Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

If They Got Into My Account Once, Could a Hacker Get In Again?

It depends on what they did and what you did the first time.

by

Once your account has been hacked, there are many things you need to consider to prevent it from being hacked again.
Image featuring a lock superimposed over an email icon. The email icon with the lock is central and surrounded by minimal security symbols, including a subtle shield and a sleek two-factor authentication token. The background is light and uncluttered, focusing on the idea of easy yet effective email protection. The overall aesthetic is clean and straightforward, emphasizing user-friendly digital security.
(Image: DALL-E 3)
Question: After I change the password of an email, is there any way for someone who once had access to enter again?

Quite possibly, yes.

There are a number of things they could have done that would allow them to regain access. Fortunately, they’re mostly things in your control.

Assuming you know how to control them.

Become a Patron of Ask Leo! and go ad-free!

TL;DR:

Preventing getting hacked again

After regaining access to a hacked email account, it’s crucial to:

  • Update recovery information, as hackers often add their own. Check and secure alternate emails, phone numbers, and security questions.
  • Ensure devices are malware-free, as keyloggers can capture your new password.
  • For ongoing security, use two-factor authentication, strong unique passwords, and regularly review recovery options.

Account recovery

The most common way hackers get back into your account is by changing or adding recovery information while they have access to it the first time.

Related


A One-Step Way to Lose Your Account Forever

 I see people lose access to their most important accounts all the time. It's often their own fault that they can't regain access.

For example, they might add an alternate email address under their control. After you recover the account using your recovery information, all they need to do is repeat the process using their own, and they’re back in.

The solution is simple: once you regain access to an account, make absolutely certain to confirm that all the recovery information is accurate. Make sure alternate email addresses are yours, make sure phone numbers are yours, and make sure security questions are yours. If there are other items that can be used as recovery, such as recovery codes1 or two-factor authentication devices, make sure those are yours as well.

If any of them have been changed (or are no longer accessible to you), then indeed, you could lose access to the account. Again.

Malware

This is perhaps the second most common way hackers can re-hack.

If your account was hacked due to malware on your device, and you’ve not discovered and removed that malware, then the hacker can easily regain access. A keylogger, for example, would allow them to capture any updated password as you update it.

It’s important to ensure that your devices are free of malware. If you’ve experienced an account hack, that means running a full anti-malware scan in case that was the hacker’s way in.

Saved passwords

This is rare, but if the hacker has signed into your account and has the “remember me on this computer” item checked when they do so, it’s possible that the sign-in could persist across a password change on your part.

I say rare because most services are smart enough to invalidate all those “remember me” sessions when a password changes.

Unfortunately, unless there’s a “sign out everywhere” option provided by the service you’re using, there’s little to be done other than be alert for suspicious activity.

Related


What Is a Passkey?

 Passkeys are a new form of authentication that promise to be both easier and more secure.

Passkeys

This is new, and like saved passwords, I expect it to be rare. It’s possible that once signed into your hacked account, a hacker could establish a passkey on their computer.

I say this should be rare for the same reason as saved passwords above: I’d expect the service to invalidate all passkeys if you change a password or perform some kind of account recovery.

Nonetheless, once you regain access to your account, make certain to check the passkeys listed and remove/disable any you don’t recognize.

Related services

Some of our accounts are used for more than one thing. For example, a Microsoft account includes access to email at Outlook.com, cloud storage at OneDrive.com, and is often used as your Windows sign-in account.

Again, it should be rare — in fact, so rare it should never happen — but theoretically, this could open a door for the hacker to regain access to your account.

As you recover from a hacked account, ensure that all services associated with that account are secured using your new password or other updated information.

Related


Why Password Managers Are [Still] Safer than the Alternatives

 If you're not using a password manager, you're likely compromising your security more than necessary. Here's why using one is safer.

Ongoing security breaches

I’ve never heard of this happening, but it’s worth being aware of the possibility.

Let’s say your account password was discovered because the service you used had a breach of some sort.

If that breach has not been discovered — in other words, it’s ongoing and the hacker still has access to the service’s database — then they could access any password updates as well.

Do this

If your account is hacked, make sure to review all the possibilities listed above. Above all, change or verify your recovery information immediately. Changing your password is not nearly enough.

Then, hacked or not, to ensure your account security:

  • Add two-factor authentication to significantly reduce the chances of your account being hacked in the first place.
  • Use strong, and most importantly, unique (different for absolutely every sign-in) passwords.
  • Regularly check and update your recovery options. This is the most common reason people lose access to their accounts permanently.
  • Ensure your devices are secure and malware-free.

Perhaps also subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

Podcast audio

Play

Download (right-click, Save-As) (Duration: 8:17 — 6.1MB)

Subscribe: RSS

Related Video

Footnotes & References

1: Since recovery codes are usually displayed only once when set up or changed, there’s typically no way to know if they’ve been changed. To be safe, reset them anyway.

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Additional information is available at https://askleo.com/creative-commons-license/.