This article is brought to you by Aura.
Watch the video to see how we protect you online.
This article is brought to you by Aura. Watch the video to see how we protect you online.
Start Free Trial
4.7 stars on Trustpilot
Close Button
What is Aura? (1:10)

What To Do If You Were Hacked: How To Recover Hacked Accounts

As soon as you see signs that your accounts or devices have been hacked, act quickly to remove malware, regain access, and minimize the damage.

As soon as you see signs that your accounts or devices have been hacked, act quickly to remove malware, regain access, and minimize the damage.

Illustration of a laptop screen with a question mark

Aura’s app keeps you safe from scams, fraud, and identity theft. Try Aura for free.

4.6 stars as of Sept. 2024

In this article:

    In this article:

      See more

      Aura’s digital security app keeps your family safe from scams, fraud, and identity theft.

      See pricing
      Share this:

      “Have I Been Hacked?”

      The signs of a hack can be immediate and obvious — such as being locked out of an account, or getting notified about a suspicious password reset request; or the signs can be more subtle and hard to spot — like discovering small yet unauthorized charges on your credit card, or noticing slight changes to your device’s look and performance.

      Hackers can find stolen credentials in data breaches, prompt you to click on links in phishing emails, or trick you into downloading malware.

      The unfortunate truth is that how you got hacked is less important than what you do once you’ve become a victim. 

      Regardless of whether you think or know you’ve been hacked, your response should be the same: act quickly to secure your accounts and prevent hackers from accessing your devices, data, and financial accounts. 

      What To Do If You’ve Been Hacked

      1. Ensure that your device isn’t infected with malware

      Before you try to recover a hacked account, make sure you haven’t accidentally downloaded malware onto your device. Hackers use malicious software to give them “backdoor access” to your laptop, iPhone, or Android device. If you don’t remove malware, it puts you at risk of being continually hacked. 

      You can try to manually remove malware from your computer or Android or iOS mobile device, but a better option is to download antivirus software.

      Which antivirus software can you trust? Typically, you want to avoid free antivirus software, as it likely won’t offer much more security than your device’s built-in protection. Instead, sign up for Aura for as little as $3/month to get access to a full suite of digital security tools, including advanced antivirus software.

      2. Recover your hacked accounts, and sign out of other devices

      Once you’ve cleared any malware from your device, it’s time to regain control of hacked accounts. Most hackers use leaked login credentials to gain access to their victims’ accounts. This can be especially dangerous if they access sensitive information — such as work, email, or online banking accounts. 

      As soon as you’re locked out of an account or see suspicious activity, follow the service’s step-by-step instructions on how to regain access. 

      Here are the account recovery processes for some of the most commonly used services:

      Note: Every service has its own process for securing a compromised account. If you don’t see the one you’re looking for in the list above, you can search online for: “how to secure a hacked or compromised [service name] account” to find the exact steps you need to take.

      3. Change passwords, and enable two-factor authentication (2FA)

      Even if your account wasn’t fully hacked, take the opportunity to update your passwords and security questions, and enable additional account safety measures, such as 2FA

      • Update your accounts with new passwords that are at least 10 characters long and combine uppercase and lowercase letters, numbers, and special characters.
      • Make sure every one of your online accounts has its own unique and strong password. Avoid reusing passwords whenever possible.
      • Use a password manager to create stronger passwords, and store them with a single, secure, and easy-to-access tool. 
      • Enable two-factor authentication on any account that will allow it — ideally by using an authenticator app like Authy or Google Authenticator to receive your 2FA codes. Enabling 2FA has been shown to stop an estimated 30 to 50 percent of hacking attacks [*].

      📚 Related: Here’s What To Do After a Data Breach

      4. Remove linked accounts and payment details

      Your digital life is most likely interconnected — with multiple services using the same login information, third-party logins (such as “Sign in with Google” or your Facebook account), and even linked credit card details. 

      After a hack, you need to untangle these connections to ensure that hackers can’t gain deeper access to your data or financial information. 

      • Remove access to third-party apps from your accounts, and create individual logins for every online service you use. Here’s how to do this for your Google, Microsoft, Facebook, Twitter, LinkedIn, Instagram, and Dropbox accounts.
      • Avoid linking your credit card information to online accounts or saving payment methods with merchants. If you must, use a virtual card so that it can be easily canceled in the event a hacker gains access.
      ⚡️ Get warned fast if hackers are trying to steal your money. Aura’s Ultimate plan combines antivirus and digital security tools with credit, financial account, and identity monitoring to warn you in near real-time of fraud — plans start at $3/month.

      5. Contact any impacted organization (such as bank or government agencies)

      If you suspect hackers have access to your bank account or government benefits, contact each impacted company to let them know you’re a victim of fraud. 

      In many cases when you’ve lost money, the sooner you report the fraud, the better chance you’ll have of recovering stolen funds. For example, the Fair Credit Billing Act (FCBA) limits consumer liability for credit card fraud to $50 in most cases — as long as you report the fraud in a timely manner.

      • Contact your bank’s fraud department, and ask them to close your accounts and issue new cards. Some online and mobile banking apps allow you to block a card that’s been lost or stolen; do this immediately.
      • If a hacker gained access to a government benefits account, report the fraud with the agency providing the benefits.

      6. Disconnect hacked devices from your Wi-Fi network

      If your device has been hacked, it could infect other devices connected to the same network. As soon as you see signs of a hack, take your devices offline to minimize damage — either by disconnecting from your Wi-Fi network or by unplugging your device’s ethernet cable (or both).

      📚 Related: How To Tell If Your Wi-Fi Is Hacked (And How To Fix It)

      7. Consider freezing your credit or signing up for fraud alerts

      Hackers can use your stolen information to take out credit cards and loans or open new accounts in your name — and ruin your credit score. A credit freeze prevents scammers from accessing your credit file, therefore stopping most attempts to take out credit in your name. 

      To freeze your credit, contact each of the three major credit bureaus individually — Experian, Equifax, and TransUnion:

      Experian
      Equifax
      TransUnion
      1-888-397-3742
      1-800-685-1111
      1-888-909-8872
      Experian Security Freeze — P.O. Box 9554, Allen, TX 75013
      Equifax Information Services LLC — P.O. Box 105788, Atlanta, GA 30348-5788
      TransUnion LLC – P.O. Box 2000, Chester, PA 19016

      What if you can’t freeze your credit? If you’re going to be applying for credit soon (such as for a mortgage or auto loan), you won’t be able to freeze your credit. Instead, ask for a fraud alert. This is a flag on your credit report that tells lenders to take extra steps to verify your identity. It’s not as secure as a credit freeze, but it can still help you protect your credit in the short term. 

      8. Warn your friends, family, and contacts that you’ve been hacked

      Hackers may use your hacked accounts to send your contacts scam messages, links, or attachments that infect their devices with malware. If you’ve been hacked, it’s a good idea to reach out to friends and family and tell them to check with you directly about any strange or suspicious messages coming from your accounts. 

      9. Wipe your device, and do a clean install

      If you’ve followed the steps above and are still having problems with your accounts and devices, you may be dealing with persistent malware. This type of malicious software is designed to live deeply inside your device’s operating system, often requiring a full factory reset and OS reinstall to completely remove it.

      Here’s how to perform a factory reset on both macOS and Windows devices.

      Note: This step will delete all files, downloaded apps, and settings on your device (and still might not remove all viruses). Ensure that you have a secure backup to restore your data before doing a factory reset.

      10. Keep a lookout for signs that someone has access to your accounts or device

      The full impact of a hack might not be apparent until weeks or months later. Continue to monitor your accounts for unusual activity, such as: 

      Warning sign
      Example
      What to do
      Suspicious logins
      Login notifications from mobile devices or locations that you don’t recognize are a glaring sign that your device is compromised.
      Force any unknown devices or sessions to “sign out” and immediately change your password.
      Higher battery and/or data usage or poor device performance
      This often points to a malicious software or process draining your device’s processing power.
      Run antivirus to quarantine and remove any malware or unwanted applications.
      You’re locked out of an account
      If the “Reset Password” option isn’t working, this could mean someone hacked your account and changed your credentials and recovery email.
      Contact the company or service for advice about recovering your account.
      Changes to settings
      If you notice that your camera, microphone, or location settings and permissions have been altered, it could be the result of a hacker trying to monitor you.
      Use antivirus software to clean any malware from your device.
      Password reset emails
      If you didn’t request to change your password but received a password reset email, this usually means a hacker is trying to access your account.
      Update your passwords, and enable 2FA immediately.
      Incessant ads and pop-ups
      If you’re seeing an unexplained influx of ads and pop-ups, your device is likely infected with adware.
      Run antivirus software to remove unwanted adware, and then clear your browser’s cache.
      🛡️ Award-winning protection for all of your devices. Aura protects you with advanced antivirus software, a military grade VPN, secure password manager and more — plans start at just $3/month.

      Whom Should You Contact If You’ve Been Hacked?

      There are several resources that can help if you’ve been hacked — but the person or organization that you should contact depends on what was compromised and the extent of the damage.

      • The FBI’s Internet Crime Complaint Center (IC3). The IC3 investigates cybercrimes including hacking, ransomware, elder fraud, and more. Filing a complaint with the IC3 can help the FBI investigate the crime, and the information you provide can help freeze any stolen funds.
      • IdentityTheft.gov. If hackers find out enough information about you, they could steal your identity. If this happens, file an identity theft report with the Federal Trade Commission (FTC) at IdentityTheft.gov.
      • Local police. File a report with your local police department if you suspect the hacker is someone you know personally or if you feel that your safety is being threatened.
      • The impacted company, service, or agency. Let them know their service was compromised, and provide them with any information you have about the person who hacked you along with security concerns that other users should be aware of.
      • Your company’s IT department. If the account affected was a business account, or if you’re using a company-owned device, notify the IT department immediately so they can prevent the hackers from taking over more accounts and secure sensitive company information.
      ⚠️ Beware of tech support scams. Fraudsters often pose as cybersecurity experts or tech support agents to gain remote access to your device or trick you into downloading remote access software, such as AnyDesk or TeamViewer. Know that legitimate tech support will not ask for upfront payments, credit card details, or access to your device.

      How To Protect Your Accounts From Hackers

      After you’ve secured your hacked accounts, it’s time to make sure that you can’t get hacked again.

      Here are some of the best ways to protect your accounts from common cyberattacks and online threats:

      Keep your device and apps updated

      Outdated apps and operating systems often contain vulnerabilities that hackers can exploit. Don’t ignore software software updates — as soon as you receive an alert, follow through with it. Even better, set up auto-updates to keep your devices safe (without requiring any effort on your part).

      Clean up your digital footprint

      Hackers use your social media accounts, search history, and other information they find about you online to hack you. Update your social media privacy settings to only allow close friends and contacts to view your profile. Then, remove any identifying information — such as addresses, phone numbers, and location data from old posts.

      Set up unique passwords and 2FA for every account you have

      Passwords are often your first line of defense against hackers. Create unique passwords for each of your accounts, and enable two-factor authentication (2FA) whenever possible.

      Secure your Wi-Fi network

      Compromised networks and routers give hackers easy access to the devices connected to them. Secure your home network by keeping your router’s firmware up to date and deactivating the remote administration option.

      Use a VPN on public Wi-Fi networks

      Anytime you log in to your accounts by using a public Wi-Fi network — especially sensitive accounts like banking — your information is at risk of being intercepted. Installing a virtual private network (VPN) — such as the one that’s included with Aura plans — prevents criminals from being able to see your browsing activity and sensitive information, including account passwords.

      Delete spam messages without opening them

      Opening spam emails gives fraudsters and hackers more information about you than you realize. Mark suspicious emails and SMS text messages as spam, and immediately delete them without opening. Never click on a link or download an attachment from a contact you don’t recognize.

      Use virtual cards when shopping online

      Opt for “virtual cards” that encrypt your credit card data so that if you get hacked, scammers won’t be able to access your actual card information or funds. Virtual cards can be easily blocked or discarded in the event they become compromised, which is much more convenient than waiting for new physical cards to be mailed.

      Sign up for new services by using an alternate email address

      An email alias is a secondary email address that routes mail into your primary inbox. If your email alias is ever compromised, you can simply remove it from your account and create a new alias.

      Keep your devices (and data) safe with Aura — plans start at just $3/month

      Editorial note: Our articles provide educational information for you to increase awareness about digital safety. Aura’s services may not provide the exact features we write about, nor may cover or protect against every type of crime, fraud, or threat discussed in our articles. Please review our Terms during enrollment or setup for more information. Remember that no one can prevent all identity theft or cybercrime.

      Is this article helpful so far?
      Yes
      No
      Skip
      Need an action plan?

      No items found.
      Is your child ready for a cell phone? Take this quiz to find out.
      Start Quiz

      Award-winning identity theft protection with AI-powered digital security tools, 24/7 White Glove support, and more. Try Aura for free.

      Related Articles

      Illustration of an open laptop displaying an eye on its screen; there’s a question mark inside the pupil
      Internet Security

      How To Tell If Your Computer Has Been Hacked

      If you notice unknown devices signing in, new apps launching on startup, or unexpected password reset prompts, your device might be compromised.

      Read More
      April 15, 2024
      Have I been hacked?
      Internet Security

      Have I Been Hacked? How To Recognize & Recover From a Hack

      If you’re asking “have I been hacked?” chances are the answer is yes. Here’s how to tell if you’ve been hacked and how to fully recover from the attack.

      Read More
      August 9, 2023

      Try Aura—14 Days Free

      Start your free trial today**