Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Can’t I Just Delete My Hacked Account?

Chicken, meet egg.

Deleting an account you don't have access to is kind of the same as deleting an account you don't own.
Delete Button
(Image: depositphotos.com)
Question: OK, so I can't recover my account. Can't I just get Facebook to delete it? I’m afraid the hacker will do something bad with my information there and with my followers.

No.

Trust me, you don't want it any other way.

I get that it sucks that your account is out there under someone else's control, but if you were able to delete it out from under them, anyone would be able to do the same to anyone else, and complete chaos would ensue.

Become a Patron of Ask Leo! and go ad-free!

TL;DR:

Deleting a hacked account

Deleting an account requires you to have access to the account. Prevent hacks by maintaining appropriate security and prepare for problems by keeping your account recovery information up to date. After regaining access, you can choose to resume using it or delete it.

Proving you are you

The account recovery process is all about proving you are who you claim to be and that you are the rightful owner of the account.

Having successfully done so, typically by providing or using recovery information that you had previously set up in the account, you can do whatever you like. You can continue to use the account or not. You can delete the account if you so choose.

You've proven you are you, the rightful owner, and can do whatever you like with your account.

If recovery fails

If you are unable to recover your account, it's because you've been unable to provide enough information or jump through the appropriate hoops to prove you are the rightful account holder. As a result, you're not given access to the account.

This is what prevents accounts from being hacked even more often than they already are. Anyone can come along and say that they're you, but without being able to prove it, their access to your account is denied.

As it should be.

Deleting the account

If you can sign in to the account, you can delete it. Problem solved, one way or another.

If you can't sign in, and you can't prove you are the rightful account holder, you cannot delete it.

Think about it. What you're asking for is this: "Hey, I can't prove to you that I'm the owner of the account, but please delete it anyway." Facebook (and other services) would be fools to let that happen. If they did, anyone could delete any account at any time.

Chaos.

Think of how annoyed you'd be if one day your account was simply gone because someone who couldn't prove they are you was able to delete it anyway.

Severely out of luck

If account recovery fails -- if you're unable to prove that you are the rightful owner of the account in question -- you are severely out of luck. There is nothing you can do to the account, and this is as it should be. Account access should never be restored to someone who can't prove they own the account in the first place.

Your options are limited.

You may be able to report the account as having been hacked, but it's unclear if it would have any effect. I'd be shocked if it did.

Prevention & preparation

If there's nothing you can do after an account is hacked, and you're unable to prove you're the rightful owner, then the only thing you can do is learn from the experience. That boils down to two critical lessons.

Prevention

It goes without saying, but your account should never have been hacked into in the first place. There are many reasons that accounts are hacked, and I'd venture to say that the most common reason is poor security by the account holder. Things like poor and re-used passwords, falling for phishing attempts, and all the things we so frequently talk about lead to more account hacks and account loss than anything else.

So don't do that. Secure your account. You know the litany by now: long, strong passwords, each unique, used at one and only one service, and never shared with anyone. And add two-factor authentication when possible.

Do all that to minimize the chances of your next account being hacked at all.

Preparation

If your account gets hacked anyway, then you're relying on your ability to prove you are who you say you are to regain access. That means you need to ensure that your account recovery information is present (so many people don't bother) and up to date (many people have out-of-date and thus useless recovery information).

The two most important items are:

  • Set an alternate email address (or more than one, if allowed) and keep it up to date.
  • Set a phone number and remember to change it if your phone number ever changes.

Staying on top of that will maximize the chances of getting your account back should it ever be hacked.

Do this

It's a chicken-and-egg situation.

  • You want to delete the account because you've lost access to it.
  • You must have access to the account in order to delete it.

There's no way around this. Prevent this situation with appropriate security, and prepare for problems with up-to-date recovery information.

Subscribe to Confident Computing, and be even more prepared! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

Podcast audio

Play

3 comments on “Can’t I Just Delete My Hacked Account?”

  1. This happened to me on my FaceB**k account and they wanted me to take a picture of my driver’s license. I let that go because if my password is not secure then my driver’s license is definitely not secure.

    Reply
  2. Apps have to have a certificate of authenticity that is required to certify a driver through Microsoft. Why can’t an “account” have a similar certificate? Registered to the owner of the account. If you can prove with your certificate that the account is yours, you’re good to go. Do what you want with it! If not, what am I missing here?. Stocks have it. I have s birth certificate and a passport also.

    They seem to be fairly secure. And yes, stuff happens. Even Microsoft allowed 133 drivers to be hacked, and because of it many were victims, including myself getting the worst malware I’ve ever had in my 50 years of working with computers. So what will happen to Microsoft now? If you can’t trust them to get it right, then there’s no such thing as anything being secure!

    Reply
    • In a sense that’s what the account recovery code is that you can setup with many differnt accounts. You generate a code, keep it safe, and it acts as a kind of certificate as you describe.

      This is also similar to what PassKeys are about. A cryptographic certificate is placed on your machine and used to prove you are you.

      EVERY authentication scheme is imperfect in some way. And, based on my experience, don’t be at all surprised by account holder’s ability to do it wrong, or not do enough. If more people would secure their accounts properly with existing technologies, and keep them secure, this would be significantly less of an issue than it is,

      Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.