Account Hacked? Here's Exactly What to Do Right Now
Step-by-step emergency guide for when your account gets hacked. Change passwords, check active sessions, enable 2FA, contact support, and secure linked accounts.
Account Hacked? Here's Exactly What to Do Right Now
You notice something wrong — a password that no longer works, a login alert from an unfamiliar location, or messages you never sent. Your account may have been compromised. What you do in the next few minutes matters more than anything you did before.
This guide provides a clear, prioritized checklist to regain control and limit the damage.
Step 1: Change Your Password Immediately
If you can still log in, change your password before the attacker locks you out.
What makes a strong replacement password:
- At least 16 characters
- Mix of uppercase, lowercase, numbers, and symbols
- Not used on any other account
- Not based on personal information (birthdays, pet names, addresses)
If you cannot log in:
- Use the "Forgot password" link on the login page
- Check your recovery email or phone for the reset link
- If the attacker changed your recovery options, skip to Step 5 (Contact Support)
Store your new password in a password manager — not in a text message, not in a notes app. For temporary secure storage, a password-protected memo on LOCK.PUB can hold your credentials safely until you set up a password manager.
Step 2: Check and Terminate Active Sessions
Most major services let you see where your account is currently logged in. Find this setting and sign out of every session you do not recognize.
| Service | Where to check |
|---|---|
| myaccount.google.com > Security > Your devices | |
| Apple | appleid.apple.com > Devices |
| Settings > Security and login > Where you're logged in | |
| Settings > Security > Login activity | |
| X/Twitter | Settings > Security > Sessions |
| Microsoft | account.microsoft.com > Devices |
After reviewing, use the "Sign out of all sessions" option if available. This forces the attacker to re-authenticate, which they cannot do if you have already changed the password.
Step 3: Enable Two-Factor Authentication
Once you have regained access and changed the password, immediately enable 2FA to prevent the attacker from getting back in.
Recommended method: Use an authenticator app (Google Authenticator, Authy) rather than SMS. SMS can be intercepted through SIM swapping attacks.
Quick setup:
- Go to your account's security settings
- Select "Two-factor authentication" or "2-step verification"
- Choose "Authenticator app"
- Scan the QR code with your authenticator app
- Save the backup codes in a secure location
If you need a detailed walkthrough, see our complete 2FA setup guide.
Step 4: Check for Unauthorized Changes
Hackers often do more than just read your messages. Review these areas:
Account settings
- Recovery email and phone — Has the attacker added their own recovery options?
- Forwarding rules — In email accounts, check if messages are being forwarded to an unknown address
- Connected apps — Revoke access to any third-party apps you do not recognize
- Profile information — Check if your name, bio, or profile picture was changed
Financial connections
- Linked payment methods — Check for unauthorized credit cards or bank accounts
- Recent transactions — Look for purchases or transfers you did not make
- Subscription changes — Verify no new subscriptions were created
Linked accounts
- "Sign in with Google/Facebook/Apple" — If the hacked account is used to log into other services, those are compromised too
- Check each linked service individually and change passwords there as well
Step 5: Contact the Service's Support Team
If you cannot regain access through normal recovery methods, contact support directly.
Information to have ready:
- Your account email or username
- The approximate date you lost access
- Any recent account activity you can describe
- Government-issued ID (some platforms require this for identity verification)
- Previous passwords you have used (some services use this to verify ownership)
Support links for major platforms
| Platform | Recovery page |
|---|---|
| accounts.google.com/signin/recovery | |
| facebook.com/hacked | |
| help.instagram.com (Hacked Accounts) | |
| X/Twitter | help.twitter.com (Account access) |
| Apple | iforgot.apple.com |
| Microsoft | account.live.com/acsr |
Step 6: Scan All Your Devices
The account may have been compromised through malware on one of your devices. Run a full security scan:
- Computer: Run a full antivirus scan with updated definitions
- Phone: Check for unfamiliar apps and remove them. Consider a factory reset if you suspect deep compromise
- Browser: Clear all saved passwords and cookies. Check for suspicious browser extensions and remove them
- Check for keyloggers: Antivirus software can detect most keyloggers, but also look for unusual processes in your task manager
Step 7: Check If Your Credentials Were in a Data Breach
Visit Have I Been Pwned and enter your email address. This free service tells you whether your credentials appeared in known data breaches.
If your email shows up in a breach:
- Change the password on every account that used that email
- Use a unique password for each account going forward
- Enable 2FA everywhere possible
Step 8: Notify Your Contacts
If the attacker sent messages from your account, let your contacts know. This prevents them from falling for phishing messages that appear to come from you.
A quick message works:
"My account was recently compromised. If you received any unusual messages from me, please do not click any links in them. I have secured my account."
Send this through a different channel — if your iMessage or Messenger was compromised, use email or a phone call instead.
Prevention Checklist for the Future
After recovering your account, take these steps to prevent it from happening again:
| Action | Priority |
|---|---|
| Use a unique password for every account | Critical |
| Enable 2FA on all important accounts | Critical |
| Use a password manager | High |
| Check haveibeenpwned.com periodically | Medium |
| Review connected apps quarterly | Medium |
| Keep devices and software updated | High |
| Be cautious with links in emails and messages | High |
Share Sensitive Recovery Info Safely
During account recovery, you may need to share temporary passwords or recovery codes with a trusted person who is helping you. Instead of sending these through a messaging app where they remain in chat history, use LOCK.PUB to create a password-protected memo with a short expiration time. The credentials disappear after the set period, leaving no trace in anyone's message history.
Keywords
You might also like
A Security Guide to Sharing Confidential Data While Working Remotely
Learn about common security threats in remote work environments and practical methods for sharing sensitive information safely with your team.
Beyond Link Locking: The Complete Guide to LOCK.PUB's 7 Secret Content Types
LOCK.PUB is more than just a link-locking tool. Discover all 7 content types: URL Lock, Secret Memo, Encrypted Chat, Secret Poll, Secret Image, Secret Board, and Secret Audio.
Is My Phone Hacked? Warning Signs and What to Do
Learn the key signs that your phone may be hacked: battery drain, unknown apps, data spikes, pop-ups, and more. Step-by-step guide to check and fix a compromised phone.
Create your password-protected link now
Create password-protected links, secret memos, and encrypted chats for free.
Get Started Free