Was Your Microsoft Account Hacked? Don’t Panic!
A hacked Microsoft account can expose your sensitive information to scammers — including your name, emails, passwords, photographs, and more.
That’s what happened to a woman named Gina. After her Microsoft account was hacked, cybercriminals used Gina’s stolen Social Security number (SSN) and images of her driver’s license in scam letters sent to elderly couples in Texas [*]. But while the targets of the scam saw through it, Gina’s identity continues to be used.
According to Microsoft Security’s 2022 Digital Defense Report [*]:
There are 921 password attacks on Microsoft accounts every second — an increase of 74% since 2020.
Scammers know the value of the information and data stored in Microsoft user accounts and may target you with any number of scams and phishing attacks.
In this guide, we’ll explain how to identify a compromised account, ways to recover a hacked account, and cybersecurity tips that will help you increase your Microsoft account security.
How To Tell If Your Microsoft Account Has Been Hacked
Hackers target Microsoft accounts because they can use these accounts to access several different services — including your Outlook email account, OneDrive storage, Microsoft Teams, and Azure portal.
Scammers can even use your Microsoft account information to get into your Skype account, calendar, and any connected services such as Xbox Live or Minecraft.
Hackers may use many different methods to break into your Microsoft account, including phishing, brute force, and various account takeover tactics. According to Microsoft, however, you can thwart 99.9% of these attacks by setting up multi-factor authentication (MFA) [*].
It can also help to recognize hacking warning signs. If you spot any of the following suspicious activity, your Microsoft account may be compromised:
- You can’t log in to your Microsoft account. This is the most obvious warning sign indicating that hackers have access to your account. Scammers change your login information to lock you out so that they have full access to your Microsoft account and any other associated services.
- There are strange messages in your Outlook “sent” folder. This could indicate that your email was hacked and the infiltrator has sent emails to your contact list. It could also be caused by malware auto-sending emails.
- Someone has changed your address, email, or contact details. You can only change your account information from the inside, so this likely means hackers have access to your account. If they change your security information — such as your alternate email and phone number — they could lock you out completely.
- Mail forwarding was recently added to your account. If you stop receiving mail in your Outlook account, cybercriminals may be forwarding your emails to another address. Hackers may also apply mail handling rules that forward your mail.
- You receive strange notifications (password reset requests, changes to account details, etc.). If a scammer tries to reset your password or make account changes, you may receive a notification. If Microsoft doesn't recognize the device accessing your account, it may flag the device and alert you of the unusual activity.
- Your email signature looks different. Fraudsters often change the email signature on hacked accounts to make them appear more official. If your account suddenly includes a strange signature, someone else could have access to it.
- The recent activity log doesn't fit. You should regularly check your recent activity page for your Microsoft account. This will tell you when and where account activities took place over the last 30 days.
- Other strange activities. Other possible signs of hacking may include missing emails and new emails (that appear to already be read) in Outlook.
What To Do If Your Microsoft Account Was Hacked
- Make sure your device hasn’t been hacked or compromised
- Reset your Microsoft account password
- Enable or update two-factor authentication
- Review and sign out of all active sessions
- Remove any third-party apps that have been added to your account
- Make sure you don’t have email forwarding enabled
- Scan the Dark Web for your personal information and passwords
- Update your passwords and security for other online accounts
- Consider signing up for a digital security provider
If you notice red flags and think your Microsoft account has been hacked, you need to act quickly before the situation escalates. Follow the recovery steps below to regain ownership of your Microsoft account from hackers.
1. Make sure your device hasn’t been hacked or compromised
If cybercriminals have access to one or several of your devices, they might be able to get back into your Microsoft account — even after you reclaim it. To make sure this doesn't happen, you need to clean out your devices first.
Here’s what to do:
- Pay attention to unusual behavior. Take note if your device slows down or heat ups, and look out for unauthorized changes to your device — such as new browser homepages or plugins.
- Look at the task manager. Open your Task Manager (on Windows) or Activity Monitor (on Apple devices), and check out the processes running. If you see something out of the ordinary, it may have been put there by a hacker.
- Run antivirus software. An antivirus scan can identify, quarantine, and remove infected files and programs. Good software also monitors your devices and blocks malware and malicious websites in real time.
2. Reset your Microsoft account password
After clearing your device of any intruders, you’ll want to change passwords immediately. For your new passwords, stay away from personal information, and avoid storing it in your device (just in case someone has or gets access to it).
Here’s what to do:
- If your old password still works: Visit the Security tab in the account menu. Select "Change my password" and create a new and complex password.
- If your old password no longer works: Select "Forgot password." Verify your identity with a recovery or alternate email address or phone number. Use the provided verification code to change your password.
- If you no longer have access to your recovery devices: Use Microsoft's sign-in helper tool to recover your account. You can also contact support or submit a Microsoft account recovery form. Microsoft support will review the information provided and respond within 24 hours. For troubleshooting help with the Microsoft account recovery process, follow this guide.
3. Enable or update two-factor or multi-factor authentication (2FA/MFA)
Two-factor or multi-factor authentication requires at least two forms of identification, such as a password and a passcode sent to another device or account. If you don't have this set up, it could be the reason why your Microsoft account was hacked. If you do have it, hackers may have access to your device or alternate account as well.
Here’s what to do:
- Add 2FA/MFA. Click on "More security options" in your Microsoft account and enable 2FA. Here, you can enter an alternate or recovery email address or phone number. You can also download the Microsoft Authenticator app on your device to use your fingerprint, pin, and face recognition [*].
- Update 2FA/MFA. Click on "Advanced security options" in your Microsoft account — and then "Add a new way to sign in or verify." This will allow you to add a new email address or phone number. You can also remove or replace outdated security information by selecting "I don't have any of these" when prompted.
4. Review and sign out of all active sessions
Your Microsoft account keeps a log of all activity for the previous 30 days. This will help you monitor and flag any suspicious activity. You should keep a close eye on your accounts to ensure that you're aware of anything going on.
Here’s what to do:
- Review your recent activity. In the privacy section of your account page, you can find your activity history. If Microsoft has flagged any activity as unusual, you will be able to expand it and confirm whether "This was me" or "This wasn't me" [*].
- Sign out of active sessions. You should manually sign out of all your accounts if you can still log in. In Office 365, you can select an active user and "Initiate sign out" under the Onedrive tab. This will sign you out of all Office 365 sessions. You can also revoke 365 user sessions via the SharePoint Online PowerShell Module and AzureAD V2 PowerShell Module [*]. In Outlook, click on "View account" and then "Sign out everywhere."
5. Remove any third-party apps that have been added to your account
Microsoft allows you to give third-party apps permission to communicate and integrate with your Microsoft account. While convenient, this can be a security issue — especially if hackers have access to one or more of your accounts.
Here’s what to do:
- Remove third-party access. In the Privacy section of your account page, click on "Other privacy settings." Navigate to the "Apps and services" and click on "Apps and services you've given access." For any third-party apps that you want to revoke, click on "Edit" and then "Remove these permissions."
- Manage permissions in the My Apps portal. Organizations that use the My Apps portal can hover over an application and select "Manage your application" [*]. They can then click on "Revoke Permissions" for any app that they wish to block.
6. Make sure you don’t have email forwarding enabled
You can forward emails from your Microsoft account to other email addresses by setting up automatic forwarding or inbox rules. However, hackers can also use this feature to keep you from getting your emails. Here's how you can check and remove this feature.
Here’s what to do:
- Remove automatic forwarding. In your Outlook settings, click on "Mail" and then "Forwarding" [*]. Check to see if someone has turned on email forwarding, and take note of the email address listed. Turn off forwarding by unchecking the "Enable forwarding" box.
- Remove inbox rules. You should also check if someone added inbox rules to your account. Click on "File" and then "Manage Rules & Alerts" [*]. Here, you can review and remove any unauthorized rules, such as “Auto-delete” or “Forward Emails.”
- Remove auto-replies. If cybercriminals have access to your email, they could set up an auto-reply that responds to anyone who contacts you — possibly embedded with a malicious file. To check and remove this threat, click on "Settings" in your account, then "Accounts," and "Automatic Replies."
7. Scan the Dark Web for your personal information and passwords
When hackers get a hold of your personal information and passwords, they can leak, share, or sell them on the Dark Web. With a Dark Web scanner, you can check the places where hackers typically sell and trade this information — potentially even spotting your details before they get used.
Here’s what to do:
- Start with a free scanner. You can search the Dark Web for your email address by using Aura's free Dark Web scanner. Aura will check for various breaches and leaks and inform you when the breach took place and what password was leaked.
- Follow up with a Dark Web monitoring service. While free scanners can look for breached passwords, a full Dark Web monitoring service (like the one included with all Aura plans) monitors the Dark Web for your more sensitive information — including leaked SSNs, driver’s licenses, passports, and credit card numbers.
💡 Related: What Is Dark Web Monitoring? How Does It Work? →
8. Update your passwords and security for other online accounts
If hackers got your password for your Microsoft account, there's a good chance they have access to your other online accounts as well — especially if you use the same password in other places.
If a Dark Web scan reveals a password leak, start cleaning up all of your online accounts.
Here’s what to do:
- Check your Google account passwords. Google has a password manager [*], which shows you all the places where your password has been saved in your Google Account. You can also use the Password Checker to see where your passwords are compromised, reused, or weak [*].
- Check your iPhone and iPad passwords. In your iOS device's settings, click on "Passwords" to see all the places where you have saved a password or passkey. You can also change your passwords in this section.
9. Consider signing up for a digital security provider
A solid digital security provider can help you prevent hackers from breaking into your accounts and devices, monitor your accounts in case of an intrusion, and recover from any damages.
Here’s how Aura’s all-in-one digital security solution protects your accounts, identity, and data:
- Prevents future hacks. Every Aura plan includes digital security tools powered by artificial intelligence (AI), such as antivirus, a military-grade virtual private network (VPN), password manager, Safe Browsing tools, and spam call and text protection.
- Monitors your accounts. Aura monitors your most sensitive personal information and account credentials across the Dark Web, public records, and even your credit report. You’ll get a fraud alert in near real-time if anything suspicious is detected.
- Helps you recover from damages. Aura provides 24/7/365 support from White Glove Resolution Specialists who will walk through the recovery and remediation process. In addition, every adult on your Aura plan receives a $1,000,000 insurance policy that covers eligible losses resulting from identity theft.
How To Protect Your Microsoft Account From Hackers
Once you recover a hacked Microsoft account, it’s important to take the necessary steps to ensure that it doesn’t get compromised again.
Here are some strategies to protect your Microsoft account from future threats and attacks:
- Use strong and unique passwords. Make sure you’re not repeating passwords across accounts, as this can put you at risk if any account gets breached. Instead, make sure you’re always using unique and strong passwords that combine uppercase and lowercase letters, numbers, and symbols.
- Store your credentials in a secure password manager. Using a password manager allows you to create and store unique and complex passwords without having to remember them. You’ll have easy access to all of your credentials and sensitive data with a single master password.
- Always enable two-factor authentication, ideally with an authenticator app. Gain an extra layer of security with 2FA or MFA on your accounts. Consider installing the Microsoft Authenticator app to your device to improve security even further [*].
- Regularly review your account’s contact information. Go through your contact and security information to verify that it's up-to-date and accurate. This will ensure that no one changes any of your data without your knowledge, and will also make it easier to recover your account should you be the victim of a scam or breach.
- Learn to spot the warning signs of phishing scams. You're far less likely to fall for scams if you know what they look like. Educate yourself about the red flags, and be on the lookout for phishing signs (and attachments) whenever you open an email or visit an unfamiliar website.
- Use a VPN when accessing public Wi-Fi or unfamiliar networks. Connect to public Wi-Fi networks or hotspots by using a secure VPN to encrypt your personal information and traffic — hiding it even if someone is watching.
- Don’t ignore device and software updates. You might be tempted to delay software and device updates, but this can put you and your device at risk. These updates may patch vulnerabilities or improve security features to better protect you.
- Secure your devices with antivirus and digital security tools. With antivirus software on your devices, you can catch, block, and remove malware, spyware, and other viruses before they do damage. Aura also provides Safe Browsing tools to block malicious websites and ad trackers that can compromise your privacy and security.
- Consider monitoring your credit, bank, and online accounts. Get in the habit of regularly monitoring your online and financial accounts in order to spot irregularities and unauthorized actions as early as possible.
- Practice good cyber hygiene. The less information that you make available, the less hackers have to exploit. Consider sharing less online, consistently reviewing your privacy settings, and disabling and removing unused apps on your devices.
The Bottom Line: Don’t Let Scammers Access Your Microsoft Account
Microsoft accounts make attractive targets for hackers and scammers because they open the door to your email, sensitive data, and many other online accounts. While you can manually secure and monitor your accounts to defend them against attackers, you don't have to do it alone.
Aura's all-in-one digital security solution helps you safeguard and monitor your devices and accounts to prevent scams, breaches, and theft. Aura provides you with AI-powered digital security tools — along with award-winning identity theft protection, credit monitoring, 24/7 U.S.-based fraud resolution support, and $1 million in identity theft insurance coverage.