Skip to main content
    Step 1 of 5
    Safety & Privacy
    Intermediate

    What to Do If Your Email Account Was Hacked

    If someone gets into your email account without permission, act fast. This step-by-step guide walks you through regaining access, securing your account, and checking for damage.

    4 min read 5 stepsApril 19, 2026Verified April 2026
    1

    Try to regain access immediately

    ~26s
    Go to the login page for your email provider. Gmail: accounts.google.com/signin. Outlook/Hotmail: outlook.com. Try your last known password. If it does not work, click "Forgot Password" and follow the account recovery steps. You may need to verify via a backup phone number, backup email, or answer security questions.

    Quick Tip

    If you are completely locked out and recovery options fail, both Google and Microsoft have manual account recovery forms where you prove your identity. Search "Google account recovery" or "Microsoft account recovery."

    2

    Change your password immediately

    ~25s
    Once you are in, change your password right away before the hacker tries again. Make it at least 12 characters using a mix of letters, numbers, and symbols. Do not use any part of your old password, your name, or your birthday. A password like "BlueSky$29!Morning" is far stronger than "password123."

    Warning

    Log out of all other sessions immediately after changing your password. In Gmail: Google Account settingsSecurityYour DevicesSign out of all devices.

    3

    Turn on two-factor authentication

    ~16s
    This is the single most important thing you can do. Gmail: myaccount.google.com → Security → 2-Step VerificationGet Started. Outlook: account.microsoft.com → SecurityAdvanced Security OptionsTwo-step verification. With 2FA on, even if someone has your password, they still need your phone to log in.
    4

    Check your account settings for damage

    ~26s
    Look for changes the hacker may have made: email forwarding rules (they may have set your email to forward copies to their address), email signature (may contain spam links), recovery email/phone (may have been changed to their own), and connected apps that were granted access. Remove anything suspicious.

    Quick Tip

    In Gmail: Settings (gear icon) → See All SettingsForwarding and POP/IMAP → check if forwarding is turned on to an address you do not recognize. Delete it if so.

    5

    Check which other accounts may be compromised

    ~26s
    Look at your email's Sent folder for any password reset emails that went out after the hack. Check your inbox for "You requested a password reset" emails from services you use. For each affected account, change the password immediately. Priority: banking, PayPal/Venmo, Amazon, your phone carrier, and Social Security/Medicare accounts.

    Warning

    If your email was hacked and used for even an hour, treat any accounts that use that email for login as potentially compromised, especially banking and financial accounts.

    You Did It!

    You've completed: What to Do If Your Email Account Was Hacked

    Need more help? Get Expert Help from a TekSure Tech

    Finding out your email has been hacked is alarming — but it happens to millions of people every year and most can recover fully if they act quickly. The key is speed: the faster you regain control, the less damage the hacker can do.

    Signs your email may have been hacked: you cannot log in (password was changed), friends received strange emails from you, there are sent messages you did not write, your account settings were changed, or you got a security alert about a login from an unknown location.

    The hacker's goal is usually one of three things: send spam from your account, access your other accounts (by using "Forgot Password" to reset them via email), or steal personal information they find in your inbox.

    Your email is the master key to your digital life — most other accounts let you reset their passwords via email. This is why protecting your email is so critical.

    After you recover access, do a thorough damage check: look at which accounts might have received "password reset" emails while the hacker had access, and change those passwords too.

    The steps below cover Gmail and Outlook/Hotmail, which together cover the majority of email users.

    Was this guide helpful?

    Your feedback helps us make TekSure better for everyone.

    Want to rate with stars?

    Still have questions?

    Ask TekBrain a follow-up question about this guide. It’s free, no sign-up needed, and the answer will be in plain English.

    Ask TekBrain a follow-upBrowse common questions
    hacked email
    account recovery
    gmail
    outlook
    security
    password
    two-factor

    Official Resources

    FTC Consumer ProtectionCISA — Cybersecurity TipsAARP Fraud Watch Network

    Sources used to create and verify this guide. View all sources →

    ← Previous

    How to Turn On iPhone Stolen Device Protection

    Next →

    How to Keep Your Bank Account Safe Online

    Still stuck? Let a pro handle it.

    Our verified technicians can fix this issue for you — remotely or in person.

    Book a Verified Tech How It Works

    Related Guides

    More from Safety & Privacy

    How to Secure Your Home Wi-Fi Network

    Simple steps to lock down your home router, keep strangers off your network, and protect every device in your house.

    3 min read

    Setting Up Two-Factor Authentication (2FA) on Any Account

    Add a second layer of security to your most important accounts. This one change stops most account takeovers cold.

    3 min read

    Staying Safe on Social Media

    How to protect your privacy on Facebook and Instagram, spot fake accounts, and avoid the most common social media traps.

    3 min read

    What to Do If Your Email Account Was Hacked — Step-by-Step Guide | TekSure