How to check to see if you’ve been hacked

Learn some first aid for your hacked accounts.
A Lego figure sitting at a desk looking desperate because he just got hacked.

Getting hacked can make you feel really small. www_slon_pics / Pixabay

This story has been updated. It was originally published on September 12, 2019.

If you think someone might have gained access to one of your online accounts, the earlier you take action, the better. Every minute you don’t is an extra minute the hacker has to do more damage and potentially unlock other connected accounts.

Unwelcome visitors usually leave tracks behind, so if you’re vigilant, you can spot any unauthorized login early on and do something about it promptly.

Make sure you’ve been hacked

The main page of the "Have I Been Pwned?" website for checking if you've been hacked.
Nobody likes to get pwned, so check out Have I Been Pwned? to see if your accounts were involved in any recent data breaches. David Nield

Nowadays there are so many data hacks reported in the press that it’s all too easy to zone out and become numb to the threat. But these reports are an important early sign that one of your accounts may have been compromised and you may need to do something about it.

Make sure there’s at least one reputable tech outlet (like this one!) in your feeds, whether you get your news through Twitter, RSS, or some other platform. You can even set up a Google Alert for stories related to hacks on your most important accounts, which will deliver related news articles right to your inbox.

If you hear about a hack or attack that could involve one of your accounts, you can check the Have I Been Pwned? website (“pwned” being a play on “owned,” or hacked). It pulls together a huge collection of records from reported data breaches and leaked credentials that have been dumped on the web, with some 11 billion compromised accounts listed at the time of writing.

Just type in your email address and the site will tell you whether your information has been linked to any hacked databases. A match doesn’t necessarily mean your data has been exposed, but it does indicate that some of your login details have leaked out on the web. You can also sign up to get alerts if your email address is compromised in the future.

Speaking of emails, apps and sites often warn users of data breaches through direct emails. It’s worth checking that your contact details are correctly set up on the platforms you use every day, and that emails from the likes of Facebook and Twitter aren’t going directly to your spam folder.

Keeping an eye on your inbox will allow you to act promptly, but any messages about hacks that you get from the apps and sites you use should also include information about what to do next. You might even find your password has been reset for you already.

Check for strange activity

The Instagram login activity map showing activity in Stockport.
Is that you? If not, you’ve got a problem. David Nield

Most apps and platforms can give you details of recent account activity, which is an excellent way of checking whether anyone else is accessing your account. If you see a login from the other side of the world, for example, you should be suspicious.

You can do this in Gmail: Scroll all the way down to the bottom of your inbox on the web, then click the small Details button on the right. A new tab or pop-up box (depending on your operating system) will show you the latest 10 instances of activity on your Gmail account, together with the app used and the geographic location of the login.

Facebook has a similar feature. Head to the passwords and security page in the site’s settings on the web, then click See more under the list that shows where you’re logged in. Facebook gives you the time and date of the login, the device used, and where in the world it came from.

You can also do this on Twitter. Open up the settings and privacy page on the web, click on Security and account access, followed by Apps and sessions and Sessions to see exactly which devices are logged into your account and where they are. The main Apps and sessions screen lists connected third-party apps, account access history, and other logged-in devices and apps.

When it comes to Instagram, you can check up on recent login activity by visiting this page. You’ll see the devices and locations where you’re currently logged in, and you’ll be able to review recent logins, too.

Most accounts have this feature now, and it should be fairly easy to find it in the settings or security options, either on the web or in the app. Make these checks a regular part of your security routine (once a week is a good target) and you’ll have a better chance of spotting hacks early on.

Lock down your accounts

The Facebook activity check screen.
Facebook can help secure your account if you spot suspicious activity. David Nield

So, you heard it on the news, read it in an email, or realized it by checking your account activity. Yes, you were hacked—or at least it’s highly likely that you were. Now what? The first thing you want to do is chase out any unwelcome guests as quickly as possible.

On their privacy and security settings, most apps and sites will allow you to easily log out of all active sessions except for the one you’re in. That’ll force would-be hackers out before you change your credentials. On the already-mentioned Facebook activity page, you can flag any logins that you don’t recognize and log out remotely from any devices by clicking the three dots on the right.

Changing your password should be your first course of action after a hack and it should be done as quickly as possible. Pick a lengthy password that’s hard to guess, and which you aren’t currently using with any of your other accounts. If this sounds like too much work and you usually struggle to remember your login credentials, a password manager can help. To avoid any more hacks in your future, consider enabling two-factor authentication. We have quick guides that’ll teach you what it is and how to enable it, and what methods you can use it with.

If you can’t log into your account at all, it’s likely because the hacker locked you out by changing the digital locks. But don’t panic—you can always reach out to the platform’s relevant support team (e.g. Facebook, Twitter, Instagram, Google). Once you’re in contact with them, you’ll be able to prove you are who you say you are and get back into your account by providing details such as answers to security questions, how long you’ve had your account, the devices you usually use to log in, and your home location.

Recovering accounts is not an automated process and requires actual humans to take your information and verify it, which makes it a slow task. If you’re ever stuck waiting to recover an account, use that time to think of any other platforms on which you’ve used the same password—don’t worry, most of us do it—and change it. When credentials leak online, they might be randomly used to try to access any other account you own in case there’s a match. The only way to avoid that is to never reuse passwords, or to change them in case of a hack and never use them again. Ever.