How to recover a hacked or compromised Microsoft account

There are two reasons you might think your account has been hacked.

You may have received a message from Microsoft that says, “Help us secure your account”. That means we have seen some activity on your account that is out of the ordinary enough for us to take measures to lock down your account until you can take action.

You have seen activity such as unauthorized charges, spam being sent to your contact list, unrecognized names in your file sharing, etc.

If neither of those sounds like your situation, please visit When you can’t sign in to your Microsoft account.

Follow these steps in order to help you take back control of your Microsoft account.

Note: Xbox customers will find a solution customized to the way you interact with your console and account on Xbox Compromised Account Solution.

1. Change your Microsoft account password

The first thing you’ll want to do to protect your account is to change your password.

Go to Recover your account and type in the email address, phone number, or Skype name you use to sign in. Then select Next.

We’ll ask where you’d like to get your security code. Select Next.

Type the requested information and select Send code.

Type the security code into Verify your identity, then select Next.

Type in your New password. Then confirm it by typing it again into the Re-enter password field.

If you are unable to change your password using a security code to your contact information, complete the recovery form. Here are some tips you can use to fill out the form.

Note: For the protection of your account, we have strict policies on how our advocates can help you with your account. Microsoft Support advocates are not able to reset your password provide account information without proper validation or make any changes to your account security on your behalf. Only you can reset your password and make security changes to your account.

Steps to take if I can’t verify that I own the account

We recommend that you try again, up to two times per day. You may find more information or have remembered something that will help.

You can always create a new account if you’re having trouble with the recovery request and try again later when you remember something new that might help.

2. Check sign in activity for sign ins that weren’t you

After signing in, you’ll want to review the recent activity on your account. If you see any account activity that looks unfamiliar, select This wasn’t me, and we’ll help you change your password if you haven’t already done so.

Note: Location is based on IP address and is approximate to protect your privacy. Look for consistency rather than exactness of location.

Go to Security > Sign-in activity > View my activity

Because of the sensitivity of this information, we’ll need to verify your identity with a security code. On the Protect your account screen, select the method by which you’d like to receive this code, then select Send code.

On the Enter code screen, enter the security code you receive.

Review the recent sign-in activity on your account. If you see any successful sign-in that you do not recognize, run a scan with your security software and remove any malware you find. Then change your password again.

3. Review your Microsoft account settings

Check Security Contact Info: Remove any security contact information the attacker might have added.

On the Security basics page, select the Update info button. If you’re not already signed in to your Microsoft account, you’ll be prompted to sign in.

You may be asked to enter a verification code to continue. If you don’t have access to your alternate email or phone number, choose I don’t have any of these and follow the instructions to replace your security info.

You’ll see your security info under Security settings. Choose Remove for any you want to remove. You may be asked to add new security info before you can remove the old info.

Update Outlook.com email settings: Sometimes attackers change your email settings so that they receive emails you send out, or they set up automatic replies for emails you receive. Because this is so common, Microsoft will reset these settings to the default options if we think your account was compromised.

Select the settings icon, then View all settings.

Review the following settings and remove any unfamiliar addresses or information that might have been added:

Remove OneDrive Sharing: Make sure an attacker didn’t give himself access to your files.

Select Shared on the left menu under OneDrive.

Review the folders and files that you’re sharing to see if any have been added or removed.

Review Order History: Review Order history for unrecognized charges.

If you see charges you don’t remember making, check your apps and downloaded content to make sure someone in your family didn’t make the purchase.

If you do determine that the charge isn’t yours, see What to do about unexpected charges from Microsoft.

4. Protect your other online accounts

If an attacker had access to your username and password, they may have access to any other accounts where you used that account. Just to be safe, you should change your passwords on those other sites as well.

5. Protect your Microsoft account for the future

Take a look at our tips in Help protect your Microsoft account. We especially recommend you take a look at our Do’s and Don’ts for creating a strong password, and that you consider using two-step verification and the Microsoft Authenticator app to help strengthen your account security and to sign-in without passwords.

Adding additional security contact info can make it easier to recover your account if someone else takes control of it, or you forget your password. We never use your security contact info for marketing purposes—it’s only to verify your identity.

My windows 10 PC has been hacked and all the permisiions have been changed

My pc has been hacked, I believe this was done remotely several months ago. The hacker/hackers telephoned my house and said they were with talk talk and needed to install security software, I followed their instructions and downloaded a programme which game them control over my computer ( yes I know this was a stupid thing to do). I got suspicious when they kept on repeatedly asking me to logon to internet banking. Luckily I didnt do this so my bank account is secure. The situation I am now in, is that all my files and documents have been stored on the D:\ drive, these are important documents and photographs of my family and work related stuff form over a 10 year period. I can not get access to these documents as all the permissions have been changed and I am denied access. I have recently updated windows 10 which didn’t help me. I do not want to lose any of the documents or family photographs that are stored on the D:\ drive. and would greatly appreciate any help the community can give me. Note: I am a basic user so would appreciate simple to understand instructions. (Imagine you are talking to child lol)

Replies (3) 

My pc has been hacked, I believe this was done remotely several months ago. The hacker/hackers telephoned my house and said they were with talk talk and needed to install security software, I followed their instructions and downloaded a programme which game them control over my computer ( yes I know this was a stupid thing to do). I got suspicious when they kept on repeatedly asking me to logon to internet banking. Luckily I didnt do this so my bank account is secure. The situation I am now in, is that all my files and documents have been stored on the D:\ drive, these are important documents and photographs of my family and work related stuff form over a 10 year period. I can not get access to these documents as all the permissions have been changed and I am denied access. I have recently updated windows 10 which didn’t help me. I do not want to lose any of the documents or family photographs that are stored on the D:\ drive. and would greatly appreciate any help the community can give me. Note: I am a basic user so would appreciate simple to understand instructions. (Imagine you are talking to child lol)

Just a quick update, there are 6 different entities with permissions to read and write. none of them are me, and they have control, How can I get rid of them and reset all permissions ?

Kind regards Gerard

1 person found this reply helpful

Was this reply helpful?

Sorry this didn’t help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

Has my PC been hacked?

A couple of days ago I used the Microsoft online technical support service to try and fix a problem I had encountered since upgrading to windows 10 (the battery icon was missing from the task bar and the option to turn it on was disabled). A technician took control of my computer for about 3 hours. It seemed that he had no idea what he was doing and eventually he gave up and said my PC must be corrupt.

After he signed off, I managed to find a very simple partial fix within 10 minutes by following instructions from a post on the Microsoft community. So I have no idea what the guy was doing for 3 hours. Anyway, my real concern is that after he gave up, he failed to return my PC back to how it was before he was messing with it. He performed a clean boot and so turned everything off (all my antivirus software etc), but he failed to turn everything back on (luckily I knew how to turn everything back on, but not everybody would!) he also created another account on my PC which is still there. I didn’t think much of this, I just thought he was a very poorly trained technician.

Since he had access to my computer I have restarted it a few times.

When I logged on to my computer today(2 days later), after leaving it on standby for the afternoon while I went to work, Chrome had crashed and lost all of my work which I had left open in a number of tabs. Chrome had a warning up, reporting suspicious activity. Also, the chat dialogue box between myself and the Microsoft technician, was mysteriously open again, and connected (unfortunately I lost it when Chrome restarted my computer after scanning and removing a threat). I am now suspicious that he purposely left my computer in a bad state (all my virus software turned off, his test user account still there) so that he could get reconnect to my PC.

I have tried to make a complaint to Microsoft but it seems it is not possible to complain. I was passed around to a number of different technicians, one who offered me a fax number. And one who gave me a fake email address (I have tried it)

Does anyone know if it is possible for the technician to leave an access point in my PC so that he is able to remotely connect at a later date? Or is this just a combination of a messy techy and a weird glitch in my PC? I don’t want to worry unnecessarily or get an innocent techy in trouble, but I also don’t want to be naive and ignore a potential hack on my system. Thanks in advance for any advise.

How do I know if my Computer has been Hacked and what to do next

At times, rather than using the theory of logic and reasoning, we follow our gut instinct to understand things instinctively. Hacking is one such instance where this principle may be followed. We know, hackers can get access to your devices in surprising ways and manifest themselves into different avatars that we might not be aware of. IRC Clients, Trojans, Backdoors are some of the malicious programs that are used to hack computers. The least we can do is look for some possible indicators suggesting we might have been hacked and then look for some quick action against it. Here’s how you can know if your Windows computer has been hacked.

How do I know if my computer has been hacked?

You know that your computer has been hacked and compromised if you see the following signs:

1. Your online passwords or settings have been changed
2. Your computer’s local account passwords have been changed, or you see new User Accounts
3. You see strange posts ‘made by you’ in your social feeds. Or maybe your ‘Friends’ are receiving inappropriate messages, allegedly from you.
4. Your friends are reporting receiving strange spam or emails from you.
5. You find that new programs or toolbars have been installed on your computer.
6. You receive messages from fake antivirus or other rogue software
7. Your Internet speed has become sluggish and slow
8. There is a marked increase in Network activity.
9. Your Firewall is busy blocking several outward connection requests
10. Your security software has been disabled.
11. The home page or default browser search engine has been hijacked
12. Your mouse moves automatically to make selections
13. You start getting calls from your Bank, Credit Card company, Online Store about non-payment, dip in the bank balance, unexpected outstanding balances or purchases.

Let us take a look at some of these signs in detail, in no specific order.

Change in online passwords

If you notice one or more of your online passwords have changed suddenly, you’ve more than likely been hacked. Here, usually what occurs is that the victim unknowingly responds to an authentic-looking Phishing email that purportedly claimed to be from the service ending up with the changed password. The hacker collects the log-on information, logs on, changes the password, and uses the service to steal money from the victim or the victim’s acquaintances. See how you can avoid Phishing Scams and Attacks and take steps to prevent your Online Identity Theft.

As a damage control action, you can immediately notify all your contacts about the account compromised. Second, immediately contact the online service to report the compromised account. Most online services are aware of this sort of maliciousness and have the requisite strength and expertise to restore things to normalcy and get the account back under your control with a new password. You can recover hacked Microsoft Accounts, Google Accounts, Facebook account, Twitter account, etc., using their properly laid down procedure.

Amount missing from your bank account

In the event of misfortune, you can lose all your money if a hacker gets access to your personal information (Credit Card, Online Banking details, etc.). To avoid this, turn on transaction alerts that send text alerts to you when something unusual is happening. Many financial institutions allow you to set thresholds on transaction amounts, and if the threshold is exceeded or it goes to a foreign country, you’ll be warned. It would be a good idea to follow these Online Banking Tips.

Fake antivirus messages

Fake antivirus warning messages are among the surest signs that your system has been compromised. Clicking No or Cancel to stop the fake virus scan yields no benefit since the damage is already done. These programs, often make use of unpatched software like the Java Runtime Environment to exploit your system.

Frequent random popups

This problem is mostly associated with your browsers and indicates you have unwanted software or malware installed on your computer since websites do not generally generate harmful pop-ups.

Redirected Internet searches or home page

It’s a well-known fact that most hackers make their living by redirecting your browser somewhere else than the address you would want to visit. That’s certainly because hacker gets paid by getting your clicks to appear on someone else’s website, often those who don’t know that the clicks to their site are from malicious redirection.

You can often spot or pinpoint this type of malware by simply typing a few related, very common words into the search bar of popular search engines and checking to see whether the results relevant to your search appear or not. The traffic sent and returned will always be distinctly different on a compromised computer vs. an uncompromised computer.

Is your PC acting as a Botnet Node?

Botnets are networks of compromised computers, controlled by remote attackers to perform such illicit tasks as sending spam or attacking other computers. Maybe your computer has been compromised and is acting as a Node.

TIP: Before you proceed, you might want to read our post – Why would someone want to hack my computer?

What to do if your computer has been hacked

1] If you feel that your Windows PC may have been hijacked, you should disconnect from the Internet and boot into Safe Mode and run a full deep scan of your antivirus software. If your security software has been disabled, use a good on-demand antivirus scanner. and run it from an external disk or USB.

2] You may also use specialized tools like Norton Power Eraser, an anti-hacker software, or one of these Botnet Removal Tools.

2] You can remove bogus toolbars from the browser using a good Browser Hijacker Removal software.

3] Open your Control Panel and uninstall programs that may look suspicious in nature.

4] When you are connected to the Internet, open a Command Prompt, type the following command, and hit Enter:

• -a parameter lists all the computer’s connections & listening ports
• -n parameter displays addresses & port numbers
• -o parameter outputs the process ID responsible for the connection.

With a glance, an IT administrator will be able to keep a watch on your open Ports, and the network activity which is going on in the system.

Check for any suspicious connection. Please note down that any connection that says – ‘Established’ and the PID number and ensure that all such connections are valid connections. If need be, press Ctrl+Shift+Esc to bring up the Task Manager. Then, navigate the mouse cursor to ‘Processes’ tab and hit the ‘View’ tab, select columns, and check the Process Identifier PID column. Instantly, the complete list of PID numbers will be displayed. Look for the number you noted down moments ago in the CMD window. If in doubt, terminate the process.

5] Install a bandwidth monitoring tool so that you can keep an eye on your usage. Use Packet Sniffing Tools intercept and log network traffic.

Keep your operating system and installed software updated at all times so as to close all software vulnerabilities and use a good security software. It is essential to keep yourself aware of these developments since, in today’s threatscape, no antivirus software offers 100% peace of mind. To combat this, antimalware programs that monitor program behaviors – Heuristics – to catch previously unrecognized malware should be used. Other programs that use virtualized environments, VPNs, anti-hacker software, and network traffic detection software can also be deployed for use.

6] Make use of Detekt, a free anti-surveillance software for Windows.

If you need more help, please go through this Malware Removal Guide. You may also like to read this post titled, how do you tell if your computer has a virus.