Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

What to Do When Your Account Is Hacked

Move quickly!

Hacks happen. There are steps to take, not only to recover your account but to prevent it from being hacked again.
You Have Been Hacked!

Hacking can happen to any account, and it seems like we have more online accounts than ever; therefore, it’s possible you could get hacked. If you suspect you have been, try not to panic. It never helps. So take a deep breath and work through the steps below as calmly and as soon as possible.

Become a Patron of Ask Leo! and go ad-free!


If you suspect your account has been hacked, the basic steps are:

  1. Recover access
  2. Change the password
  3. Update account recovery information
  4. Learn from the experience
  5. Get help if you need it

While the steps are generally the same, I have a couple of articles on specific services or situations that might apply. If your situation falls into one of those categories, those articles may have more specific information for you.


1. Recover your account

Sign in to your account right away. If you can, go to step 2.

If you can’t, even though you know you’re using the correct password, then your password has probably been changed by the hacker.

Most services will include a “Forgot password?” or similar link on their sign-in page. Click on that link and follow the instructions.

Important: follow those instructions carefully and completely. Examine all available recovery options along the way. Many people give up after one attempt, having overlooked the fact that there may be additional recovery options.

If none of the available techniques work, then it’s time to reach out to the support or customer service options for the service in question. This may not be an option for all accounts, particularly free accounts.

If you cannot recover access to your account, it is now the hacker’s account. Unless you backed it up, everything in it is gone forever, and you can skip the next two items. You’ll need to set up a new account from scratch.

2. Change your password

When you regain access to your account, or if you never lost it, immediately change your password. You may not need to, but then again, the hacker may know it. Better to be safe and change it as soon as you can.

As always, make sure it’s a good password: easy to remember, difficult to guess, and long. In fact, the longer the better, within the service’s limits.

But don’t stop. Changing your password is not enough.

3. Change (or set) your recovery information

While the hacker has access to your account, they may elect to leave your password alone. That way, you may not notice the hack for a while longer.

If the account includes recovery information — the information you’d use in step 1 above to regain access to your account — hackers often change it all. The reason is simple: when you finally get around to changing your password, the hacker can follow the “I forgot my password” steps and reset the password out from underneath you and hack your account again, using the recovery information they set.

Check all your account recovery information.

Check the email address(es) associated with the account. Remove any you don’t recognize or no longer have access to. Make sure they all belong to you and that you can access those accounts.

Check any phone number(s) associated with the account. Remove any you don’t recognize and make sure that any phone number listed is yours and no one else’s.

Overlooking information entered for account recovery could allow the hacker to hack back in. And, of course, setting no recovery information dramatically lessens the chances of recovering a hacked account. Take the time to carefully review and/or set up this information, now.

4. Learn from the experience

One of the most important lessons to learn from this experience is to consider all the ways your account could have been hacked, and take steps to protect yourself from it happening again.

If you are fortunate enough to identify exactly how your password was compromised (and that isn’t common), take measures so it never happens again.

5. If you’re not sure, get help

If you’re having difficulty with the process, ask for help. Perhaps the service has support, perhaps they have a peer-to-peer discussion forum, perhaps you have a trusted techie friend.

While you’re at it, find someone who can help you set up a more secure system for your account, following the steps above.

You and I are responsible for our own security. That means taking the time to learn and set things up securely. Yes, additional security can be seen as an inconvenience. Dealing with a hacked account is significantly more than inconvenient.

It’s worth the trouble to do things right in the first place.

If that’s still too much … well … expect your account to get hacked again.

Do this

Regain access to your account if you can. Once you have, or once you’ve set up a new replacement account, make sure to secure it properly.

For more tips on staying secure and making technology less frustrating, subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

Podcast audio


4 comments on “What to Do When Your Account Is Hacked”

  1. Fine article Leo — as always — but I object to the title:

    “What to Do When Your Account Is Hacked”

    …makes it sound as though your account getting hacked is inevitable. Now I know thing these days are bad, but on the terrible day that the hacking of everyone’s account becomes inevitable, I’m giving up on security — and on the Internet as well — as a totally lost cause, for good and all.

    Please change that “When” to an “If”!

    Thank you. :)

  2. Leo,

    Even more important is the fact that account hacks are becoming more common, AND sophisticated, daily. The question really is when, not if our accounts will be hacked. The single most important thing any of us can do to limit the damage of having an account hacked is to prepare for the eventuality as if it is a certainty. As I see it, there is no way to stop dedicated intruders. What we CAN do is make it as hard as possible for them in the hope that they will move on to easier targets.



  3. I have 3 or 4 recovery emails set up for each of my accounts. That gives me more recovery options in case of a hack. It’s not perfect. Nothing is, but it gives you more options to recover the accounts.
    It’s essential to make sure you have access to your recovery email accounts and phone numbers. That’s why I use several. In case one fails, I have others to fall back on.


Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.