setup accounts and recovery methods. Or, perhaps as part of the signup process, forcing them to setup recovery methods before activating the accounts.

    • Agree 100% on all. The only “catch”, and something I see often, is that people lose access to their recovery methods (phone numbers change, email accounts are abandoned). But in the long run there’s only so much we can do to protect people from themselves.

      • I have three email accounts and one phone number associated with each of my accounts for recovery purposes. Hopefully, I won’t lose all four simultaneously. I highly recommend backups of backups. That’s a piece of account protection education.

      • One thing I’ve done is to print out my Microsoft account recovery code and a list of One Time Passwords (OTPs) for Lastpass and store them in a folder that’s kept with other personal papers, along with a spare Yubikey. One way or another, I figure I can still get in, if I need to.

  3. My account is hacked and they changed my password, I tried to recover it but it doesn’t work because they changed my recovery steps I know

  4. There is such thing as good hacking, it’s called Ethical Hacking. An example is penetration testing

    • A true “ethical” hacker will not help you recover your account. The problem is that there are many bad actors who claim to be “ethical hackers”, but are anything but.

Comments are closed.