Have I Been Hacked? How To Recognize & Recover From a Hack

“Have I Been Hacked?”

The unfortunate truth is that if you’re asking this question, you’ve probably already been hacked. Cybercrime is the fastest growing type of crime in America. According to the FBI's 2022 statistics [*]:

More than 800,000 Americans got scammed online last year, with losses of over $10.2 billion.

Sometimes the signs indicating that you’ve been hacked are minimal: getting logged out of your social media accounts, or a small yet suspicious charge on your bank statement.

Other times, you might not be so lucky and only find out about a hack after hackers empty your bank account, encrypt your data and force you to pay them a ransom, or leak your personal data to the Dark Web.

In this guide, we’ll explain how to tell if you’ve been hacked, what to do to recover from a hack, and how to prevent yourself from being hacked in the future.

{{show-toc}}

How To Tell If You’ve Been Hacked: 20 Warning Signs

Hackers are notoriously sneaky. Signs that you’ve been victimized by cyber criminals can be obvious — or completely unnoticeable.

Here are some of the main warning signs that you’ve been hacked:

1. You get signed out of your online accounts (social media, email, online banking, etc.), or you try to log in and discover your passwords don’t work anymore.
2. You receive emails or text messages about login attempts, password resets, or two-factor authentication (2FA) codes that you didn’t request.
3. You see logins from mobile devices and locations you don’t recognize in your account activity or sign-in logs.
4. You notice strange emails in your “Sent” folder.
5. You start to receive spam emails — especially ones that specifically threaten or try to extort you.
6. Friends or family members tell you they’ve received strange messages from your email or social media accounts.
7. You receive a data breach notification from a company or service that you use stating that your personal info was leaked.
8. You suddenly receive pop-ups that claim your device is infected with a virus.
9. Your devices slow down, heat up, or start to crash more often.
10. You notice browser plugins, add-ons, or toolbars that you didn’t install.
11. You get redirected to unwanted websites, or they open automatically behind your browser window.
12. Your cursor starts moving by itself — when you haven’t touched the mouse or trackpad.
13. There are suspicious charges on your credit card or bank statements.
14. Business partners or potential clients say they’ve had strange interactions with you on platforms that you don’t use.
15. You get a ransomware pop-up on your computer saying your data is encrypted and you need to pay a ransom.
16. Your web camera light is on, even when you’re not using it for video calls or recordings.
17. Your antivirus software is disabled when you haven’t changed anything.
18. You have to keep closing or quitting apps that open on their own.
19. Your cryptocurrency wallet is suddenly missing funds (Or your recognize one of these Coinbase scam emails).
20. Someone has stolen your identity and is using it to commit fraud in your name (opening new bank accounts, issuing new credit cards, taking out loans, making insurance claims, etc.).

Being able to recognize the signs of a hack dramatically improves your chances of avoiding a hack or recovering from an attack. Unfortunately, most people ignore the warning signs of a cyberattack until it’s too late.

What To Do If You’ve Been Hacked

1. Change your passwords
2. Freeze your credit, block compromised accounts
3. Enable strong two-factor authentication
4. Disconnect devices from your Wi-Fi network
5. Scan your devices for malware
6. Lock your SIM card
7. Check for suspicious logins
8. Secure your Wi-Fi network 
9. Unlink online accounts to minimize damage
10. Update your operating system and software
11. Warn your friends and family of the hack
12. Recover access to your hacked accounts
13. Wipe your device and do a clean install
14. Start using a password manager
15. Set up identity theft protection and monitoring
16. File a report with the Federal Trade Commission
17. Start using a “rescue” email address as a backup
18. Use virtual cards when shopping online
19. Turn off location settings on apps
20. Clean up your social media footprint
21. Uninstall apps you don’t use
22. Delete spam emails without opening them
23. Ramp up all of your security and privacy settings
24. Find out what information data brokers have about you
25. Keep devices turned off when not in use

1. Change your passwords immediately

Passwords are often your first — and only — line of defense against hackers. Unfortunately, 53% of people haven’t changed their passwords in the last 12 months [*]. That’s even after learning about a data breach. 

If you see suspicious activity in your accounts and think you’ve been hacked, update all your passwords — not just the ones you know were compromised. It may seem like a lot of work, but it’s the only way to ensure that hackers can’t do any more damage.

What to do:

• Scan the Dark Web (and do a Google search) for compromised accounts. Start with the passwords that are most at risk.
• Update your accounts with secure and unique passwords. These should be at least 8 characters long and contain a combination of letters, numbers, and special characters.

📚 Related: The Best LastPass Alternatives (Free & Paid) →

2. Freeze your credit, and block compromised accounts

If hackers gain access to your credit or banking information, they can do serious damage to your finances.

Start by freezing your credit by contacting each of the three major credit bureaus — Experian, Equifax, and TransUnion. A credit freeze stops anyone from opening new accounts or taking out loans in your name.

Then, contact your bank’s fraud department and tell them what happened. They’ll cancel your cards and accounts and get you set up with new ones.

What to do:

• Freeze your credit by contacting each of the three major credit bureaus.
• Contact your bank’s fraud department and ask them to close your accounts and issue new cards. Some online and mobile banking apps allow you to block a card that’s been lost or stolen; do this immediately.
• Monitor your credit card statements for a few weeks or months after you’ve blocked them to ensure that you can quickly react to any additional signs of fraud.

3. Enable strong two-factor authentication (2FA)

Two-factor authentication (also known as multi-factor authentication) is a security measure that requires a special or additional code along with your account password. It’s one of the best ways to protect your accounts from malicious hackers.

But while most people choose to use SMS for receiving 2FA codes, these can be intercepted through SIM swapping and other hacks. Instead, use an authenticator app. These apps send codes that are only valid for 30 seconds (called “Time-Based One-Time Passwords”) and are much harder to hack.

What to do:

• Enable 2FA on all of your accounts — especially banking, social media, email, and others. Check the 2FA directory to see what accounts support 2FA.
• Choose a reliable authenticator app for receiving codes (for example, Authy, Google Authenticator, or others).  
• Save the back-up codes that you get during setup in a safe place (online and offline).

4. Disconnect hacked devices from your Wi-Fi network

If your device has been hacked, it could infect others connected to the same network. As soon as you see signs of a hack, take your devices offline to minimize damage.

What to do:

• Disconnect your devices from the Wi-Fi network.
• Turn off Wi-Fi on your devices to make sure it doesn’t automatically reconnect.
• If possible, plug an ethernet cable directly from your modem into your devices so that you can continue onto the next step.  

📚 Related: Free VPN vs. Paid VPN — What's The Difference? →

5. Scan your devices for malware

If your device was hacked, you’ll need to find and eliminate the source. The easiest way to do this is by using reputed anti-malware and antivirus software to scan, quarantine, and clean your devices.

What to do:

• Sign up for an antivirus solution. Aura’s all-in-one digital security tool includes powerful antivirus software that you can use right away.
• Run a deep scan and delete quarantined files and apps. Run a secondary scan afterwards to make sure your devices are clean.

📚 Related: How To Tell If Your Computer Has a Virus (and What To Do) →

6. Lock your SIM card

Cybercriminals may try to hack your phone and gain access to your phone number. If successful, they can bypass your 2FA security or even run phone and text scams on your contacts.

How do they do this? SIM swapping (or SIM jacking) occurs when hackers contact your phone provider and trick them into switching your phone number to a different SIM that the hackers then control.

What to do:

• Contact your mobile carrier and ask them to “lock” your account with a PIN or security question.
• Change your SIM card’s default PIN to protect it if your device is stolen. Here’s how to change your PIN on iOS devices (iPhone and iPad) and Android devices.

📚  Related: Can iPhones Get Hacked? How To Tell & What To Do →

7. Check for suspicious logins on your accounts

Check your social media, email, and other accounts for suspicious logins or devices that you don’t recognize. For example, you can use Google’s Activity Log to see if anyone is logged into your Gmail account and then force them to sign out.

What to do:

• Go to “Account Activity,” “Last Account Activity,” “Sign-in Activity,” or “Your Devices” and check for logins that aren’t associated with your devices.
• Take screenshots that show the device type and login location as proof of the hack.
• Then, force a “sign out” on each of the unauthorized devices.
• Immediately change your passwords, and enable 2FA on the compromised accounts.

📚  Related: The Top 5 Identity Theft Protection Apps (iOS & Android) →

8. Secure your Wi-Fi network

Compromised networks and routers give hackers easy access to your devices. Make sure you secure your home network against ongoing attacks.

What to do:

• Check if your Wi-Fi has been hacked by looking for warning signs such as slow internet service, connected devices that you don’t recognize, or changed login credentials.
• If your router has been compromised, do a full reset and change your wireless network’s password. Also, disable remote administration.

9. Unlink online accounts to minimize damage

If you’ve been using social media accounts to log into other accounts (i.e., “Sign in with Facebook”), it’s time to change that. If someone hacks your Facebook account, that person will be able to get into every other account you’ve logged into.  

What to do:

• Remove access to third-party apps from your accounts and set individual, strong passwords for them. Here’s how to do this for Google, Microsoft, Yahoo!, Facebook, Twitter, LinkedIn, Instagram, and Dropbox.

📚 Related: How To Remember Passwords (and Secure Your Accounts) →

10. Update your operating system and software

Outdated operating systems and software often contain vulnerabilities that hackers can exploit. Don’t ignore software updates. As soon as you get an alert, follow through with it.

What to do:

• Check for updates on your operating system. Here’s how to update Windows, macOS, iOS, Android, and Linux.
• Update all of your software. Where available, set up auto-updates to keep your devices safe without any effort.

11. Warn your friends and family members of the hack

If you’ve been hacked, alert your friends and family as soon as possible. Hackers will use your accounts to send your contacts scam messages, links, or attachments that infect their devices with malware.

What to do:

• Call or securely message your contacts to let them know you’ve been hacked. Tell them not to click on any links or attachments that come from you, and to double-check all communications by calling you directly.
• Ask them to take screenshots of all suspicious messages, links, and attachments that they get, but to refrain from opening them.

📚 Related: What Is a Data Breach? (And How To Protect Your Data) →

12. Recover access to your hacked accounts

Make a list of the accounts that you know have been hacked, and then go through the steps to regain access.

What to do:

• Search online for: “how to secure a hacked or compromised [service name] account.” Follow the steps provided by the platform. Here’s how to recover access to hacked accounts with Google, Facebook, Apple, Microsoft, Twitter, Instagram, LinkedIn, TikTok, Snapchat, or Dropbox.      

📚 Related: How To View (and Update) All Of Your Saved Passwords →

13. Wipe your device and do a clean install

Hackers are persistent and creative. Even after running antivirus software, you may still deal with deeply rooted malware. At this point, you’ll want to do a full system wipe and reinstall your OS to completely remove it.

If you’ve followed the steps above and are still having problems with your devices and accounts, you may be dealing with persistent malware. This type of malicious software is designed to live deep inside the operating system, and it takes a full system wipe and OS reinstall to completely remove it.

What to do:

• Erase and reinstall your operating system. Here’s how to do this on macOS and Windows.
• Do regular backups of your essential data and store them offline (in an external hard drive), where no cyber attack can reach them.

14. Start using a password manager

One of the best things you can do after a hack is start using a password manager. This tool securely stores your new passwords (so you don’t have to worry about remembering them) and can warn you if your account credentials have been compromised.

What to do:

• Set up a password manager and start adding your existing credentials.
• View the accounts for which you’ve used duplicate passwords and replace them with new, safe ones from the password management app.

15. Set up identity theft protection and monitoring

Hacking can lead to more serious consequences — including identity theft. If you’ve been hacked, consider signing up for an identity theft protection and credit monitoring service. Select a company that will monitor your sensitive information and accounts in real-time and alert you to potential fraud.

With Aura, you get:

• Financial fraud protection. Aura monitors your credit and bank accounts in near-real time and alerts you of fraud 4X faster than the competition. 
• Instant credit lock. Lock and unlock your Experian credit file with one click from your desktop or mobile app.
• Identity theft protection. Aura can alert you if an online account has been compromised, will monitor your SSN for signs of fraud, and can even reduce the amount of spam calls and emails you receive. 
• Antivirus and Wi-Fi protection for all your devices. Keep your computer, phone, and home network safe from hackers with powerful antivirus software and a military-grade Virtual Private Network (VPN). 
• Family identity theft monitoring for up to five people including children and adults. 
• All adult users on your plan will receive $1,000,000 in coverage for eligible losses due to identity theft. If the worst happens, Aura will be there to walk you through the needed steps to secure your identity and get you back on your feet. 

📚  Related: Is Identity Theft Protection Really Worth It? →

16. File a report with the Federal Trade Commission (FTC)

If you’ve been hacked and your identity was stolen, you need to file a report with several different agencies. These reports are essential for disputing fraudulent charges and protecting yourself and your family from criminal identity theft. 

What to do: 

• File an identity theft report with the FTC on IdentityTheft.gov.
• File a complaint with the FBI’s Internet Crime Complaint Center (IC3).
• File a police report when you discover that you’ve been hacked, especially in cases of identity theft.

17. Start using a “rescue” email address as a backup

Hackers will often try to lock you out of your email account so that you can’t use it to reset passwords. Having a separate “rescue” account can help you regain access to a hacked email account.

What to do: 

• Set up a secondary email address to communicate with friends, family, and even law enforcement. 
• Add it as an alternative email address to your main accounts, so you can access those accounts if you need to. Here’s how to set up a rescue email address for Google, Microsoft, Yahoo, and Apple. 
• Set trusted contacts to help you regain access in case of an account takeover. Here are the instructions for Google, Yahoo, and Apple.

18. Use virtual cards when shopping online

If your credit card information is available online, hackers can find it and ruin your credit standing. Instead, opt for “virtual cards” that encrypt your credit card data so that if you get hacked, scammers can’t use your card. 

What to do: 

• Create and use disposable virtual cards for online and in-person payments, such as with Apple Pay or Google Pay. 
• Go to your online banking app and find the option to issue a virtual card. This hides your main card’s details and is easy to block or discard. 

19. Turn off location settings on apps

Location settings offer rich data to cybercriminals and scammers, and even to offline thieves. 

What to do: 

• Turn off location settings on your phone, and only use them when absolutely necessary.
• Protect your personal information on social media, and don’t post public check-ins or tag your posts with real-time locations. 

📚 Related: Is McAfee Identity Theft Protection Worth It in 2023? →

20. Clean up your social media footprint and practice privacy hygiene

Hackers use your social media posts, search history, and all the other data in your online footprint to hack you. Take some time to clean up your accounts and update your privacy settings.

What to do: 

• Update your privacy settings on social media to only allow close friends and contacts to view your profile. 
• Remove any identifying information, such as addresses, phone numbers, photos, and videos. 
• Consider removing location data from your old posts where possible. Here’s how to do it on Instagram, Facebook, Twitter, and TikTok.

📚  Related: TikTok Parental Controls: How To (Safely) Set It Up for Kids →

21. Uninstall apps you don’t use

Dormant apps and unused accounts are easy targets for scammers. Cyber security specialists suggest you minimize the amount of apps, accounts, and devices that you use. 

What to do: 

• Uninstall apps on your phone that you haven’t used in a while. 
• Back up the important data on your phone (the cloud is the easiest option) so that you don’t lose it if your phone gets stolen or hacked.

📚 Related: How To Remove Viruses and Malware From an Android →

22. Delete spam emails without opening them

Opening spam emails gives fraudsters and malicious hackers a lot more information about you than you realize. When you receive a spam email, resist the urge to open it or respond. Instead, delete it right away. 

What to do:

• Delete spam emails (and mark them as spam) as soon as you receive them. Try not to open them and never click on a link or download an attachment from someone you don’t know. 
• Keep your inbox clean to make it easier to spot spam emails. Regularly delete old emails that you’ve both sent and received, especially those containing documents, data, or even old passwords. Permanently delete them from your trash folder as well.

23. Ramp up all of your security and privacy settings

Every device, app, and service you use has its own security and privacy settings. Make sure you’re taking full advantage of all of them. 

Here’s how to update your security and privacy settings on:

24. Find out what information data brokers have about you

Data brokers have built thriving businesses by scraping the internet and public databases for your data, aggregating it into a rich profile, and then selling it to the highest bidder. Luckily, you can contact data brokers to have your information removed. Or better yet, get Aura to do it for you.

What to do: 

• Search your name on this list of U.S.-based data brokers, and then submit a request to have your information removed. 
• Check back to see if they removed your data after the legal term they stated in their reply.

25. Keep devices turned off when not in use

Every one of your internet-connected devices is a target — especially if you don’t use them often or when you don’t keep their software up to date.

What to do: 

• Turn off Internet-connected devices while you’re not actively using them. 
• Pay special attention to Internet of Things (IoT) gadgets, such as Home Assistant, smart doorbells, or connected surveillance cameras.

What Can Happen If You Get Hacked?

Hackers don’t just want money or personal information — although those are the usual targets. Sometimes they’re gathering intelligence or resources for a larger attack (like going after your workplace or friends). 

The wide range of consequences from a hack make it hard to understand just how dangerous getting hacked can be. But the fallout is massive — both on a personal and a professional level. 

Hackers are masters at hiding their scams. On average, it takes organizations 287 days to identify and contain a data breach [*]. Worse, some individuals are continually hacked for years on end.

And even when they discover the hack or data breach, 56% of Americans say they don’t know what steps to take [*]. 

But obtaining digital security and online safety shouldn’t feel like you’re fighting a losing battle. 

How To Protect Yourself From Hackers

After you’ve secured your hacked accounts, it’s time to make sure you can’t get hacked again.

Here are some of the best ways you can protect yourself from common cyber attacks and online threats:

Protect your personal data against data breaches

Scammers use personal data leaked in data breaches — like passwords, Social Security numbers (SSNs), and more — to hack your accounts or steal your identity.

Don’t assume you’re safe just because you haven’t heard about a breach. 64% of Americans have never checked to see if they were impacted by a data breach [*].

How to protect yourself from a data breach:

• Limit the amount of information you share with companies when opening new accounts. Try to only choose companies with proven track records of digital security.
• Use long, complex, and unique passwords for each of your accounts.
• Sign up for an identity theft protection service like Aura that offers Dark Web scanning. This will alert you if any of your information has been leaked in a breach.

Learn to recognize social engineering attacks

Hackers don’t just hack devices and accounts — they often hack you as well.

Social engineering attacks use human psychology to trick you into giving up passwords or access to your accounts and devices. This can include phishing emails, scam texts and calls, romance scams, and business email compromises.

How to protect yourself from social engineering attacks:

• Pause before reacting — especially when asked to click on a link, download an attachment, or enter your information. This will give your brain and body a chance to regroup and avoid knee-jerk reactions.
• Learn to recognize the signs of an online scammer. Remember, even politicians and scam baiters have fallen victim to hackers’ phishing links.

Secure your devices against hidden malware attacks

Malicious software gives criminals access to your devices, software, and data. Hackers can infect your devices using phishing websites, malware-laced attachments, malicious QR codes, or links sent via email, text, or social media.

How to protect your devices against malware:

• Keep devices and operating systems updated. This prevents hackers from exploiting vulnerabilities in outdated software.
• Install antivirus on every device that you regularly use. It will filter your traffic, identify infected files and apps, and quarantine them before they can do any damage. Aura’s antivirus will even warn you if you’re entering a potential phishing website.

📚  Related: What Is Cyber Hygiene? 10 Easy Habits That Will Keep You Safe Online →

Safeguard your Wi-Fi network with a VPN

Public and even home Wi-Fi networks are notoriously easy to hack. Once hacked, your router provides easy access to all the devices connected to it, including laptops, smartphones, tablets, surveillance cameras, smart doorbells, Home Assistant software, and more.

How to protect your Wi-Fi network:

• Keep your router’s firmware up to date, and deactivate the remote administration option.
• Change your credentials from default to complex ones so that they are difficult to break during automated brute-force attacks.
• Protect your network with a VPN that adds an additional layer of encryption to all outgoing and incoming internet traffic.

Block “shoulder surfing” scammers in public places

Most people aren’t aware of how visible their phone’s PIN (and online banking password or code) is to the person standing behind them. By “shoulder surfing,” hackers can steal your account information, passwords, credit card numbers, and more.

How to protect yourself from shoulder surfers:

• Always pay attention to your surroundings while logging into sensitive accounts or unlocking your phone with a PIN code.
• Whenever possible, use biometric authentication options such as Face ID or fingerprint sensors to secure your devices.
• Start using a password manager that automatically fills in your credentials, hiding them from malicious onlookers.

The Bottom Line: Protect Yourself From Hackers

Getting hacked reveals just how much the safety of your data, personal life, job, and reputation depend on digital security.

To stay safe, learn how to recognize threats, recover your accounts, and avoid similar situations in the future. And for ultimate security, consider signing up for an identity theft protection service like Aura.

Aura covers all aspects of your digital life — from identity theft and account protection to credit monitoring — and provides you with a password manager, antivirus software, and a Virtual Private Network (VPN). And if the worst should happen, you’re covered by a $1,000,000 insurance policy for eligible losses due to identity theft.

Keep hackers out of your digital life. Try Aura free for 14 days →