How to recover a hacked or compromised Microsoft account

Applies to: Microsoft account

There are two reasons you might think your account has been hacked.

  • You may have received a message from Microsoft that says, “Help us secure your account”. That means we have seen some activity on your account that is out of the ordinary enough for us to take measures to lock down your account until you can take action.
  • You have seen activity such as unauthorized charges, spam being sent to your contact list, unrecognized names in your file sharing, etc.

If neither of those sounds like your situation, please visit When you can’t sign in to your Microsoft account.

Follow these steps in order to help you take back control of your Microsoft account.

  1. Change your Microsoft account password
  2. Check sign in activity for sign ins that weren’t you
  3. Review your account settings
  4. Protect your other online accounts
  5. Protect your Microsoft account for the future

1. Change your Microsoft account password


The first thing you’ll want to do to protect your account is to change your password.

  1. Go to Recover your account and type in the email address, phone number, or Skype name you use to sign in. Then select Next.
  2. We'll ask where you'd like to get your security code. Select Next.
  3. Type the requested information and select Send code.
  4. Type the security code into Verify your identity, then select Next.
  5. Type in your New password. Then confirm it by typing it again into the Re-enter password field.

If you are unable to change your password using a security code to your contact information, complete the recovery form. Here are some tips you can use to fill out the form.

 Steps to take if I cannot verify that I own the account

  • We recommend that you try again, up to two times per day. You may find more information or have remembered something that will help.
  • You can always create a new account if you’re having trouble with the recovery request and try again later when you remember something new that might help.

2. Check sign in activity for sign ins that weren’t you


After signing in, you’ll want to review the recent activity on your account. If you see any account activity that looks unfamiliar, select This wasn’t me, and we’ll help you change your password if you haven’t already done so.


  1. Go to Security > Sign-in activity > View my activity
  2. Because of the sensitivity of this information, we’ll need to verify your identity with a security code. On the Protect your account screen, select the method by which you’d like to receive this code, then select Send code.
  3. On the Enter code screen, enter the security code you receive.
  4. Review the recent sign-in activity on your account. If you see any successful sign-in that you do not recognize, run a scan with your security software and remove any malware you find. Then change your password again.

3. Review your Microsoft account settings


Check Security Contact Info: Remove any security contact information the attacker might have added.

  1. On the Security basics page, select the Update info button. If you're not already signed in to your Microsoft account, you'll be prompted to sign in.
  2. You may be asked to enter a verification code to continue. If you don't have access to your alternate email or phone number, choose I don't have any of these and follow the instructions to replace your security info.
  3. You'll see your security info under Security settings. Choose Remove for any you want to remove. You may be asked to add new security info before you can remove the old info.

Update Outlook email settings: Sometimes attackers change your email settings so that they receive emails you send out, or they set up automatic replies for emails you receive. Because this is so common, Microsoft will reset these settings to the default options if we think your account was compromised.

  1. Sign in to Outlook.
  2. Select the settings icon, then Options.
  3. Review the following settings and remove any unfamiliar addresses or information that might have been added:
    • Accounts > Connected accounts
    • Accounts > Forwarding
    • Automatic processing > Automatic replies

Remove OneDrive Sharing: Make sure an attacker didn’t give himself access to your files.

  1. Sign in to OneDrive.
  2. Select Shared on the left menu under OneDrive.
  3. Review the folders and files that you're sharing to see if any have been added or removed.

Review Order History: Review Order history for unrecognized charges.

  • If you see charges you don’t remember making, check your apps and downloaded content to make sure someone in your family didn’t make the purchase.
  • If you do determine that the charge isn’t yours, see What to do about unexpected charges from Microsoft.

4. Protect your other online accounts


If an attacker had access to your username and password, he has access to any other accounts where you may have used them on. Just to be safe, you should change your passwords on those other sites as well.

5. Protect your Microsoft account for the future


Take a look at our tips in Help protect your Microsoft account. We especially recommend you take a look at our Do’s and Don’ts for creating a strong password, and that you consider using two-step verification and the Microsoft Authenticator app to help strengthen your account security and to sign-in without passwords.

Adding additional security contact info can make it easier to recover your account if someone else takes control of it, or you forget your password. We never use your security contact info for marketing purposes—it’s only to verify your identity.