Security

My Email Got Hacked — Here's Exactly What to Do (Step by Step)

By the WDYS Team

Advertisement

Your email is the master key to your digital life — password resets for your bank, social media, and shopping accounts all flow through it. So if it's been hacked, speed matters. Don't panic. Work through these steps in order and you can lock the intruder out and take back control.

Signs your email was hacked

Common red flags: you can't log in even though the password is right, friends receive messages you never sent, your sent folder has emails you don't recognize, or you get security alerts about logins from unfamiliar places.

1. Change your password immediately

If you can still log in, change your password right away to something long and unique. If you're locked out, use your provider's "forgot password" or account-recovery page to reclaim it. The faster you do this, the less damage a hacker can do.

💡 Never reuse this password anywhere else. If you struggle to remember unique passwords, a password manager solves it in one place.

2. Sign out of all devices

Changing the password isn't enough if the hacker has an active session. In your account's security settings, look for an option like "sign out all devices" or "manage active sessions" and end every session but your own.

3. Turn on two-factor authentication (2FA)

This is the single most important step. With 2FA, a stolen password alone is useless — a login also needs a code from your phone. Enable it and, ideally, use an authenticator app rather than text messages, which can be intercepted.

4. Check for the hacker's hidden back doors

Smart intruders leave ways back in. Review these settings carefully:

5. Secure the accounts linked to your email

If the hacker had access for a while, they may have reset passwords elsewhere. Change passwords on your most important linked accounts — banking, social media, shopping — starting with anything that shares the old password.

6. Warn your contacts

Let friends and family know your email was compromised so they ignore any strange messages "from you" — especially urgent requests for money or links. This stops the scam from spreading through your name.

How to stay safe afterward

Keep 2FA on, use a unique password here, and check whether your address has appeared in known data breaches using a reputable breach-checking site. If it has, change any password you reused. Being cautious with links protects you from the phishing that causes most hacks in the first place — the same skill that stops fake online stores.

Frequently asked questions

What's the first thing to do if my email is hacked?

Change the password immediately (or recover the account if you're locked out), then sign out of all devices and turn on two-factor authentication.

How did someone get my email password?

Usually through a phishing link, a reused password exposed in a data breach, or malware. Unique passwords and 2FA close all three doors.

Should I make a new email address instead?

Usually not necessary. Recover and secure the existing one — starting over means losing access to everything linked to it. Only consider it if recovery truly fails.

Advertisement

Read next

Security

The $470 Million Text Scam

The five smishing scams stealing millions in 2026 — and the 3-second check that stops every one.

By the WDYS Team
Technology

9 Hidden iPhone Settings

The overlooked features — from Back Tap to document scanning — that save you time every day.

By the WDYS Team