What to Do If You Think One of Your Accounts Was Hacked

You opened your email and something felt wrong.

Maybe there's a login alert you didn't trigger. Maybe a friend says they got a strange message from you. Maybe your password just stopped working.

Take a breath. This is stressful, but it is fixable.

If you think one of your accounts was hacked, what you do in the next hour matters more than what you do next week. The good news is that the steps are simple, and you do not need to be technical to follow them.

This guide walks you through exactly what to do, in order. Start at the top and work down. You do not have to do everything at once.

First, Stay Calm and Confirm What Happened

Before you change anything, take a moment to figure out what you're actually seeing.

A hacked account usually shows one or more clear signs. Knowing the signs helps you decide where to focus first.

Common signs an online account was hacked

• You can't log in, even with the right password.
• You got an email saying your password or recovery info was changed, and you didn't do it.
• Friends or contacts received messages or posts you never sent.
• You see logins from places or devices you don't recognize.
• Money moved, orders were placed, or new payees appeared.
• Your security settings changed on their own.

If you see any of these, treat the account as compromised and keep reading.

Watch out for fake alerts

Not every scary message is real. Some "your account was hacked" emails and texts are scams designed to make you panic and click a link.

A safe rule: never click a link inside an alarming message to "fix" your account. Instead, open a new browser tab and type the website address yourself, or open the app directly. Real account changes happen on the real site, not through a link someone sent you.

Step 1: Reset Your Password Right Away

If you can still get into the account, change the password now. If you can't, use the "Forgot password" link to start recovery.

A strong password reset after a hack is the single most important step.

How to reset your password after a hack

1. Go to the website or app directly. Don't use links from emails.

2. Choose "Forgot password" or "Reset password."

3. Follow the steps to verify it's you, usually by email or text code.

4. Create a brand-new password you have never used before.

Make the new password long and unique. A short phrase of random words is easy to remember and hard to guess. Never reuse a password from another account.

Change it everywhere it was reused

Here's the hard truth: if you used that same password on other sites, those accounts are at risk too.

Make a quick list of any account that shared the password and reset each one. This is exactly why a password manager helps so much. It creates and stores a different strong password for every account, so one breach can't unlock the rest. If you're new to that idea, our guide on a simple system for managing passwords, documents, and devices is a calm place to start.

Step 2: Turn On Two-Factor Authentication

Once your password is reset, add a second lock to the door.

Two-factor authentication (often called 2FA) means that even if someone has your password, they still can't get in without a second code. It is one of the best protections you have.

How 2FA works in plain English

After you enter your password, the account asks for a one-time code. That code comes from:

• An authenticator app on your phone (the strongest everyday option).
• A text message to your phone number.
• A physical security key, if you have one.

Turn this on in the account's security settings. If 2FA was already on but the hacker got in anyway, turn it off and back on to reset it, and remove any 2FA method you don't recognize.

Save your backup codes

When you set up 2FA, most services give you backup codes. These let you back in if you lose your phone. Save them somewhere safe and private.

If you want a deeper walkthrough, see our support page on two-factor authentication. Storing those backup codes in a secure, organized place, rather than a sticky note, is part of a healthy digital setup.

Step 3: Check Your Recovery Information

This step is easy to skip, and skipping it is how people get hacked twice.

When someone breaks into an account, they often change the recovery email or phone number. That way, even after you reset your password, they can quietly reset it right back.

What to review

Open your account settings and check each of these:

• Recovery email: Make sure it's yours and not a stranger's.
• Recovery phone number: Confirm it's your real number.
• Backup email addresses: Remove any you don't recognize.
• Security questions: Update the answers if they may have been seen.

Remove anything unfamiliar. Then update everything to your current, correct details.

Your primary email is the master key to almost everything, because most password resets flow through it. If your email itself was the account that got hacked, secure it first, before anything else. Our email account support guide covers why your inbox deserves extra care.

Step 4: Log Out All Other Sessions and Devices

Resetting your password doesn't always kick out someone who is already signed in. You have to force it.

Most major services have a setting that shows every device and session currently logged in, and a button to sign them all out at once.

Where to find it

Look in the account's security or privacy settings for an option like:

• "Where you're logged in"
• "Active sessions" or "Devices"
• "Sign out of all other sessions"

Review the list. If you see a device, browser, or location you don't recognize, sign everything out. You'll have to log back in on your own devices, and that's fine. It's worth it to make sure the intruder is gone.

Then review what they could reach

While you're in there, look for anything the hacker may have changed or connected:

• New "connected apps" or third-party access you didn't approve.
• Email forwarding rules that secretly send your mail elsewhere.
• New auto-payments, payees, or shipping addresses on financial accounts.
• Filters that hide or delete incoming security alerts.

Remove anything you didn't set up yourself. Hidden forwarding rules and rogue connected apps are common ways attackers keep a foothold after you've changed your password.

Step 5: Check for Damage on Connected Accounts

Accounts are linked together more than most people realize.

If the hacked account was your email or a "sign in with" login, the attacker may have reached other places too. A little detective work now saves a lot of trouble later.

Focus on the high-stakes accounts first

Walk through your most important accounts in this order:

• Your primary email, since it controls password resets everywhere.
• Banking and financial accounts. Look for unfamiliar transactions, transfers, or new payees.
• Payment apps and stored cards on shopping sites.
• Any account that used the same password as the hacked one.

For money matters, contact your bank or card issuer directly if you see anything suspicious. They can freeze cards, reverse fraudulent charges, and watch for more. Our financial accounts support page explains how to keep these organized so you can move fast in a moment like this.

If you reused security questions across sites, update those too. Our security questions guide shows why predictable answers are risky and how to make them stronger.

Step 6: Contact Support When You're Locked Out

Sometimes the hacker changes everything, your password, recovery email, and phone, and you simply can't get back in. That's when you contact the service's official support team.

This can feel slow, but real account recovery support exists for exactly this situation.

How to reach support safely

• Find the support link on the company's official website, not from a search ad or a message.
• Look for a phrase like "I think my account was hacked" or "account recovery." Many services have a dedicated path for this.
• Be ready to prove it's you. They may ask about past activity, old passwords, billing details, or the date you opened the account.
• Be patient and keep notes. Write down case numbers and who you spoke with.

Never pay a random "hacker recovery service" you find online or hand your details to someone who direct-messages you offering help. Legitimate recovery goes through the company that owns the account, and it doesn't cost a secret fee.

Step 7: Lock Things Down So It Doesn't Happen Again

Once the fire is out, spend a little time making your accounts harder to break into. These habits do most of the work.

Simple protections that make a big difference

• Unique passwords everywhere. One password per account, managed by a password manager.
• 2FA on your important accounts. Email, banking, and your password manager first.
• A quick security checkup every few months on your main accounts.
• Updated devices. Install phone and computer updates so known holes get patched.
• Healthy skepticism. Slow down before clicking links or sharing codes. Most hacks start with a click, not a genius attack.

If your accounts feel scattered and you're not sure what you even have, it may be time to get organized. Our digital life checklist every adult should have is a friendly starting point.

Where Trust Blocks Fits In

A scramble during a hack is so much calmer when your important information already lives in one secure place.

Trust Blocks helps families organize the digital essentials, your primary email login, phone passcode, bank account, cloud storage, and key instructions, plus your online accounts, 2FA backup codes, and devices. It's built with end-to-end encryption and a zero-knowledge design, so the company never sees your stored secrets. Only you can unlock them with your PIN.

That organization pays off in two ways. Day to day, you know exactly which accounts exist and where the keys are, which makes a secure hacked account cleanup far faster. And for the future, you can name a Transfer Contact, a trusted person who can receive access through a guided account transfer if something happens to you. It's the difference between a frantic search and a clear plan.

Frequently Asked Questions

How do I know if my account was really hacked or it's just a glitch?

Look for clear signs: logins you didn't make, messages you didn't send, changed settings, or a password that suddenly fails. If in doubt, reset your password and check your active sessions. A quick reset never hurts, even if it turns out to be a false alarm.

What should I do first if my email account is hacked?

Secure your email before anything else, because it controls password resets for nearly everything else you own. Reset its password, turn on 2FA, fix the recovery info, and sign out all other sessions. Then move on to your other accounts.

Should I delete a hacked account and start over?

Usually no. Recovering the account is better, since deleting it can free up your username for someone else and may not stop the attacker. Reset your password, secure it, and only consider closing it if the service can't help you regain control.

Can I get my money back after a hacked financial account?

Often yes, if you act quickly. Contact your bank or card issuer directly, report the fraud, and ask them to freeze or reverse the charges. The sooner you report it, the better your chances of a full recovery.

How can I stop my accounts from being hacked again?

Use a unique password for every account, turn on two-factor authentication, and keep your recovery details current. A password manager and regular security checkups handle most of the risk for you.

Key Takeaways

• If you suspect an account is hacked, act fast but stay calm. The first hour matters most.
• Reset the password directly on the real site, and change it anywhere you reused it.
• Turn on two-factor authentication and save your backup codes.
• Check and fix your recovery email, phone, and security questions so the hacker can't get back in.
• Sign out all other sessions and remove any unfamiliar connected apps or forwarding rules.
• Secure your email first, since it controls resets for everything else.
• Contact official support if you're locked out, and never pay a random recovery service.

Your Quick Hacked-Account Recovery Checklist

Work through this list in order. Check off each step as you go.

1. **Confirm it's real.** Look for the signs, and ignore suspicious links in alert messages.

2. **Reset your password** on the real site, then change it anywhere you reused it.

3. **Turn on 2FA** and save your backup codes somewhere safe.

4. **Fix recovery info.** Check your recovery email, phone, and security questions.

5. **Log out all other sessions** and remove unknown devices, apps, and forwarding rules.

6. **Check connected accounts**, especially email and anything financial.

7. **Contact official support** if you're still locked out.

8. **Lock it down** with unique passwords, updates, and a quick security checkup.

Once the immediate danger has passed, take the calm next step: get organized so you're never caught off guard again. A clear plan for your accounts, devices, and the people you trust turns the next surprise into a minor inconvenience instead of an emergency. When you're ready, Trust Blocks can help you put that plan in place.