Skip to main content
Account RecoveryHome & Business5 min read · Updated June 2026
Person focused and typing on a laptop at a home desk with coffee nearby

How to Recover a Hacked Account

If a criminal has accessed one of your accounts, act quickly. The faster you respond, the more you can limit the damage. Work through these steps in order — even if you are feeling stressed, this process is straightforward.

Step 1 — Try to Log In Right Now

Before assuming you have been locked out, try your normal login. If your password still works:

  1. Change your password immediately — use something strong and unique to this account
  2. Enable two-factor authentication if it is not already active
  3. Review recent account activity — revoke access to any devices or apps you do not recognise
  4. Check your settings — look for email forwarding rules, a changed recovery phone number or email, or any linked apps you did not authorise

If your password has already been changed and you cannot log in, move to Step 2.

Step 2 — Use the Official Account Recovery Page

Every major platform has an account recovery process. Use only the official links below:

ServiceRecovery URL
Googleaccounts.google.com/signin/recovery
Facebook / Instagramfacebook.com/hacked
Apple IDiforgot.apple.com
Microsoftaccount.live.com/password/reset
X / Twitterhelp.twitter.com/forms/signin

Recovery typically uses one of:

  • A backup phone number or email address linked to the account
  • A code sent to a trusted device
  • Saved backup codes from when you set up 2FA
  • Identity verification (for more serious cases)

Step 3 — Contact the Platform's Support Team

If automated recovery does not work, contact the platform directly:

  • Google: support.google.com
  • Facebook: facebook.com/help/hacked
  • Microsoft: microsoft.com/en-gb/safety/online-privacy
  • Apple: support.apple.com

Be ready to verify your identity. This process can take 24–72 hours on large platforms. Be patient and follow their instructions exactly.

Get your free personalised cybersecurity plan

Answer a few quick questions and we'll build a step-by-step plan tailored to your situation — no jargon, no credit card required.

Start for free →

Step 4 — Secure the Account Once You Have Access

Getting your account back is only the first part. Lock it down:

  1. Change your password to something strong and unique to this account
  2. Enable two-factor authentication immediately
  3. Review all linked applications — revoke access to anything you do not recognise
  4. Check email forwarding and filter rules — delete any you did not create
  5. Update your recovery information — make sure the backup email and phone number belong to you
  6. Check other accounts — if you used the same password elsewhere, change those now

Step 5 — Deal With the Knock-On Effects

A compromised account can trigger downstream damage. Act on these based on what was hacked:

If your email account was hacked

Your email controls password resets for everything else. Check your Google, social media, PayPal, bank, and any shopping accounts — log in and change passwords on any that used your hacked email to register.

If your social media was hacked

Tell your contacts (via another channel) to ignore any messages asking for money or links. Report any posts the hacker made to the platform.

If your bank or payment account was hacked

Call your bank immediately on the number on the back of your card. Do not use contact details from any email about the breach.

Report What Happened

  • Action Fraud: actionfraud.police.uk or 0300 123 2040
  • Your bank's fraud line if any financial accounts were involved
  • The NCSC if you are a business: ncsc.gov.uk/section/about-this-website/report-a-cyber-incident

Related guides

How to Check If You've Been Hacked

Run through this checklist to understand the full extent of any breach.

How to Create a Strong Password

Once you regain access, set a new strong password immediately.

What Is Two-Factor Authentication?

Set up 2FA straight away to protect the recovered account.

Frequently asked questions

What do I do if I am locked out of a hacked account?

Use the platform's official recovery page (links provided in Step 2 of this guide), then contact their support team if that does not work. Never use unofficial third-party 'account recovery' services — many are scams themselves.

Will I get my account back?

In most cases, yes — especially with Google, Facebook, Apple, and Microsoft. Use the official recovery process and follow up with their support team. Recovery typically takes 24–72 hours.

How do I stop my accounts being hacked again?

Use a different strong password for every account (a password manager makes this manageable) and enable two-factor authentication on all important accounts — especially your email.