You know that stomach-drop moment? When you spot a login alert from a city you’ve never visited. Or your friend texts asking why you’re suddenly spamming them. Maybe it’s that dreaded “Your password was reset” notification except you never touched it.
Here’s your one job right now: shut this down in the next 10–30 minutes, then take back what’s yours. Data breaches in the United States have nearly tripled since 2020, with a record 3,205 data breaches in 2023. That staggering number tells you something important: this happens to regular people every single day, and your response speed determines the outcome.
This blog walks you through device-specific and account-specific steps to take after being hacked for email, social platforms, banking, phones, and computers.
Reclaim Your Compromised Account (Core What to Do If Your Account Is Hacked)
You’ve stopped the bleeding and established a secure workspace. Now let’s evict the attacker permanently.
Reset Your Password The Right Way
Only use the official website or app for password resets, never click password reset links inside emails. Generate a completely unique password, 16 to 24+ characters, using your password manager.
Reused that same password anywhere else? Change it everywhere, starting with email, banking, and your Apple or Google account. Password reuse is exactly how one breach cascades into five.
Upgrade your MFA
Enable multi-factor authentication with an authenticator app (TOTP) or better yet, passkeys and security keys. Currently using SMS codes? Consider switching SIM-swap attacks to make SMS vulnerable. Save your backup codes somewhere secure, like your password manager. Verify the attacker hasn’t registered their own MFA device or changed your existing method.
Erase Attacker Backdoors
Dive into “Security,” “Recent activity,” “Devices,” or “Sessions” sections and terminate every active session. One reliable way to check if you’ve been hacked is looking for login locations, devices, or timestamps that don’t match your actual patterns or places you’ve been.
Hunt for email forwarding rules, suspicious filters, auto-replies. Check Google or Microsoft for connected third-party apps. Look for API tokens in GitHub. Review OAuth app permissions everywhere. Verify your account profile hasn’t changed: recovery email, phone number, username, admin roles, payment details.
Secure Your Recovery Pathways
Switch your recovery email to a secure address you control completely. Replace guessable security questions with randomized answers stored safely in your password manager. Activate alerts for login attempts, password changes, MFA updates, and payout modifications instant notifications if someone tries again.
Why Email Comes First (It’s Your Master Key)
Individual account security matters, but your email inbox unlocks literally everything else so recovering it correctly happens before all other resets.
Email Recovery Sequence
Reset your email password and kill all active sessions before touching other accounts. Examine mailbox rules, forwarding settings, delegation permissions delete unknown send-as access. Search your inbox for “password reset,” “verification,” and “security alert” to map what they accessed or modified during their time inside.
Platform-Specific Shortcuts
Google: use security checkup and review suspicious activity. Microsoft: check aliases, sign-in activity, security info. Yahoo and Apple: review trusted devices and account status. Start there if you’re locked out.
Clean Your Devices and Network (Prevent Reinfection After Recovery)
Securing accounts means nothing if malware or network compromises silently feed your new credentials back to the attacker. Time to eliminate those infection vectors.
Hunt For Malware And Infostealers (Today’s Common Attack)
Run a trusted antivirus or EDR scan, then run a second scan with a different tool. On average, it takes 46 days for a company’s stock price to rebound to pre-breach levels, and not all companies are able to fully recover (Harvard Law School Forum on Corporate Governance). That same “lingering damage” pattern hits personal devices persistent malware guarantees your recovery fails.
Look for infostealer signs: new startup items, unfamiliar macOS profiles, odd Windows scheduled tasks, browser credential theft alerts.
Harden Your Router And Wi‑fi
Change your router admin password, update firmware, disable remote admin access and WPS. Create a new Wi‑Fi password and move IoT devices to a guest network. Check DNS settings for hijacking and configure secure DNS if appropriate.
Protect Your Identity and Money (Critical Steps to Take After Being Hacked)
Devices cleaned, accounts secured. Next priority: stopping financial fraud and identity theft that may already be underway.
Lock Down Your Finances
Call your bank or credit card fraud department immediately and dispute unauthorized charges. Update banking credentials, enable transaction notifications, set transfer limits. Review linked payment services PayPal, Venmo, Apple Pay, Google Pay and remove unrecognized devices.
Credit And Identity Defense (Fast, High-Impact Moves)
Freeze your credit at all major bureaus: Experian, TransUnion, Equifax. Each requires separate contact. Place a fraud alert if you can’t freeze immediately. Monitor for new accounts through banking alerts, credit monitoring, and IRS or tax account verification where applicable.
Complete Hacked Account Recovery Steps (Your 1–7 Day Plan)
You’ve handled the crisis. Now implement a systematic 1–7 day recovery plan that closes every backdoor the attacker might have planted.
Password Rotation Sequence That Prevents Chain Reactions
Priority order: email → financial → Apple or Google → social → shopping → subscriptions. Use your password manager to generate and store unique passwords everywhere. Replace weak or duplicated passwords and close accounts you don’t use. This sequence stops attackers from jumping between accounts using old credentials.
Security Audit Checklist (Confirm The Attacker Is Gone)
Verify no unknown devices exist, no forwarding rules remain, no new admins were added, no new API tokens exist. Review sign-in logs when available, document findings, save everything. Set up breach alerts and dark web monitoring, then respond to matches as they appear. This audit catches any hidden persistence you missed.
Getting Back In When You’re Completely Locked Out (How to Recover a Hacked Account)
What if you can’t even start the password reset because the attacker changed everything? Here’s your escalation roadmap to regain access.
Recovery Verification Strategies (And Pitfalls To Avoid)
Use official recovery forms only to avoid third-party “recovery” services. Provide accurate account creation details: approximate signup date, previous passwords you remember, billing receipts. If phishing was the attack vector, report the phishing domain and email to the provider’s abuse team. Platforms respond seriously to fraud reports with specific details.
Taking Back Control After a Breach
What to do after a hack boils down to speed plus thoroughness. You now know how to recover a hacked account by disconnecting fast, securing email first, cleaning devices, protecting your identity, and auditing every access point. The hacked account recovery steps you execute over the next few days determine whether you’re truly done or whether the attacker returns.
Don’t skip the tedious steps forwarding rules, OAuth apps, recovery channels those are exactly where attackers hide. Lock them out completely, fortify your future defenses, and you’ll make their next attempt exponentially harder.
Common Questions After a Security Breach
Can I be hacked even if I have MFA enabled?
Yes, attackers can bypass MFA through phishing, SIM swaps, or session hijacking. Using authenticator apps or passkeys instead of SMS codes significantly reduces this risk and adds stronger protection.
Should I change passwords first or scan for malware first?
Disconnect from the internet, then scan for malware on a separate device. Change passwords using a clean device or network to prevent keyloggers from capturing your new credentials immediately.
Which accounts should I secure first after a hack (priority order)?
Start with email, then financial accounts, followed by Apple or Google, social media, shopping, and subscriptions. Email controls password resets, so securing it first prevents attackers from re-compromising everything.
Is SMS MFA safe, or should I switch to passkeys or authenticator apps?
SMS MFA is vulnerable to SIM swaps and interception. Switching to passkeys or authenticator apps provides stronger security because they’re not tied to your phone number and can’t be easily hijacked.
