How to recover a hacked or compromised Microsoft account

Applies to: Microsoft Account

If your Microsoft account has been compromised, it means that someone might be using your account to access your personal info or send spam. Such info could include emails, contacts, and photos from Outlook.com and OneDrive. It could also include your health data if you have connected services like HealthVault.

Use this guide to get back into your account, review your personal info and settings, and help prevent this from happening again.

If you suspect that your account has been compromised but Microsoft hasn't sent you any notifications or warnings, you can always check the recent activity page to see what's been done with your account for the last month.

Why was my account blocked?


We noticed unusual activity in your account, so we temporarily blocked it. We know that having your account blocked can be frustrating, but it’s an important tool to help us protect all of our customers, including you, from junk email and online fraud.

Change or reset your password


If you think your Microsoft account has been compromised, try to sign in to it online. (If you're already signed in on your device, sign out first.)

  • If you successfully sign in, you should change your password immediately. This will stop anyone who knows your password from signing in again. Go to the Security page, select Change password, and then follow the instructions.
  • If you can’t sign in to your account, try resetting your password. Select Forgot my password on the sign-in page, choose the reason you need to your password reset, and then follow the instructions.

If you're having trouble signing in with a local account, see Reset your Windows 10 local account password for info.

If your account isn't blocked and you're still having trouble signing in, see When you can't sign in to your account for more tips.

Recover your Microsoft account


If none of the above helped get you back in to your account, fill out the account recovery form. This is the last option to get you back in to your account if you can't reset your password or an attacker changed your account settings. See Recover your Microsoft account for additional info.

Fill out the recovery form


  1. Go to account.live.com/acsr and provide the email address, phone number, or username for the account you are trying to recover. 
  2. Provide an email address (other than the one you are trying to recover) that we can use to contact you about your request.
  3. Enter the characters you see on the screen to prove you're not a robot, then select Next.
  4. A screen will pop up asking you to verify the contact email address. Check that email for a message from us with the security code, enter that code, then select Verify.
     
  5. Fill in as much info as you can, even if you're not sure. See Tips for filling out the recovery form below.

  6. Select Submit when you're finished, and we'll respond within 24 hours.

Tips for filling out the recovery form


Set yourself up for success

  • Complete the form from a device and a location that we will recognize such as a device with which you’ve recently signed into your account and a location like your home or office where you commonly use that device.
  • Collect as much information as you can about your Microsoft account and services before you begin:
    • If you’re an Outlook.com or Hotmail.com user, we’ll ask you questions about your contacts and email subject lines. Check with friends and family that you correspond with for help.
    • If you have an Xbox console, you will be asked to provide the hardware ID of a console that you’ve used frequently. Make sure you get the ID from a console you use a lot. If you recently bought a new one, try to get the hardware ID from your old console. Here’s how you can get that information:
    • Skype customers will be asked for the SkypeID or names of contacts on their account. If you use Skype to call mobile or landline phones, you’ll also be asked for some of those along with details about a recent Skype purchase.

Completing the form

The more information you can include in the form, the better the chance you’ll have of regaining access to your account. Answer as many questions as you can as thoroughly as possible. If you’re not sure, guessing is ok — wrong answers don’t count against you.

  • When you enter your email address, keep in mind that some domains may be country specific such as @outlook.co.uk.
  • If you’ve had your account for several years, the details on file may not match your current situation, so think about what you may have entered when you first signed up. Is it possible that you moved or changed your name?
  • Think about passwords that you use on other accounts that you may have used here. This is another place where a good guess can pay off.
  • When you get to a question that lets you “add more," fill in as much information as you are able.
  • Email subject lines need to be exact.
  • Gamertags are not case-sensitive but are space-sensitive.

After you've submitted


We'll send the results of your recovery request to the email address you provided.

If we're able to verify your account, we'll send you instructions to recover your account. After you get back into your account, see Help protect your Microsoft account for steps you can take to secure your account going forward.

What if my request wasn't granted?

  • We recommend that you try again, up to two times per day. You may find more information or have remembered something that will help.
  • A customer support advocate will not be able to help you beyond what you can do for yourself in the form. To protect your account and its content, advocates are not allowed to change account details or send password reset links.
  • You can always create a new account if you’re having trouble with the recovery request and try again later when you remember something new that might help.

Review your account info


If someone else got into your account, you want to make sure they didn't use your data or change your settings. Sometimes attackers make back doors into your account so they can still see your information after you reset your password. Use the following steps to review your important settings.

Help protect your account for the future


Take a look at our tips in Help protect your Microsoft account. We especially recommend you take a look at our Do’s and Don’ts for creating a strong password, and that you consider using two-step verification and the Microsoft Authenticator app to help strengthen your account security and to sign-in without passwords. Adding additional security info can make it easier to recover your account if someone else takes control of it, or you forget your password. Because this info is used for your safety, it's a good idea to add as much info as you can. We never use your security info for marketing purposes—it’s only to verify your identity.

If you want to close your account


After you change your password and review your personal information, your Microsoft account should be safe to use again. However, if you want to delete your account you can follow the steps listed in How to close your Microsoft account. If you're temporarily blocked from signing in to your compromised account, you will still need to go through the process of changing your password before you can close your account.

If you're ready to create a new Microsoft account, you can go straight to the Create account page now. Or you can sign up at any time by going to a Microsoft sign in page and selecting No account? Create one!