You found out you cannot log in, or friends are writing to you about strange messages from your account. Someone has probably broken into your account. The important thing is not to panic and to proceed systematically. Here is a step-by-step guide.

1. Try to log in immediately and change the password

If you can still log in, change the password immediately to a new, strong and unique one. Change the password from another, trusted device (for example your phone), not from the one that may be infected with malicious software. This logs the attacker out. How to create good passwords is in the article on password management.

Right after changing the password, sign out of all sessions. Most services (Google, Facebook, Microsoft) have a setting to sign out of all devices at once, often called “Sign out everywhere” or “Active sessions”. Changing the password alone may not immediately log the attacker out of an already open session.

2. If you cannot log in, use recovery

Use the forgotten password option and recovery via a backup email or phone. If the attacker also changed these details, look on the service’s page for a form to report a compromised account.

3. Turn on two-factor authentication

As soon as you get the account back, turn on two-factor authentication (2FA). Even if the attacker knew the password, without the second step they cannot get in. More in the article on two-factor authentication and on passkeys.

4. Check the account settings

Attackers often change settings to keep their access. Check:

  • The backup email and phone, whether they are not unfamiliar.
  • Forwarding rules in email, which secretly send copies of messages to the attacker.
  • Linked apps and devices and remove those you do not recognize.

5. Change passwords elsewhere too

If you used the same password in several places, change it everywhere. Attackers try the stolen password on other services. This is exactly why every password should be unique.

6. Assess the damage and scan your device

Before you declare the account safe, find out what actually happened:

  • Check the sent mail and messages, whether the attacker wrote to anyone or sent fraudulent links in your name.
  • Review the login history (most services show it), where you will see unfamiliar devices and countries.
  • Scan your computer and phone with a good antivirus. If the attacker stole your password through malicious software, changing the password alone is not enough until you clean the device. Proceed thoroughly, as with an infected computer.

7. Warn contacts and watch for damage

  • Alert your friends that fraudulent messages may have come from your account.
  • Watch your finances if it was an account with payments.
  • For a work account, report it to the IT administrator.

How to avoid it next time

  • Unique passwords via a password manager.
  • Two-factor authentication everywhere possible.
  • Beware of phishing, more in the article on how to recognize phishing.

Had an incident and do not know what to do, or want to secure company accounts? Get in touch, we will help with recovery and prevention.

This article is part of our Cybersecurity overview.