The universal lockdown
Every platform has its own recovery page, but the principles of locking an account back down are the same whether it is your email, your bank, your Instagram, or your Xbox. This is the platform-agnostic checklist — the moves that apply to anyaccount. For the exact menu clicks on a specific service, jump to that service's guide at the bottom.
- Clean the device first if malware is possible. Microsoft is explicit that you should run a malware scan before you change the password — otherwise malware on the device can simply capture the new one. If the account was used on a computer that may be infected, scan it before step 2.
- Set a new, unique password. Long, and used on no other account. A password manager makes this painless and is the single highest-leverage habit here.
- Sign out everywhere.Use the account's “active sessions” or “your devices” page to revoke every session. This is what actually ejects an attacker who is currently logged in.
- Reclaim your recovery info. Review the recovery email and phone number and remove any you do not recognize — attackers swap these to theirs so they can reset their way back in.
- Upgrade two-factor. Turn on the strongest second factor the account supports — an authenticator app or a passkey over SMS where possible (here is why SMS codes are the weakest 2FA).
- Audit forwarding rules and connected apps.Remove mail forwarding and filters and revoke third-party apps or “sign in with” permissions you did not grant (email specifics: is a hacker still reading your email?).
- Reset reused passwords. Any other account that shared the breached password is now exposed — change those too, starting with email and anything financial.
The exact clicks, by platform
The checklist above is the “what.” For the “where,” each major platform has a step-by-step recovery guide:
- Google / Gmail
- Microsoft / Outlook
- Apple ID / iCloud
- Meta — Facebook, Instagram, WhatsApp
- Amazon
- All account-recovery guides
If the same attacker keeps getting back in, money has moved, or you need to know exactly what was accessed, account compromise recovery is the SleuthX service for the cases a checklist does not close on its own.
Sources
- Cybersecurity & Infrastructure Security Agency (CISA), Secure Our World — four steps to stay safer online. https://www.cisa.gov/secure-our-world
- Federal Trade Commission, How To Recover Your Hacked Email or Social Media Account. https://consumer.ftc.gov/articles/how-recover-your-hacked-email-or-social-media-account
- Google Account Help, Secure a hacked or compromised Google Account. https://support.google.com/accounts/answer/6294825
- Microsoft Support, How to recover a hacked or compromised Microsoft account. https://support.microsoft.com/en-us/account-billing/how-to-recover-a-hacked-or-compromised-microsoft-account-24ca907d-bcdf-a44b-4656-47f0cd89c245
