Recovering a Hacked Microsoft or Outlook Account

Someone got into your Microsoft account — your Outlook.com, Hotmail, Live, or Microsoft 365 sign-in.This guide shows you exactly what to do, one calm step at a time, and it's honest about something most pages skip: Microsoft recovery is mostly automated, and it has a real dead-end. Knowing where that wall is — and what you can still do on the other side of it — is the most useful thing this guide gives you. You don't need to be good with tech. Every tool here is free.

The single most important idea.Unlike some platforms, Microsoft's recovery is run almost entirely by automated checks. There is no phone line and no human override to recover a hacked personal account — support agents cannot change your details or send you a reset link. That means two things: (1) speed matters enormously— recover before the intruder changes your security info; and (2) if the automated checks can't confirm it's you, there isn't a person you can appeal to. This guide gets you through the automated flow, and then tells you honestly what to do if it fails.

How to use this guide.Start at the top — the first hour matters most (Part 1). Part 2 walks the two recovery paths and the honest dead-end. Once you're back in, Parts 3–7 help you lock the door, undo the damage, save proof, report it, and stop it from happening again. A note on screen names: the buttons below match Microsoft's own instructions as of 2026; Microsoft renames things often, so pick the closest match if a word looks different. The "report it" steps in Part 6 are written for the United States — we say where to go elsewhere.

Part 1 — The first hour

Do these now — they matter most.

Step 1 — Is this a real break-in, or just a scare?

Some messages try to scareyou so you'll hand over your account. Tell the two apart first.

• Signs of a real break-in:you can't sign in even with the right password; you got a genuine Microsoft notice that your password, security info, or primary alias changed and it wasn't you; there are sent or deleted emails, or new inbox rules, you didn't create; or signing in returns "that Microsoft account doesn't exist" even though it definitely does.
• Signs it's just a scare (a trick): someone is pushingyou to act fast — an email, text, or call telling you to "verify" your account, click a link, or read back a security code — while the account still works normally. Microsoft will never call or email you out of the blue asking for your password or a code it sent you.

One warning to save you grief: Microsoft does notrecover hacked personal accounts over the phone, and it will never ask you to pay for recovery. Any "Microsoft support" number that promises to get your account back is almost certainly a scammer. Don't call it. The real, free routes are account.live.com/password/reset and account.live.com/acsr.

Step 2 — If you can still get in, move fast.

If any device is still signed in — your phone's Outlook app, a tablet, a work PC — use it before the intruder locks you out.

• Go to account.microsoft.com → Securityand set a brand-new password you've never used anywhere else.
• Under Security → Sign me out(or "Sign out everywhere"), sign out all sessions so a stale login the intruder holds is dropped.
• Check Security infoand remove any phone number or email you don't recognize — this is exactly what an attacker changes to lock you out.
• Can't get in because the password was already changed? Go to Part 2.

Part 2 — Get back in: the two paths and the honest dead-end

Step 3 — First, try the password reset.

Go to account.live.com/password/reset and enter your email, phone, or Skype name. If you still control a listed security method — a recovery email or phone — you can receive a code and reset the password right there. This is the quick path. If your security info was changed by the intruder, this will fail, and you move to the recovery form.

Step 4 — The account recovery form (ACSR) — the only other path.

When the reset can't work, Microsoft's account recovery form at account.live.com/acsr is the onlyremaining route. It's a questionnaire that asks you to prove ownership with details only the real owner would know. How to give it the best chance:

• Fill it out from a device and location you've used to sign in before — familiar context counts as evidence.
• Provide as much as you can: old passwords you've used, email addresses and subject lines of messages you've sent, contacts, when and where you created the account, and any products or subscriptions (Xbox, Microsoft 365) tied to it.
• Microsoft reviews each submission within about 24 hours and emails the result to the contact address you provide. You can submit the form up to twice in 24 hours — so if the first try fails, gather more detail and try once more.

Step 5 — The honest dead-end you need to know about.

⛔ Read this if signing in says the account "doesn't exist." The hardest case is when the intruder changed your primary alias(the address that names the account) and removed the original. Your old address then reports "that Microsoft account doesn't exist," even though the account is alive under a new name. Here is the honest reality, stated plainly so you don't waste days on false hope:

• The ACSR form is the only route, and it is fully automated.
• There is no human override. Microsoft support cannot manually restore the account, change its details, or send a reset link — they will direct you back to the same form.
• If the form's automated checks can't verify you, the account may be effectively unrecoverable. That is a genuinely hard wall, not a step you're missing.

If you reach that wall, the right move is to stop pouring energy into the locked door and pivot to limiting the damage — which is the rest of this guide, and where a forensic investigation can genuinely help (see the note from SleuthX below).

Sources: Microsoft Support — "How to recover a hacked or compromised Microsoft account"; "Help with the Microsoft account recovery form" (account.live.com/acsr); "When you can't sign in to your Microsoft account"; "Account recovery unsuccessful."

Part 3 — You're back in: lock the door

Do these in order so the intruder can't return.

1. Set a brand-new strong passwordyou've never used anywhere else (account.microsoft.com → Security → Change password).
2. Sign out everywhere so any session the intruder still holds is dropped.
3. Clean up Security info:remove every phone number and email you don't recognize, and confirm the ones left are yours.
4. Turn on two-step verification(Security → Advanced security options) so a password alone isn't enough. Prefer the Microsoft Authenticator app over text-message codes.
5. Add a passkeyif you can — sign in with your face, fingerprint, or device PIN; it's much harder to phish.
6. Save a recovery code (Advanced security options → Recovery code) and store it somewhere safe and offline.

Part 4 — Undo what they did (Outlook especially)

A careful intruder leaves ways to keep reading your mail after you're back. Check each of these in Outlook.com.

• Forwarding: Settings → Mail → Forwarding. Turn off any forwarding you didn't set up.
• Rules: Settings → Mail → Rules. Delete any rule you didn't create — attackers add rules that auto-delete or auto-forward password-reset emails so you never see them.
• Aliases and automatic replies: check your account aliases and any auto-reply the intruder may have set.
• Reset other accounts: because email is the reset point for almost everything, change the passwords on any account that used this address — bank, shopping, social — especially ones the intruder may have reset while they had access.

Part 5 — Save the proof (and the honest truth about deleted mail)

If you may need proof later — for police, a lawyer, a bank, or an insurer — collect it before you clean everything up.

• Take screenshotsof anything that shows the break-in: Microsoft's security alerts, your Recent activity page (account.live.com/Activity), rogue rules or forwarding, and any sent or deleted messages — make sure the date and time show.
• Export your data: you can request a copy of your Microsoft account data from the privacy dashboard, and export mailbox contents from Outlook if you still have access.

The honest truth about deleted email. What you can recover yourself is limited:

• Still in Deleted Items → you can move it back.
• Cleared from Deleted Items → Outlook.com offers Recover deleted itemsfor a limited time after deletion; after that window it's generally gone, with no self-serve undelete.
• Needed for a legal case → the only route is legal process — a preservation request plus a subpoena or court order— sent through police or a lawyer. That's also where a forensic examiner helps.

Part 6 — Report it

Reporting won't unlock your account — but it builds an official record and helps stop the criminal. If the account turned out to be unrecoverable, this record also matters for your other accounts, your bank, and your insurer.

• FTC — report fraud: reportfraud.ftc.gov.
• FTC — identity theft: if someone is using your identity, go to IdentityTheft.gov or call 1-877-438-4338 for an official Identity Theft Report and a recovery plan.
• FBI — IC3: for internet crime, file at ic3.gov.
• Local police: file a report if you know who did it or a company asks for one — bring a copy of your FTC report.

Outside the United States?Use your country's version — for example the UK's Report Fraud (reportfraud.police.uk), the Canadian Anti-Fraud Centre, or Australia's Scamwatch and ReportCyber.

Part 7 — Stop it from happening again

• Use a unique password for your Microsoft account that you use nowhere else — a password manager makes this painless.
• Turn on two-step verification, ideally with the Microsoft Authenticator app rather than text-message codes.
• Add a passkey and keep a saved recovery code offline so you always have a way back in.
• Keep your security info current — a second email and phone you control, checked from time to time.
• Never click a "verify your account" link in an unexpected message, and never read a security code out loud to anyone. When in doubt, type account.microsoft.com yourself.

Related recovery guides

This guide is part of a series. If a different account was hit:

• Recover a hacked Google or Gmail account
• Recover a stolen Apple account (Apple ID & iCloud)
• Recover a hacked Meta account (Facebook, Instagram, WhatsApp)
• Recover a hacked Amazon account
• All account-recovery guides

If the account is unrecoverable, or the break-in goes deeper than one inbox — drained funds, stolen identity, or an attacker who keeps getting back in — these SleuthX services can help:

• Account compromise recovery service
• Identity theft investigation

A note from SleuthX

This guide is free, and the steps above are everything most people can do on their own. Microsoft's hard wall is the case where an honest guide matters most: if the account turns out to be unrecoverable, that is not the end of what can be done — it's the start of a different job.A forensic examiner can't make Microsoft restore an account — that decision is Microsoft's, and we don't access accounts on anyone's behalf. What we cando is investigate the compromise: establish what the intruder reached and took, document the breach for identity-theft claims, insurance, or police, and help you secure every other account before the damage spreads. That's the "account is gone — now what" work, and it's exactly what SleuthXdoes. We're a digital-forensics firm; reaching out is optional and there's no charge to ask. Find us at sleuthx.ai or email quinn@sleuthx.ai.

Either way — you've got this. Work the steps in order, and if you hit the wall, switch your energy to limiting the damage instead of fighting a locked door.

Where this comes from

Every step, screen name, and timeline above comes from current official sources. All pages were opened and checked in June 2026; Microsoft changes these flows often, so a button may have moved by the time you read this.

Microsoft Support (support.microsoft.com)

• How to recover a hacked or compromised Microsoft account
• Help with the Microsoft account recovery form (account.live.com/acsr)
• Account recovery unsuccessful
• When you can't sign in to your Microsoft account
• Reset your Microsoft account password (account.live.com/password/reset)
• Recover deleted email in Outlook.com

Microsoft account pages

• Account recovery form (ACSR)
• Reset your password
• Recent activity

Government

• Report fraud — FTC
• IdentityTheft.gov — FTC (phone 1-877-438-4338)
• Internet Crime Complaint Center / IC3 — FBI