How To Recover A Hacked Microsoft Account & Prevent Future Hacks

Microsoft accounts are now used for OneDrive file storage, emails, Skype conversations, and even signing into Windows 8. You’ll want to get that Microsoft account back if it’s ever hacked — and Microsoft provides several ways to recover your account.

Check If Your Account Is Compromised

If you can’t log into your account with your normal password, it’s possible the attacker has compromised the account and changed your password. This is the obvious type of hack — you just won’t be able to access your account anymore.


If you can sign into your account, use the Monitor Recent Activity page on Microsoft’s website. This page will show you recent activity on your account, including the IP addresses that have logged into it recently and their platform and browser. For example, if you only use Windows devices, but you see a Linux device log in, that’s a problem. More importantly, check the IP addresses logging into your device and make sure they match places you’ve logged in from. If you live somewhere in the USA and see someone has logged in from Russia, you know there’s a problem.

If you see a login attempt that you know is wrong, you can tell Microsoft this wasn’t you.

To check your current computer’s public IP address, visit Google and perform a search for “my ip” without the quotes. You can also just search Bing and load one of the “What is My IP” pages to get an answer.

How To Recover A Hacked Account

It’s a good idea to scan your current computers for malware before going through the account recovery process. Your password may have been captured by a keylogger or another piece of malware running on your PC. If you change your password on that PC, it’s possible the attackers could just capture your new password. Install a reputable antivirus and scan your computer for malware before continuing.

If you can still sign into your account, use the Change Your Password page on Microsoft’s account dashboard. Set a new, strong password. People accessing your account with your old password won’t be able to sign in with the new one.


If you can’t sign into your account, use the Reset Password page on Microsoft’s website. If you’ve previously provided a backup email address or cell phone number to verify you own the account, you’ll be asked for this information.

If you’ve signed into the account from a Windows 8 system and marked your PC as a “trusted PC,” try resetting your password from the trusted PC. Microsoft will know you’re the real owner of the account and won’t ask for additional verification info if you reset your password from a trusted PC.


If none of these tips helps, visit the Recover your Microsoft account page. Microsoft will ask you to fill out a questionnaire with answers to specific questions about the account and emails stored there. The answers you provide will prove you’re the account’s real owner — this method can be used even if you haven’t provided any account recovery information. Microsoft’s website says “Someone will get back to you within 24 hours (typically a lot sooner)”, so you’ll have to wait a bit after filling out the questionnaire.


Avoid Future Hacks

Follow our tips for securing Microsoft accounts to prevent your Microsoft account from being compromised in the future. Set a strong password people can’t easily guess, use two-step verification to prevent people from logging in even if they discover your password, and provide recovery email addresses and phone numbers where Microsoft can reach you. These addresses aren’t just used for recovery — Microsoft uses codes sent there to verify you are who you say you are if you don’t have two-step verification enabled.

You can also have Microsoft deliver security notifications to your phone. By default, they’re emailed. If you have Microsoft send them via SMS, you’ll be more likely to see notifications immediately when someone is trying to gain access to your account.

Typical Internet security tips apply, too. Don’t fall for phishing websites that pretend to be Microsoft to steal your account password. Don’t send your account password over email — no one at Microsoft or another legitimate company will ever contact you via email and ask for your password. Secure your PC by setting up antivirus software, enabling automatic updates, and uninstalling vulnerable software like Java. 

Microsoft accounts are a lot like other accounts. This process is very similar to the process for recovering a hacked Google account, for example. The tips for securing your account — enabling two-step authentication, setting a strong password, securing your computer, and so on — will help secure all your online accounts.

Have you ever had to recover a hacked Microsoft account or any other type of account? Leave a comment and know what the process was like!

Leave a Reply