What to Do When You've Been Hacked: A Step-by-Step Guide

Discovering you’ve been hacked is one of the most stressful experiences in digital life. Whether it’s a compromised email account, unauthorized purchases, or suspicious activity, the immediate question is: what do I do now?

While every situation is different, there are clear steps you should take immediately to limit damage and secure your accounts. Here’s a practical guide to incident response.

Signs You’ve Been Hacked

You might notice:

• Unauthorized purchases or transactions
• Emails you didn’t send
• Password reset emails you didn’t request
• New accounts you didn’t create
• Unfamiliar devices in your account activity
• Locked out of your accounts
• Friends receiving spam from you
• Unusual activity in your accounts

If you see any of these, act quickly.

Immediate Steps (First 30 Minutes)

1. Disconnect from the Internet

If your device might be compromised:

• Disconnect from WiFi
• Turn off mobile data
• This prevents further data theft while you respond

2. Change Your Passwords

Start with the most critical accounts:

• Email - This is usually the gateway to other accounts
• Banking and financial - Money is at risk
• Password manager - If compromised, all passwords are at risk
• Social media - Prevents further damage to your reputation

Use a different device if possible (your phone, a friend’s computer).

3. Enable Two-Factor Authentication

If you haven’t already:

• Enable 2FA on all critical accounts immediately
• Use an authenticator app, not SMS (SMS can be intercepted)
• This prevents future unauthorized access even if passwords are compromised

4. Check for Unauthorized Access

Review your accounts:

• Check login history/active sessions
• Look for unfamiliar devices or locations
• Sign out of all devices if possible
• Review recent activity

5. Secure Your Email Account

Your email is critical:

• Change the password immediately
• Enable 2FA
• Check for email forwarding rules (attackers often set these up)
• Review sent emails for anything suspicious
• Check for filters that might hide evidence

Short-Term Steps (First 24 Hours)

1. Notify Financial Institutions

If financial accounts are involved:

• Contact your bank immediately
• Report unauthorized transactions
• Cancel compromised cards
• Monitor accounts closely

2. Scan Your Devices

Check for malware:

• Run a full antivirus scan
• Use reputable security software
• Check for suspicious programs
• Consider professional help if you’re unsure

3. Review All Accounts

Check every account you have:

• Social media accounts
• Cloud storage
• Shopping sites
• Any service with saved payment methods
• Change passwords on any that might be compromised

4. Check for Data Breaches

See if your information was exposed:

• Check haveibeenpwned.com
• Review breach notifications from services
• Understand what data was exposed

5. Document Everything

Keep records:

• Screenshots of suspicious activity
• Dates and times of incidents
• What you’ve done to respond
• This helps with recovery and potential legal action

Recovery Steps (First Week)

1. Secure All Accounts

Go through all your accounts systematically:

• Change passwords (use a password manager)
• Enable 2FA everywhere possible
• Remove saved payment methods from shopping sites
• Review privacy settings

2. Monitor Your Accounts

Watch for ongoing issues:

• Set up account alerts
• Check statements regularly
• Monitor credit reports
• Watch for new account creation

3. Update Your Security

Improve your security posture:

• Review your security practices
• Enable additional security features
• Consider a security audit
• Learn from what happened

4. Notify Contacts

If your email or social media was compromised:

• Let contacts know you were hacked
• Warn them not to click suspicious links
• Apologize for any spam sent from your account

Preventing Future Incidents

After you’ve secured everything, focus on prevention:

1. Use a Password Manager

• Generate strong, unique passwords
• Store them securely
• Never reuse passwords

2. Enable Two-Factor Authentication

• Use authenticator apps, not SMS
• Enable on all critical accounts
• Keep backup codes secure

3. Be Cautious Online

• Don’t click suspicious links
• Verify email senders
• Be wary of phishing attempts
• Keep software updated

4. Monitor Your Accounts

• Review account activity regularly
• Set up alerts for unusual activity
• Check statements monthly
• Use credit monitoring if appropriate

5. Regular Security Reviews

• Review your security practices quarterly
• Update passwords periodically
• Check for new security features
• Stay informed about threats

When to Get Professional Help

Consider professional assistance if:

• Financial accounts are compromised
• You’re locked out of critical accounts
• You’re unsure if your device is clean
• The incident affects your business
• You need help with recovery

A security professional can help with:

• Incident investigation
• Device cleanup
• Account recovery
• Security improvements
• Ongoing monitoring

Common Mistakes to Avoid

Don’t make these mistakes:

• Panicking - Stay calm and act methodically
• Ignoring the problem - It won’t go away on its own
• Reusing passwords - Change to unique passwords
• Skipping 2FA - It’s essential for security
• Not monitoring - Keep watching for issues

Getting Started

If you’ve been hacked:

1. Stay calm and act quickly
2. Secure your email account first
3. Change passwords on critical accounts
4. Enable 2FA everywhere
5. Monitor for ongoing issues

Remember, the faster you act, the less damage will be done. Have a plan before you need it.

Conclusion

Being hacked is stressful, but quick action can limit the damage. By securing your accounts immediately, enabling 2FA, and monitoring for ongoing issues, you can recover and prevent future incidents.

The key is to act quickly, stay organized, and learn from the experience to improve your security going forward.

Need help responding to a security incident? Contact us for expert incident response assistance and recovery support.