Discovering that one of your accounts has been compromised can be alarming. The most important thing is to act promptly through official channels. Here's a clear plan.
Step 1: Regain Access
If you're still able to sign in, do so immediately. If not, use the official password reset flows:
- Microsoft: account.microsoft.com > Forgot password
- Google: accounts.google.com/signin/recovery
- Apple: iforgot.apple.com
- Facebook: facebook.com/hacked
Choose your recovery method (email, phone, backup code) and reset your password right away.
Step 2: Change Your Password Immediately
Once back in, change your password to something long, unique, and not used anywhere else. A password manager can generate and store a strong one for you. Do not reuse old passwords.
Step 3: Check and Evict Unauthorised Access
- Go to the account's security settings and look for active sessions, connected devices, or recent activity. Sign out of all sessions you don't recognise.
- Revoke any third-party apps or permissions you didn't add yourself.
- Check if your recovery email or phone number was changed — and change it back if so.
Step 4: Enable Two-Factor Authentication
This is the single most effective step to prevent a repeat. See our guide to setting up 2FA for all major accounts.
Step 5: Check Your Other Accounts
Hackers often use one compromised account to try others. If you reused the same password elsewhere, change those passwords now. Prioritise email accounts (which can be used to reset everything else), banking, and shopping accounts.
Step 6: Warn Your Contacts
If the hacker sent messages from your account pretending to be you — asking for money or spreading links — let your contacts know so they don't fall for a follow-on scam.
A Note on Recovery Scams
After being hacked, people are often targeted by scammers who claim they can "recover" the account for a fee or ask for your new password to restore data. Ignore these entirely. No legitimate service works this way. Official recovery is always free and done through the account provider's own website.
Ask us if you need help working through any of these steps.