PrivacyOn
SecurityApril 2, 20267 min read

What to Do If Your Email Has Been Hacked

Discovering that your email has been hacked is alarming, but how you respond in the first few hours can make the difference between a minor inconvenience and a full-blown identity theft crisis. Email accounts are the keys to your digital life -- they are connected to banking, social media, shopping, and more. Here is exactly what to do, step by step, if your email has been compromised.

Email Compromise Is Big Business

According to the FBI's Internet Crime Complaint Center (IC3), business email compromise (BEC) attacks alone cost victims $2.77 billion in 2024. Over the past decade, BEC scams have resulted in nearly $55.5 billion in total losses. Personal email hacks can be just as devastating, giving criminals access to your entire digital identity.

Signs Your Email Has Been Hacked

Sometimes a hack is obvious, but other times the signs are subtle. Watch for these warning indicators:

  • Unfamiliar sent messages: Emails in your sent folder that you did not write, often containing spam links or requests for money
  • Password reset emails you did not request: If you are receiving reset notifications from other services, a hacker may be trying to take over linked accounts
  • Friends receiving spam from your address: Contacts telling you they received strange messages from you is one of the most common early warnings
  • Login alerts from unknown locations: Notifications showing sign-ins from unfamiliar cities, countries, or devices
  • Changed account settings: Your recovery email, phone number, or security questions have been altered without your knowledge
  • Locked out entirely: You cannot log in because the hacker has already changed your password

Immediate Steps to Take

Time is critical. Follow these steps as quickly as possible:

1. Change Your Password Immediately

If you can still access your account, change your password right away. Choose a strong password that is at least 16 characters long, combining uppercase and lowercase letters, numbers, and symbols. Do not reuse a password from any other account.

If you are locked out, use your email provider's account recovery process. Gmail, Outlook, and Yahoo all have recovery flows that verify your identity through backup email addresses, phone numbers, or security questions.

2. Enable Two-Factor Authentication (2FA)

Once you regain access, immediately enable 2FA. This requires a second verification step -- typically a code from an authenticator app like Google Authenticator or Authy -- every time someone tries to log in. Use an authenticator app rather than SMS-based 2FA, as text messages can be intercepted through SIM-swapping attacks.

3. Check and Reset Recovery Options

Hackers often add their own recovery email or phone number so they can regain access later. Review and verify:

  • Recovery email addresses -- remove any you do not recognize
  • Recovery phone numbers -- ensure only your number is listed
  • Security questions -- reset these if they may have been compromised

4. Review Connected Apps and Third-Party Access

Check which apps and services have permission to access your email account. Revoke access for any applications you do not recognize or no longer use. In Gmail, check this under Security > Third-party apps with account access. In Outlook, review it under Privacy > App permissions.

5. Scan Your Devices for Malware

The hack may have originated from malware on your computer or phone. Run a full antivirus scan on all devices you use to access your email. If malware is found, changing your password again after the scan is essential -- otherwise the new password may be captured too.

Check Your Email Forwarding Rules

One of the sneakiest tactics hackers use is setting up email forwarding rules that silently send copies of all your incoming mail to their own address. Even after you change your password, they continue receiving your emails. In Gmail, check Settings > Forwarding and POP/IMAP. In Outlook, check Rules and Forwarding. Delete any rules you did not create.

Securing Your Digital Life After a Hack

Recovering your email account is only the first step. A compromised email likely means other accounts are at risk too.

Update Passwords on All Linked Accounts

Any account that uses your hacked email for login or password recovery should be considered potentially compromised. Prioritize these accounts in order:

  1. Banking and financial accounts -- checking, savings, credit cards, investment platforms
  2. Payment services -- PayPal, Venmo, Zelle, Apple Pay
  3. Shopping accounts -- Amazon, eBay, or any site that stores your credit card
  4. Social media -- Facebook, Instagram, LinkedIn, X
  5. Cloud storage -- Google Drive, Dropbox, iCloud

Use a unique password for every account. A password manager like 1Password or Bitwarden makes this manageable.

Notify Your Contacts

Let your contacts know that your email was compromised so they do not fall for any phishing messages sent from your account. A brief message explaining the situation is usually sufficient. Ask them to delete any suspicious emails they received and to avoid clicking links in those messages.

Monitor Your Credit and Financial Accounts

Check your bank statements and credit reports for unauthorized activity. Consider placing a fraud alert or credit freeze with the three major bureaus (Equifax, Experian, and TransUnion) if you suspect the hacker accessed sensitive financial information.

Preventing Future Email Hacks

Once you have recovered, take these steps to reduce the risk of it happening again:

  • Use unique passwords everywhere: Password reuse is the number one reason email hacks cascade into broader identity theft. If one site gets breached and you used the same password for your email, both are compromised.
  • Enable 2FA on every account that supports it: Not just email, but banking, social media, cloud storage, and shopping accounts.
  • Learn to spot phishing: Be skeptical of emails asking you to click links, verify your identity, or provide personal information -- especially if they create a sense of urgency. Check the sender's actual email address, not just the display name.
  • Keep software updated: Security patches fix vulnerabilities that hackers exploit. Enable automatic updates on your operating system, browser, and apps.
  • Use a dedicated email for sensitive accounts: Consider having a separate email address for banking and financial services that you do not share publicly or use for newsletters and general sign-ups.

Stay Ahead of Threats

An email hack is often just one piece of a larger data exposure. Your email address, passwords, and personal information may already be circulating on the dark web from previous breaches -- and that exposure is what makes future hacks more likely.

PrivacyOn provides 24/7 dark web monitoring that alerts you when your credentials appear in breaches or on underground marketplaces. Combined with removal from over 100 data broker sites, PrivacyOn reduces your overall exposure and helps prevent the kind of personal data leaks that lead to email compromises in the first place. Family plans cover up to 5 people starting at $8.33 per month, so you can protect your entire household.

PrivacyOn Team

Experts in online privacy and data protection since 2022.

Related Articles

Security

Is It Legal for Data Brokers to Sell Your Information?

Security

How to Create a Strong Password

Security

How to Protect Elderly Family Members From Identity Theft

Ready to Protect Your Privacy?

Let PrivacyOn automatically remove your personal information from data broker sites and keep it removed.