Search Microsoft Security
Search Microsoft.com

How to recover your hacked Microsoft account

How to recover your hacked Microsoft account

If you think your Microsoft account has been hacked, we recommend that you reset your password right away. To change your Outlook.com (formerly Hotmail) password, sign in to your Microsoft account, and then go to the Password and Security section. It's a good idea to choose a password that you don't use elsewhere.

Can’t access your account?

There are ways to recover your account, even if a hacker has changed the password. If your account has been hacked, first try to reset your password. If you previously connected your account with an additional email address and/or a mobile phone number, we will send your new password there. You don’t need to know the password to reset it.

If you can’t reset your password, and you haven’t already added security information to your account, you can still get back into the account by filling out a questionnaire. You will be asked specific questions about the account and email messages that might be stored there. Someone will get back to you within 24 hours (typically a lot sooner).

Add security information to your account

It will be easier to recover your account if you have already associated it with information that cybercriminals can’t easily access, like your mobile phone number or an alternate email address. For example, if you lose your password, or your account is compromised, Microsoft sends you an account-recapture code in a text message to help you regain access to your account. Add security information to your account.

You can also set up a "trusted PC" to recapture a hijacked account. You can associate your account with one or more of your personal computers. That way, if you ever need to regain control of your account by resetting your password, use one of your trusted computers and Outlook will know you are the legitimate owner.

Watch out for scams

If you receive an email message about the security of your account, it could be a phishing scam. Don’t click links in any messages unless you trust or check with the sender. Instead, reset your password.

Use antivirus software

Scammers can get into your email account by installing malicious software onto your computer without your knowledge. Make sure you use antivirus software that updates automatically, like Microsoft Security Essentials if your computer runs Windows 7 or Windows Vista. If you’re using Windows 8, you already have built-in antivirus and antispyware protection with Windows Defender—which means you don’t need to download Microsoft Security Essentials or other antivirus programs. Windows Defender runs in the background and notifies you when you need to take specific action.