1. Mark Jacobs

    To back up your contacts list, most email providers have a function to export your address file. They often give you a choice as to which format to export to such as LDIF, VCF of CSV (comma separated values, which can be read by Excel and most other spreadsheet programs).

  2. Me

    People i know sometimes get their accounts hacked and ask me for advice. I also tell them its a good idea to virus-scan their machine with a secondary antivirus (MalwareBytes Anti-Malware is the one I recommend most times) before changing passwords. Because if there is a keylogger can pick up password changes otherwise.

  3. Pat Diesel

    My contact list was hacked. I was notified through my yahoo account. The invaded(it came from a different country-with a IP address(can I tract the IP address or can I turn the IP address) in that they used) used a deivce and was able to spam my contacts. I changed my password and I have changed it before. This is the third time it has happend to me. Maybe I should change to a different type of service.

  4. RGT

    The following could be added to 4. Check Related Accounts:
    ” Since PayPal does not require the using of the security code on the back of your credit card, if hackers are able to access your PayPal account they can easily make charges to your credit card. I have had this happen to my PayPal account.”
    That is why I refrain from using PayPal and any other online business which does not go the extra step to protect its customers.

  5. DT

    >> Maybe I should change to a different type of service.

    You probably need a better and longer password.

    I recommend to people they pick 3 things they would never forget, like favorite color, dog’s name, and first child or some other name, etc, then pick a number you’d never forget like last 4 of your SSN, and then mix them up, maybe something like,


    If your email service can take this long of a password, you’d be wise to make up some kind of similar rules for yourself that are easy to remember, and then follow it.

    Also, *NEVER* reuse your email password as the password for any other account.

    Make slightly different password rules for your bank and other accounts.

    • eb_p1

      never using email password for another account, or perhaps for another email account is probably a good idea, but maybe not so much any kind of password with a contextual base. You’d be surprised how easy it is to crack, and even when you’ve got a seemingly secure password. Combination of Alpha-Numberic-Symbol (avoiding quotes) is the best way to go – 16 characters. Sign up for a free email certificate at comodo, so you can send secure email – there are lots of online javascript password generators that are designed for the purpose of defeating keyloggers, so they don’t get to your password from the get-go, copy and paste (cntl + c, cntl + v) passwords in a secure email to yourself and file it away. Hackers wont tell you that they are sitting in your email, so if you don’t lock it down, or simply don’t see activity – this doesn’t mean anything (if you become a target – they’ll simply hack your new password, and wait until you put your new bank password in an email). If passwords are important to you, consider a program designed to store and retrieve passwords, like 1password, and never enter personal and financial information from an email, that’s what customer support is there for, to help you.

  6. Denis P

    Great article. I like the detail this article has,it’s very informative. I will be forwarding the Link to many seniors that I try to keep up to date on computer and Internet security.

  7. Mike

    I really, REALLY gotta wonder about all these people who’ve had their free email accounts hacked. Sure, there’s malware, password stealers, but it’s a lot like crossing a busy street. A LOT of the danger is avoided just by basic simple precautions, like looking for a break in traffic. Over the last 20 years, I’ve never had an account hacked, never had personal information compromised, nor ever used any stronger password than the same simple 7-LETTER one wherever I’ve been allowed to use it. I suspect a majority of these hacked accounts have been willingly shared with others. Any secret that’s known by more than one person is no longer a secret.

  8. Gary Michaels

    Mike – you are very lucky. I have had strong passwords for years (14 characters) and STILL a hacker managed to hack two of my email accounts — a Microsoft Live (Hotmail) account and an “” account. I only found out when the hacker sent spam email — to my small business email account! I did some research and found that the hacker was located in Belgium and was using a smart phone at the time! How could he (or she) have found out my password? I’m not even sure how (or if) he got access through the “forgot my password” link offered. This also happened to my ex-wife’s Yahoo account (she had a much weaker password – only 10 characters. It was the same hacker IP address in Belgium. There are many ways to get your password; yes, it could be as simple as a password reset, but there are insidious programs that send your password to the hacker. In my ex-wife’s case, I found out through Malwarebytes that the computer had been regularly sending out an “outbound IP request” to this same IP address in Belgium. There was a small program capturing passwords on her PC. I finally was able to kill the process with TDSSKILLER, which I believe Leo had mentioned. Leo, keep up the good work — this is the most comprehensive article I’ve seen on email hacking; I hope people will heed your advice. Unfortunately, one can’t always back up email — I was able to use SeaMonkey’s (Firefox platform) email to grab my emails from, but Yahoo won’t allow you to download using POP unless you have a paid account.

  9. Mike W.

    Seems like most if not all of these people who have had there email account hacked use an online email account. I have never heard of a Thunderbird or Outlook Express account hacked. Maybe these people should switch to Thunderbird, Outlook Express or some other PC based email account. Just a thought!
    Mike :-)

  10. krktoday

    It seems to me if someone can figure out your password is something simple they can also figure out something hard. A person has to have a way of actually seeing your password to figure it out. If I decide my password is going to be I like duck’s I don’t see how a guy in Maine is going to figure that out. He is going to have to have a way to see it and if my password had 20 character’s wouldn’t he still see it?

  11. Mark Jacobs

    You’re comparing apples and oranges. Thunderbird and OE are email programs which are used to access online email accounts, which can be Hotmail, Yahoo etc. These people who are having problems with their emails being hacked may also be using an email clients such as Thunderbird or Windows Live Mail. It doesn’t really make any difference whether they use an email client or access their email through a web based interface.

  12. Mark Jacobs

    It’s not so much a question of someone figuring out your password. Hackers use programs that have different techniques to guess or crack the passwords, such a dictionary attacks, in which case ‘I like duck’s’ would be cracked in milliseconds or brute force where all combinations of characters are tried until they succeed. A long password can take an exponentially longer time to crack. This article on Ask Leo explains how this works. How long should a password be?

  13. Shayne @ Should I Change My Password

    This is probably the most common question we get asked at People learn they’ve been compromised, and then panic and are not sure what to do. Glad it’s been answered!

  14. BaliRob

    I have posted the following here before but nobody seems to notice. Beware a Yahoo IDENTICAL sign-in tablet/page which suddenly breaks your Yahoo email connection and presents you with an immediate opportunity to re-login which, in the circumstances without thinking, I did. The offenders were our Canadian ‘friends’ who are the largest sex pill spammers probably on the Net. I checked my login history and found that two Canadian entries adjacent to each other had carried out this operation two days before my Contact List was hijacked with 50% of my friends receiving one spam letter and the other 50% another. I told Yahoo but they made it difficult for me to copy the entry and send it to them. Surely, their computers can recognise this sort of attack especially when the two Canadian entries are surrounded ONLY by Indonesian traffic. I recommend to Yahoo users to use the sign-in feature (which I had ignored until then) which will absolutely prevent this trap I fell into. Luckily no other damage was done to my account but I was embarrassed to say the least.

  15. Glenn P.

    Seems to me that someone can’t count: Someone said “Seven” things you need to do now, and then actually named NINE things!

    …Heh heh heh heh heh!     :)

    That’s on purpose. Numbers 8 and 9 aren’t really specific steps.

  16. Al Kubeluis

    Hi Leo
    … Another excellent, comprehensive article. Thank you.
    … I use a 4 character password to login to my iPad and Xoom tablets. I would appreciate your thoughts and recommendations.
    … Al

    If you mean a numeric PIN that you type in to unlock the device – I do too, but I struggle with it. That’s different than an online account, though, and really only protects the device if it’s physically stolen, so I’m kind of OK with it. But those types of on-screen PINs are apparently quite hackable (using, of all things, the smudge patterns on screens). As always longer is better, for sure.

  17. Bob

    Something that may be related to this:
    A friend of mine has had their Yahoo account spam people (including me) on at least two occations, but only when they logged in to the Yahoo chat program. it is as if within seconds of them logging in, the program itself starts sending out e-mails promoting dubious links.
    Could this be a virus that only attaches itself to chat programs? It wouldn’t need to know your password as you have just provided it (though that wouldn’t stop it passing it on for future reference).

    Certainly anything is possible, but more likely using the chat program somehow allowed the password to be hacked or sniffed and a hacker took control quickly.

  18. butch

    Leo A friend sent me this in responce to a queston I asked. Thought it may be a good add on for this article. Thanks
    Hackers work like this –
    – Most people dont want to have a password of more than 10 digets because it is a pain in the ass to remember or type when confirming their email addy – so they try to keep their password short.

    – Hackers know this, so usually they only hack passwords with 10 digets or less, because the hacking programs that they use, usually only show up to 10 digets – or 3656 TRILLION possible combinations.
    Plus it takes time to hack someone.

    One diget could be any of 26 letters or 10 numbers = 36 – [times 36 for each additional diget].

    My computer calculates any program at 18 million digets per second.
    This means that I can calculate the first diget in someone’s password in about 3/100 of a second.
    For each additional password diget, the calculating time is SQUARED.
    [The hacking program must read the entire program over and over for each possible diget.]

    IE: diget one = 3/100 second or .3 seconds [total program run time .03 seconds]
    – diget two = 9/100 second [total program run time .12 seconds]
    – diget three = .81 seconds [total PRT aprox 1 second]
    – diget four = 6.5 seconds [total PRT aprox 7.4 seconds]
    – diget five = 71 seconds [ttl PRT aprox 78 seconds]
    – diget six = 84 minutes [ttl PRT aprox 85 minutes]
    – diget seven = 1.96 hours [ttl PRT aprox 3 hours]
    – diget eight = 3.8 hours [ttl PRT aprox 6.8 hours]
    – diget nine = 14.6 hours [ttl PRT aprox 21 hours]
    – diget ten = 213 hours [ttl PRT aprox 234 hours or 10 days]

    If you have a password with 12 digets, then the hacker has to spend time ‘manually’ figuring out what the last 2 digets are.
    This could be any of 1296 possible combinations [36×36], and that takes time.

    If you have a 15 diget password, the hacker has to ‘manually’ figure out the last 5 digets, or over 60 MILLION possible combinations.
    – [36x36x36x36x36]
    This takes a long long time – and most hackers wont bother, just to SPAM you and your contacts.

    Sometimes I might use a password that says – ‘your’computor’is’now’infected’ – 25 digets, or 221 BILLION TRILLION possible combinations.
    – Good luck hacking that one.
    Not to mention that the hacker may spend additional time looking for the computer virus.
    LOL :-)

  19. Karin Friedemann

    Good advice but came to late for me… My additional advice would be to emphasize the NEVER trust anyone with your password especially a spouse. You never know what they will do if the marriage goes sour and you should never underestimate what they would do. Not only did he get into my email and change the password but he then used yahoo to find out all my linked emails and then unsubscribed me or started spying on my email lists including domestic abuse support groups, and also used my bank account and credit cards to buy himself stuff. So, never trust anyone with any account information, ever.

  20. BaliRob

    Dear Leo,

    Why cannot I find my post on this forum please?

    As a reminder, it is the one trying to help people not to fall for the false Yahoo login page.


  21. connie

    Questions go into the question queue, so those don’t show up in the comments. Some of them get posted if they get answered, in fact quite of few of them seem to be making their way into the weekly Answercasts.

    Leo keeps pretty busy… watch this page and it posts exactly where he is in the queue…
    Ask Leo! questions


    One important comment.
    I keep a hard copy of articles like this in a 3 ring notebook, along with similar important items [like a printout of a Belarc analysis of my current system]. Why? It’s good to have important information related to your system and “how-to” printouts prior to beginning any endeavor to recover any loss. In other words, having the knowledge and a plan without having to access your PC’s system.

    Perhaps Leo could compile a “must haves” or “good things to keep a hard copy of” as an off-line guide to what you need to know. [?]

  23. DamCar1

    A friend had his email hacked and the only thing they changed was the “reply to” address… adding a dot “.” to the original address! something we nearly overlooked. They had sent out heaps of SOS emails requesting money and all replies when straight to the hacker – so be warned!

  24. Debbie

    I think my hotmail account was hacked. When I try to sign in Windows Live, it says “We believe there is suspicious activity on your account, please enter recovery information” Trouble is, I never updated it! It’s my old cell number & old college e-mail address! Ugh! However, my son can log into his x-box live account, so does this mean I was really hacked? Or has my son changed the password? He says he hasn’t but would it be possible for him to sign in on the c-box if I am locked out of my own inbox? I also tried the recovery where they ask questions about contacts, recent sent e-mails, etc. but I haven’t received a reply, so I tried it again, but when I put in my perhaps hacked e-mail & my new one I set up, then try to type the captcha, it keeps saying re-enter information; thus, I am not getting anywhere, except a viscious circle! I am able to see my contacts, etc. because I have my e-mail via Windows Live Mail, but it won’t let any new mail come in or me send anything out, ugh! I’ve been trying this all week now, please help! Thank You!

  25. Gabe

    My e-mail was hacked which totally freaked me out so while I still had access to it I cleared all information from it (contacts, sent mail, etc.) and then closed the account. I also called and changed all of my incoming info (from banks, contacts, etc.) e-mail to my new one. I hope that I have done enough

  26. connie

    The only other thing you need to do is to make sure your new account is locked down tight with a really long password, and all your recovery information is set right, and do all the things Leo recommends to keep the new account safe.

  27. Kayla

    i cant access my msn account i think i got hacked and i also play this game and im scared that they would change my password and my secondary account on the game

  28. ana


    When I log in into my gmail account, I am notified that my recovery email may not belong to me anymore and asked for verification.
    I really don’t remember the password nor questions related to it because I was using it long time ago.
    What do I have to do:
    1. to stop this notification ever time i log into gmail
    2. to restore my google docs icone and approch t it because since this happened i can’t approach my shared documents.

    Hope you can help!

  29. connie

    If you don’t have access to your old recovery email, then you need to set up a new one, and get it entered and verified as a recovery email. This is really really important because if your account is hacked you have no way to get it back except through your recovery options. Also be sure to enter a recovery phone, and answers to questions that only you know.

    Once you set up a proper recovery email, and verify it, then then warnings will go away.

  30. kat

    Okay, so this is rather bizarre… someone used my email address to sign up for a website that requires payment (they did not have access to my credit card though). I canceled the account… so can they still use my email to log into their account? Basically, what I’m asking is: after deleting your email account, do accounts from other sites linked to that email still work? Please help :[

  31. kat

    My email wasn’t hacked but someone (who I do not know) used my email address to sign up for a website (in which an email address was required). Now that I deleted the email address, is the person no longer able to log into their account (that was my aim…)

  32. Mark J

    He would still be able to access it, because accounts like that aren’t actually linked to your email account. You email account is simply the login name and in most cases, the recovery address for that account.

    If you still have access to that email account, you should be able use it to recover the password from that website the person has opened up, and change the password, or better yet close that account down.

  33. Rama dev

    @Leo et al.

    Thank you for this well written and detailed tutorial on how to save what’s savable and prevent future episodes of the same type.

    Thankfully I am not affected by this type of attack in person, but I am helping a friend deal with her (no-backup, no-POP) gmail account having been:

    1). Hacked
    2). Contacts & email messages (10 yrs.) harvested & spammed
    3). Contacts & email messages (10 yrs.) DELETED (very ugly)
    4). Set to have all e.mail forwarded to a hacker controlled secondary account ( instead of – so spoofing the old address visually in a way)
    5). Language set to Hebrew

    I have gained access to the account and was able to reset the language and stop the further forwarding of any mail.

    Thanks to this tutorial, to avoid collateral damage, I also checked and changed passwords to connected accounts (Fb, PP, credit cards etc.) which seemed untouched.

    My reason for commenting is to see if Leo or any commenters have any wisdom on what to do about getting any of the “permanently” delete items back in one way or the other (Google or hacker). I.e. all messages were but into the trash which was then emptied by the hacker.

    I have read about a couple of tech journalists being able to get help from google directly to recoup this type of data lost in a similar way. Do mere mortals have a chance at all to have the GOOG to do some retrieval tricks before the data is actually overwritten on all their servers?

    Beyond that I was thinking about anything that might help in sleuthing out the hackers using the xyz@ymail account and gmail’s “recent access” data: Nigeria ([IP address removed]), if this is indeed where they accessed the account from.

    Is it possible for a mere mortal to track the access to the address to see if it matches the Nigerial ip address and perhaps pin this down further. Do any of you have friends in low places?

    How about writing to the hackers at the ymail address with some kind of message to get the lost data back. Rough and tough, Interpol threats, humble, begging?

    Let me know what you think or know, and if you have any pertinent ideas please.

    Thanks again to Leo for the completeness of this piece.

    Unless you have friends in high places (and I do not) I know of no way to get anything back in a case like this. It’s why I harp so hard on backing up.

    Locating the hackers is pointless. Unless you are or have engaged law enforcement there’s nothing that you could do to get that information, or do anything with it if you did.

    I also believe that any attempt to contact the hackers is, honestly, just asking for trouble. It’s not like they’re going to return anything because they’re suddenly going to be nice and take pity on you. Besides, they probably didn’t save it, they more likely just deleted it and have nothing to give back to you. It’s more likely that they’ll try to extort more money from you instead.

  34. Rama dev

    Hi again,

    I was able to get both, all contacts and all emails back!

    The contacts can be retrieved quite easily by using the “Restore Contacts” feature in the “more” dropdown menu on the contacts page itself.

    The emails were restored by Gmail (I guess) in just an hour or two, after I sent them a detailed report using this page:

    I am frankly quite shocked that this aweful sounding story has come to such a quick and positive outcome. Kudos to the Gmail team!

    Now let’s see if the police/authorities can do their part in taking the culprits off the map.

    Awesome! You got very lucky. You can ignore my prior response, but I still think it’s important for people to act as if once lost all is gone forever. Not all email providers have the mechanisms that you used, and not all that have them will guarantee their success.

  35. Theresa S

    My friends ex husband sent me a joke on email. I opened it and now I am afraid he will have access to all my info. Is that true or am I being paranoid? There was no link on the email, it was a joke he forwarded from his brother. Thanks for this site, it is very helpful!

  36. Mark J

    If you didn’t click on a link or run a program from an email, there isn’t any way he’d have access to your information. If this were possible, the simple act of reading emails would be dangerous.

  37. ed

    thanks for all the info, lucky me my hacker only sends spam….so i have changed passwords, security questions and fw my e mail….i have changed my passwords twice today so far…..just to make it difficult until everything goes back to normal.thanks!!!

  38. Gil

    Leo, I really thank you for this article. I’m a moderator on a fairly busy Internet list and we get phishing links coming through all the time from people who aren’t aware their email has been hacked. Our immediate response is to reject the email and send a link to your article telling them what to do. You’ve been very helpful to a lot of people and if they haven’t thanked you, I’m doing it for them. 😉

  39. Emraan Shariff

    Hi Actually My facebook page Has been Hacked and he Has posted that “this page is sale for 500rupees” and i transfered the amount after that he has switched off his cell pls help me what to do :(

  40. Marie

    I had my email hacked, I had my tax return info emailed to me recently, will they have access to that information? Thanks

  41. Mark J

    If your account was hacked, and the password and recovery information wasn’t changed before that email was received, it’s possible that hackers may have gotten a copy of that email.

  42. Teresa

    I changed my password and security questions. My contacts are still intact. But I can’t send or receive email. It’s a Yahoo Plus account.

    Does anyone know when my email account will be restored? Is there something I need to do?

  43. Emy

    my yahoo email is hacked i recovered my password using secret answers but still its not opening with new password yahoo says your email or password is invalid please try again using your full yahoo I’D before this 10 days ago i did a comment on this site
    today my account is not opening is its possible there’s some connection ?

  44. Kathleen

    I cant go in my email because its spammed by my friend and i forgot my sercurity question and i didnt know i would get blocked from my email and i want to get on my email what should i do????? I want my email back because it has the stuff i need for something.

  45. ramzi

    Recovering my Hotmail account, tried everything. please help.
    I kind of have a similar problem,
    I wanted to get my Hotmail account back
    I tried the “Validate your identity by providing as much information as you can on the Recover your Windows Live account” several times but I couldn’t, so windows suggested that I open a new account.

    I don’t want to open a new account, I need my {removed} because its associated with my Twitter account, and I forgot my twitter account password and I cant reset it without my Hotmail account.

    I don’t remember my alternate email address either; I haven’t used the account for more than a year, that’s why i failed providing the info to recover it. Please help me, the only reason i want to recover my hotmail password is because its associated with my twitter account and many other applications and websites, I don’t want to lose all this.

    Thank you for recommending on opening a new account but that wont solve my problem, please

  46. maureen mcdonald

    i am 72 hours in to a violent macbook pro/ iphone hacking by a known perp. i worked with a data recovery company over the phone for 2 days who got me back on FB (but it’s as if by a co-signer, as my e-mail is not primary). my apple id is still blocked at sign in, despite attempts to change it. i meet w/ the genius bar monday, but still feel i will need more restoration. the recovery co. will provide me with generated paperwork that can identify this person. i e-mailed paypal and amazon w/ no response. just fyi- texts were stolen, as well. one question- this person in likely in the U.K. would you go through all the trouble of filing a report and hoping to prosecute?

  47. Joe

    Hi Leo,
    I am wondering if you have information where you can find help.
    If somebody has published false information about you on the net using several free advertising webpages.
    If this case says he is from an other country (international), what is easy to say. like the publisher in in Russia and you life in the States. The police will not touch it, because they say it is a case for Interpol. It is hard work to find out where he publsih and when. Then it needs a lot of time to get those publications removed.
    I went through this work and I like to protect myself for beeing Mobbed again.
    Not only that I look for the best help, not only a page saying you need to talk to a friend and family. NO I would like to become a specialist in helping people as well. If somebody is using the internet to damage your references is a very bad situation and has to be stopped with all possibilities. I hope you can give me some idea. Where I can start to find out if somebody publish something bad, like a messenger alert about your personal name, where i can find organisations to joy and create a helping center to eliminate entries.
    Thank you in advance

  48. JoAnne

    Someone used a hotmail account to buy something with my credit card on Groupon. I contacted the ban. Groupon but there is NO way to contact Hotmail/MS to ask them to shut-down that address.
    I realize they can just make a new one but shouldn’t I have a way to at least let them know?

    Thank you!

  49. Jill

    The system if you actually consider it to be one is clearly out of control. After my mom and myself had our hotmail accounts “hacked” different times respectively and all the crap I went through to recover them I have no interest in an account of any kind anymore. I don’t dig the concept of personally information being ripped off to be no biggie. To each his own I guess. I will be making efforts to post anonymously if that is necessary.

  50. James

    Does yahoo have a 3 strikes and your out rule for entering wrong
    passwords or limit the number of wrong passwords per hour/day.
    If they don’t then yahoo mail accounts are wide open to brute
    force or dictionary attacks.

  51. Felicia Nash

    Curious about exporting the contact list once you suspect that the email account has been compromised… is this safe to export to an excel file or to a different email account service if one chooses to change? Or does it leave some sort of ‘breadcrumb trail’ to allow the hacker to do more damage?

  52. ASAR BEG

    Can anyone tell me how can i recognize a deleted mail in my trash that which system it was deleted from? Looking for best and quick answer.

  53. Carl Frederik

    Hi. I do not know if it is a hijack. But, Sometimes i when i
    send emails, in certain periods i get no replies whatsoever.
    And these contacts have often replied to mails before. Even
    those with a long or many – lines message.

    You have probably heard of internet – bullying. Is it
    feasible that some…have made a like a copy of
    my hotmail and intercepts outgoing messages
    just for the hell (sorry) of it or to make me feel
    unease and paranoid. Just a theory.

    Carl F

  54. CarolDru

    Yesterday morning, of around 12 emails received, suddenly all but three disappeared. An automatic response to one sat bewildered in the Outbox. Later, another two disappeared. This morning gave a repeat performance. Malwarebytes found 7 PUPs on my computer, two as files and the rest as registry keys, which have been smartly removed. Can I connect these with the missing emails in that spyware may have been responsible? Why would a hacker take only a sampling of the emails instead of taking them all?

  55. Bonita

    I have Verizon Yahoo. On 1/1/14, I was trying to forward some e mails which were on the server. As I was working with them, some were viewable on my Android tablet but not on my computer. Then most of the 40 emails were viewable on my tablet, but were in the Trash folder. Moving them resulted in an empty trash folder and 30 of them disappearing entirely.

    VY has a message up that they are converting their email to SSL. In addition, VY has hit with a major hacking episode on 1/1, via a Java exploit.

    So long story short I lost 30 emails. Unfortunately, I had not downloaded them from the server.

  56. Abhishek

    A facebook account has hacked by anyone and he(Hacker) has changed the password when i want to log in then it shows password is incorrect and then when i click on forget password then facebook send me confirmation code on my mobile no but my mobile has also stolen by anyone and i failed to enter confirmation code how can i login or blocking to facebook account please help !!!!!!

  57. Lawrence

    Amazing coincidence! I found out this morning my e-mail hacked, and when I went back for the support phone number, I see in my inbox this post!

    Needless to say, I took proper steps, including a thorough scan of the computer. I’ve been having problems with a program that seemed to escalate to the OS, forcing backup recovery (ntdll.dll problems). Now I am noodling this as well.

  58. Shahmir

    Hi Leo,
    I am shahmir from Pakistan . my friend has lost his Facebook Id that was hacked by someone so I am recovering his Id so the machine want to know his Password of hotmail account. its also not working please help me because someone is using hid Id abusive

  59. sanjay parakh

    uWhen I made my java mobile locked with new password my mobile lost all setting I want my home page google in place of samsung

  60. bri

    Well my yahoo account has been hack and the back up questions have also been change and all my passwords of my other acccounts such as instigram and ect have also been change is there any option that i have left because i didnt put and alternate email or phone

  61. daniel

    my gmail account opens in different locations and iam using a nokia modem how do i stop this in
    ubuntu,sometimes server operator changes ip address

  62. Marisa

    This was a great article. Thanks! I just got hacked on Aug. 21st and I changed my password of course, but nothing else. Tonight I finally figured out how to change my “sending name”, as the hacker had changed it, and within 20 minutes I got an email from Yahoo saying that someone in the Netherlands tried to access my account AGAIN!!! (I live in the US). Thanks to your recommendation I just changed my alternate email. Yahoo also has secondary security that I made sure I had (and changed tonight). It’s just 2 security questions. I wanted to point out that even though the hacker deleted my contacts, I was able to recover most of them from the “deleted contacts” folder on Yahoo. Thank God the hacker forgot to delete the trash. Not sure if anyone besides Yahoo has the deleted contacts folder, but it’s worth a try. I just took all the steps that you recommended above. Thanks again.

  63. somayeh


    please help me

    i can’t remember the answer to security question in my yahoo email, but i know the email and password.
    what thing i have to do?
    it’s an important email of mine and i must get through.

    HELP ME.


    • If you know the email and password as you say you do, then just login normally, and go update your security info. If you’re being prompted for additional verification then you must provide that information to prove that you are the rightful account owner. Forgetting security questions is the fastest way to lose an account forever: A One Step Way to Lose Your Account … Forever

  64. Didi M

    I have a friend on facebook whos account was hacked and is unable to change the language back to English. He is has already gone into the settings and tried changing but still showing in foreign language. Thank you so much for your help.

  65. Georgina

    Two days ago my partner said that he received an email saying it was from me and came up in my married name. The email contained a photo of me from when I had a photo shoot so he looked at it on his mobile phone email account and replied to it. He had an email flick back saying that it the mail was undeliverable as the account was no longer in use and the email address listed was one which I had with virgin media many years ago when I was living with my ex husband and even before I knew my partner. There are several things that don’t link up:

    1) The blueyonder email account should have been deleted and wonder how it is being operated from?
    2) Why did my name appear in the email to my boyfriend because it would have appeared in my ex-husbands name as it was set up that way
    3) How did the picture of me appear? because that was a long long time after that email account
    4) How did they link it to my current partner?

    Many thanks for your help.


    • Mark Jacobs

      That article covers the topic pretty thoroughly. If you can’t get the account back using the steps outlined in the article, it might not be retrievable.

  66. Junaidu

    Kindly help me to get back my Yahoo!.account that was hacked around 11 to 12 October 2014.The hackers change my password and the recovery email,I m ready to identify myself through whatever way u deem it right sir.Sincerely Junaidu Usman

  67. Sonnia

    When I found that the live mail had been hacked, I reported the problem. But since then there are
    still problems that are unresolved. Wanted to send an e-mail to the Support team but they don’t
    seam to have an address where one can contact them directly. So I sent a written request for
    help. No reply. Have found this process to be very frustrating & stressful. I then changed to a
    new server who in their opinion, have felt that Outlook has poor security and it won’t matter what
    account name I change the live mail to they won’t connect it.

  68. Brad_in_MA


    I’d do one more thing . . . . if your email service has the capability, activate two-step logon. This feature sends a six digit code to your mobile phone that you must enter EVERY TIME you either (a) log on to email from a new machine, i.e. a Nigerian hacker has your email and password or (b) every time you clear you cookies on your regular machine. This can be a minor pain, but this extra simple step can save a LOT of grief. Ask me how I know.

    Taking backups of your address book on a regular basis — I do it once a month — is not enough. You must test importing the address book to verify the backup and restore process actually works. Lots of folks ignore this step. After all, a backup which cannot be used to restore your account is no backup at all.

    Good luck everyone.

  69. Anashree


    I’d like to know how I can make sure that my email address does not show at the login screen the moment is type in a the whole address appears below and I do not want that. At work other people have email accounts with yahoo and I do not want them to know that I access my emails from the office in an emergency like when I need to print docs from my email.


    • Mark Jacobs

      Your bosses at work have access to every web page you visit on their computers. They can see the contents the contents of every email you view. In fact, if they choose, they can record every keystroke you type. So if you don’t want them to know what you are doing on the web, use your phone.

  70. Philip Ekale

    thanks Leo for the insight on hacking and recieving spam messages from my own account,in fact i have discovered that someone tried to hack into my account,thanks again Leo

    • Mark Jacobs

      All of the possible recovery options are mentioned in step 1 of this article. If none of those work, it’s likely you’ve lost your account permanently.

  71. kevin childs

    On January 1st this year someone hacked into my email account and set up 2 step verification on it.Since then I have had numerous email conversations with microsoft support and they know that some one hacked my account and changed things.Now the thing that is very hard for me to accept is that they say they have no control of who gets into or uses the account,but surely they as programme writers have the power to change this or does it mean that no one is safe and there programme is virtually worthless.I have lost a lot of important emails and contacts through no fault of my own but they do not appear to be the least bit bothered about it.I have tried to get them to send me contact details of someone so I can take this further but its like banging your head against a wall they just do not appear to want to help.They know my account was hacked so surely they must have the IP address of the hacker and be able to restore my account.

    • Connie

      It may help to think about the various people involved in this whole scenario. Yes, Microsoft has lots of great programmers who could make changes to the code. But the person you are conversing with in tech support is a tech support person – they probably don’t have the programming skills, and certainly don’t have access to the code that makes the program run. Any good company will not allow their customer service crew to have access to sensitive information. For instance, you’ll (hopefully) find that no tech support person ever has access to your credit card in any system. At the most they will be able to see the last 4 digits and the expiration date. Also there is no reason for the tech support person to lie about what kind of access they may have for recovering your account. Hope that helps.

  72. Mathews

    My father got a call from his friends saying that he has forwarded some email to them when he actually hasnt. He even opened his email a/c and saw that no email in his send folder. Is his A/C hacked ? are my dad’s friend been spend a spam mail? Is there any further risk for my father?

    • Mark Jacobs

      This can be done very easily by anyone who knows your email address and the addresses in his address book. The can easily fake his address in the From: field. Following the instructions in this article can prevent further damage, but now that the hacker has the address book, there’s nothing to prevent them from sending more emails like that.

  73. dd

    Hi Leo:
    In step #6, you state that users should “download the email via POP3 or IMAP to setting up an automatic forward of all incoming email to a different email account, if your provider supports that.” Is it possible that the hacker has done so already without your knowledge, meaning that even if you change your password, all your emails will still be sent to the hacker? Or, I’ve heard that there is a way to set up an automatic BCC on every email you send; so even if you do change your password, the hacker will continue to receive copies of your emails without your knowledge. I have been recently hacked and immediately changed my password and activated a 2-step verification option when logging on from different devices and locations, but still have the concern that copies of my emails are being sent to the hacker. Is this possible and if so, how do I check/confirm and stop it?
    Many thanks.

    • It is possible, but it would be via an option in your email accounts settings and options that you should verify as not having been set.

Leave a reply:

Before commenting please:

  • Read the article. Seriously. You'd be shocked at how many people make comments that prove they didn't.
  • Comment only on the article. If you have a new, unrelated question start with the search box at the top of the page.
  • Don't post personal information. Email addresses, phone numbers and such will be removed.

VERY IMPORTANT: because of a rise in comment spam that's making it through our filters any comments that do not add to the discussion - typically off topic or content-free comments - run a very high risk of being flagged as spam and removed.

If you have a new question unrelated to the article above, ask it on the Ask Leo! ask-a-question page.

Your email address will not be published. Required fields are marked *