top of page

8 steps from the NCSC to recovering a hacked account

Whether it's your email, social media or some other type of online service, there are many things which can alert you to the fact that someone else is accessing your account.

Being locked out of the account is an obvious indication that something has gone wrong, but the signs can be more subtle. Things to look out for include logins or attempted logins from strange locations or at unusual times. Changes to your security settings and messages sent from your account that you don't recognise are also giveaways.

However you discover the problem, once you know your account has been hacked, these are the steps the National Cyber Security Centre recommend you follow.

Download PDF • 217KB

1. Update your devices The Operating Systems and apps on the devices you use should all be updated. These updates will install the latest security fixes. If you have it installed, run scan with up-to-date antivirus software. This isn't usually necessary for phones and tablets.

2. Contact your provider If you can't access your account, go to the account provider homepage and find a link to their help or support pages. These will detail the account recovery process.

If you can't find what you need on the service's website, try a search engine like google or bing. For example, "facebook account hacked.” Follow links to the service's own advice

3. If your email account was hacked Once you've regained control, check your email filters and forwarding rules. It is a common trick for the person hacking an account to set up an email forwarding rule that sends a copy of all your received emails to them. Information on how to do this should be found in your provider's help pages.

4. Change passwords Once you have confirmed there are no unwanted email forwarding rules in place, change the passwords on all accounts which have the same password as the hacked account. Then change the passwords for all the other accounts that send password reminders/resets to the hacked account. Please read our advice on three random words.

5. Set up two-factor authentication

This provides an extra layer of protection against your account being hacked in the future. Read our guide on using 2-factor authentication.

6. Notify your contacts Get in touch with your account contacts, friends or followers. Let them know that you had been hacked. This will help them to avoid being hacked themselves. You should contact the people you know regardless of whether you managed to restore your account or not.

7. If you can't recover your account You may choose to create a new one. Once you've done this, it's important to notify your contacts that you are using a new account. Make sure to update any bank, utility services or shopping websites with your new details.

8. Contact Action Fraud If you feel that you have been affected by an online crime you can report a cyber incident to Action Fraud using their online fraud reporting tool.


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the West Midlands is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the West Midlands provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.


The Cyber Resilience Centre for the West Midlands does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the West Midlands is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page