10 Signs Your Accounts Have Already Been Hacked

10 Signs Your Accounts Have Already Been Hacked (And What to Do Right Now)

Knowing the signs your accounts have been hacked could save you from identity theft, financial loss, and months of damage. Here are the 10 warning signs — and the exact steps to take the moment you spot any of them.

Table of Contents

1. How Hacks Actually Happen
2. The 10 Signs Your Account Has Been Hacked
3. What to Do Right Now: Step-by-Step
4. Signs by Account Type
5. Common Mistakes After Being Hacked
6. How to Prevent It Happening Again
7. Frequently Asked Questions
8. Conclusion

How Hacks Actually Happen

Most people imagine being hacked involves a sophisticated attacker targeting them specifically. The reality is far more mundane — and far more common.

The overwhelming majority of account compromises happen in one of three ways. A company you signed up with suffers a data breach and your password is stolen. You reuse a password across multiple sites and it gets tested automatically against hundreds of services. Or you clicked a convincing phishing link and typed your credentials into a fake login page.

None of these require you to have done anything obviously wrong. Breaches happen at companies — not necessarily because of anything you did. The problem is that most people don't find out their account was compromised until significant damage is already done.

The warning signs exist. Most people just don't know what to look for.

Important: If you spot any of the signs below, do not wait. The window between a hacker gaining access and causing serious damage can be as short as minutes — especially for email and banking accounts.

The 10 Signs Your Accounts Have Already Been Hacked

Sign 1

You Receive a Password Reset Email You Didn't Request High Risk

This is one of the clearest early warning signs. If a password reset email lands in your inbox and you didn't ask for it, someone else did. They either have your email address and are attempting to take over your account, or they already have access to your email and are in the process of resetting passwords across your other accounts.

Do not ignore this. Do not delete it. Act immediately — go directly to the service (not through the email link) and change your password and enable two-factor authentication before the attacker can use that reset link.

Sign 2

Login Alerts From Locations or Devices You Don't Recognise High Risk

Google, Facebook, Microsoft, Apple, and most major platforms send security alerts when your account is accessed from a new device or location. If you receive one of these and it wasn't you — someone else has your password and has logged in.

Check your account's active sessions immediately. Most platforms let you view all logged-in devices and sign them out remotely. Go to your account's Security Settings and look for "Active Sessions," "Devices," or "Where You're Logged In" — then remove everything that isn't yours.

Sign 3

Your Password No Longer Works High Risk

If you're suddenly locked out of an account you use regularly and your password is being rejected — and you haven't changed it — someone has already changed it for you. This is a sign the attacker has completed a takeover and is locking you out to buy themselves time.

Use the account recovery option immediately. For email accounts especially, act fast — your email is the master key to every other account. Attackers know this and target email first.

Sign 4

Friends and Contacts Are Receiving Messages You Didn't Send High Risk

When someone calls or messages you asking "did you just send me a weird link?" — your account has been compromised and is being used to spread malware or phishing messages to your contacts. This happens most commonly on email, WhatsApp, Facebook Messenger, and Instagram.

The attacker is using your trusted identity to get your contacts to click malicious links. The damage here extends beyond your own account — your friends and family are now also at risk. Secure your account immediately and warn your contacts not to click anything recently sent from you.

Sign 5

Unfamiliar Activity in Your Sent Folder or Post History Medium Risk

Check your sent emails. Check your social media posts. Check your browsing history on shared devices. Emails you don't remember sending, posts you don't remember making, or purchases you don't remember completing are direct evidence someone else has been using your account.

Attackers often try to delete traces of their activity — but they don't always bother, especially if they gained access recently. A sent folder with unfamiliar emails to unfamiliar addresses is a clear sign of compromise.

Sign 6

Your Account Details Have Been Changed Without Your Knowledge High Risk

Check your account's profile information. If your recovery email, phone number, security questions, or name have been changed and you didn't do it — your account has been accessed by someone else. This is a deliberate move by attackers to weaken your ability to recover the account.

They change recovery options first so that when you notice and try to recover the account, the recovery codes go to an address or number they control rather than yours. Check these regularly even if you don't suspect anything is wrong.

Sign 7

Unusual Charges on Your Bank or Payment Account High Risk

Small test charges are a classic sign of a compromised payment account. Attackers will often make a tiny transaction — £1 or less — to verify a stolen card works before making larger purchases or selling the details. Any charge you don't recognise, no matter how small, deserves immediate investigation.

Check your PayPal, Apple Pay, Google Pay, Amazon, and any other stored-payment service alongside your bank account. Attackers often use secondary payment services rather than going directly to your bank, precisely because people check those less frequently.

Sign 8

Your Antivirus or Browser Flags Something Unusual Medium Risk

If your antivirus software suddenly flags a threat, your browser warns you about a suspicious extension you didn't install, or you notice a new toolbar or programme you don't remember adding — your device may have been compromised. Malware installed on your device can steal credentials as you type them, making every account you log into vulnerable.

A compromised device is more serious than a single compromised account. If you suspect malware, change your passwords from a different device first — then deal with the infected device.

Sign 9

You Appear in a Data Breach Notification Medium Risk

Services like HaveIBeenPwned.com — run by respected security researcher Troy Hunt — allow you to enter your email address and see if it appears in any known data breaches. If it does, your credentials from that breach are likely being tested against other services right now by automated tools.

This is not hypothetical. Data breach records are sold and shared on criminal forums within hours of a breach occurring. If your email appears in a breach, treat every account that uses that password as potentially compromised — even if you haven't seen any other warning signs yet.

Sign 10

Your Device Is Slower, Hotter, or Using More Data Than Usual Worth Checking

A device that runs unusually hot, drains battery significantly faster, or uses more mobile data than normal may have malware running in the background — mining cryptocurrency, transmitting your data to a remote server, or participating in a botnet. These are subtler signs and can have innocent explanations, but combined with any other sign on this list they warrant serious attention.

Check which apps are consuming the most battery and data in your phone or computer settings. Unknown apps consuming significant resources are worth investigating immediately.

What to Do Right Now: Step-by-Step

If you've spotted any of the signs above, follow these steps in order. Speed matters — act on the highest-risk accounts first.

1. Secure your email account first. Your email is the master key — password resets for every other account go there. Change your email password immediately from a device you trust. Enable two-factor authentication using an authenticator app (not SMS if possible). Check and remove any unknown recovery emails or phone numbers.
2. Check all active sessions and sign everything out. On Google: go to myaccount.google.com → Security → Your Devices. On Facebook: Settings → Security → Where You're Logged In. On any platform: find Security Settings and remove any session you don't recognise.
3. Change passwords on all important accounts. Banking, social media, shopping sites with saved payment details, work accounts. Use a unique, strong password for each — a password manager makes this practical. Our password security guide covers the best free options.
4. Enable two-factor authentication everywhere. This is the single highest-impact step you can take. Even if a future attacker gets your password, 2FA stops them from logging in without your phone. Enable it on every account that offers it — email, banking, social media, and anything with payment details.
5. Check for unauthorised changes. Recovery email, phone number, linked apps, forwarding rules in your email (a common attacker trick — they set emails to forward to themselves even after you recover the account). Remove anything you didn't put there.
6. Notify your bank if any financial accounts were involved. Call the number on the back of your card or log in directly (not via any link) and report suspected unauthorised access. Banks have dedicated fraud teams and can freeze suspicious transactions, issue new cards, and investigate charges.
7. Warn your contacts. If your account was used to send phishing messages or malicious links to people you know, tell them as soon as possible. A short message — "My account was compromised, please don't click any links recently sent from me" — takes 30 seconds and could prevent someone you care about fro