How to access a compromised Microsoft account

Applies to: Microsoft account

If your Microsoft account has been compromised, it means that someone might be using your account to access your personal info or send spam. Such info could include emails, contacts, and photos from Outlook.com and OneDrive. It could also include your health data if you have connected services like HealthVault.

Use this guide to get back into your account, review your personal info and settings, and help prevent this from happening again.

If you suspect that your account has been compromised but Microsoft hasn't sent you any notifications or warnings, you can always check the recent activity page to see what's been done with your account for the last month.

Why was my account blocked?


We noticed unusual activity in your account, so we temporarily blocked it. We know that having your account blocked can be frustrating, but it’s an important tool to help us protect all of our customers, including you, from junk email and online fraud.

Change or reset your password


If you think your Microsoft account has been compromised, try to sign in to it online. (If you're already signed in on your device, sign out first.)

  • If you successfully sign in, you should change your password immediately. This will stop anyone who knows your password from signing in again. Go to the Security page, select Change password, and then follow the instructions.
  • If you can’t sign in to your account, try resetting your password. Select Forgot my password on the sign-in page, choose the reason you need to your password reset, and then follow the instructions.

If you're having trouble signing in with a local account, see Reset your Windows 10 local account password for info.

If your account isn't blocked and you're still having trouble signing in, see When you can't sign in to your account for more tips.

Recover your Microsoft account


If none of the above helped get you back in to your account, fill out the account recovery form. This is the last option to get you back in to your account if you can't reset your password or an attacker changed your account settings. See Recover your Microsoft account for additional info.

Fill out the recovery form


  1. Go to account.live.com/acsr.
  2. Under Email, phone or Skype name, enter the info for the account you need to recover.
  3. Enter an email address that we can use to contact you about your account recovery.
  4. Enter the characters you see on the screen to prove you're not a robot, then select Next.
  5. A screen will pop up asking you to verify that email address. We'll send you a security code in an email. Enter that code, and select Verify.
  6. Now you'll be asked to answer several questions about yourself and your account. Fill in as much info as you can, even if you're not sure. See Tips for filling out the recovery form below.
  7. Select Submit when you're finished.

Tips for filling out the recovery form


For help passing the recovery form, review the below tips.

If you're using an account mainly to play Xbox. You can contact Xbox Support and provide them with your Xbox Console ID (for Xbox 360) or Device ID (for Xbox One) and they can help you through the account recovery process.

Confirm you're using the correct domain for your Microsoft account, such as hotmail.com, outlook.com, and gmail.com. Keep in mind that your email address may be country specific, such as in Sweden, your domain would be "hotmail.co.se" rather than "hotmail.com."

Complete the form from a secure network connection or device. We recommend to complete the form from a network location such as home Wi-Fi or work network, where a previous sign-in occurred. This will easily identify that you're the one trying to recover or unblock your account.

Answer the form questions as accurately as possible. The form questions are crucial to identify you as the owner of the account. If a question isn't applicable to your account, leave it blank.

  • When it comes to other passwords you've used on the account, if it's been compromised, you can enter the current password in one of the boxes.
  • If you're using the account to send and receive emails, you'll be asked for info to verify the account on how it was used. Such as subject lines and email addresses for people you've sent email to.
  • If you're using the account on Skype, you can provide 3 contacts from your contact list using another accessible Skype account.

After you've submitted


We'll send the results of your recovery request to the email address you gave us in the form. This can take up to 24 hours because our support team reviews the forms that have guesses or almost-right answers.

If your recovery request is accepted, we'll send you instructions to recover your account. After you get back in to your account, see Help protect your Microsoft account for tips to prevent having to recover your account again.

If your request was denied, you can keep trying up to two times per day. If you don't remember enough information to successfully recover your account, you'll have to create a new one.

To protect everyone's privacy, our support agents can't see your account details or unlock accounts.

Review your account info


If someone else got into your account, you want to make sure they didn't use your data or change your settings. Sometimes attackers make back doors into your account so they can still see your information after you reset your password. Use the following steps to review your important settings.

Help protect your account for the future


Take a look at our tips in Help protect your Microsoft account. We especially recommend you take a look at our Do’s and Don’ts for creating a strong password, and that you consider using two-step verification and the Microsoft Authenticator app to help strengthen your account security and to sign-in without passwords. Adding additional security info can make it easier to recover your account if someone else takes control of it, or you forget your password. Because this info is used for your safety, it's a good idea to add as much info as you can. We never use your security info for marketing purposes—it’s only to verify your identity.

If you want to close your account


After you change your password and review your personal information, your Microsoft account should be safe to use again. However, if you want to delete your account you can follow the steps listed in How to close your Microsoft account. If you're temporarily blocked from signing in to your compromised account, you will still need to go through the process of changing your password before you can close your account.

If you're ready to create a new Microsoft account, you can go straight to the Create account page now. Or you can sign up at any time by going to a Microsoft sign in page and selecting No account? Create one!