IT Security IT Support

What to do if you think an online account has been hacked?

Being hacked can feel like a personal attack: You go to log into Facebook, or Gmail, or iCloud—and your password doesn’t work, leaving you unable to protect your most important online accounts. This worst-case scenario might bring on feelings of nausea and helplessness. Fortunately, you can take action in the face of digital vandalism. If you find yourself locked out of your accounts, major internet services have prepared a few routes for getting back in. As well as restoring your access, these companies help you limit the damage that a hacker can do.

How do you know that someone else really has taken control of one of your accounts? Not being able to log in is a big clue—but if your password doesn’t work, don’t immediately assume you’ve been hacked. First, make sure the culprit is really a bad actor: For example, if you can’t get into your Facebook or Twitter account on your computer, try logging in on another device to see if you’ve really lost your access. Also make sure to double-check the password you’re typing before you start to suspect the worst.

Another warning sign can come in the form of email. Many services will send you messages about suspicious activity, such as when somebody logs into your account from an unfamiliar computer (or an unfamiliar country), or when somebody changes your username or password. Make sure to check your inbox for emails like these. Also keep an eye out for messages from friends: If “you” have started sending them spam, they can alert you that your account was compromised.

 

Once you realize you’ve been hacked, it’s time to roll up your sleeves and take back your account.

 Change your passwords

Once you can log in once more—or if you could already access your account but have noticed suspicious activity—change your password to boot out any unwelcome visitors.

Change your security questions

Go to your account settings, and security to change your security questions, choose questions that you could give distinct answers to, and are not easily guessed.

Run security checks

Having recovered from a hacking attempt, you’ll want to protect against any future ones. So activate the security features designed to prevent attacks. One of the most helpful measures is turning on two-step verification, where logging in requires a code sent to your phone, on top of the standard username and password. And specific services offer their own security features: Facebook, for example, lets you add a list of trusted friends who can verify your identity if you get hacked again. Turn on this option via the Security page in Settings.