My account was hacked: what to do in the first 10 minutes
Few things are as frightening as realising your email, social media or even bank account has been breached. The good news is that the first 10 minutes are crucial to limit the damage and regain control.
Here’s a quick, simple guide to act immediately.
1. Change the password (if you still have access)
If you can still log in, change the password at once.
- Use a strong password (at least 12 characters, mixing letters, numbers and symbols).
- Don’t reuse old passwords.
- Avoid personal information that’s easy to guess.
Tip: use a password manager to generate and store secure passwords.
2. Sign out active sessions on all devices
Most platforms (Google, Facebook, Instagram, Microsoft, etc.) let you see where your account is signed in. Sign out of all sessions except the device you’re using now.
That way, even if the attacker still has access, they’ll be forced out.
3. Enable two-factor authentication (2FA)
If you hadn’t enabled it, do it now.
- Prefer an authenticator app (Google Authenticator, Authy, Microsoft Authenticator) rather than SMS.
- 2FA adds an extra barrier, even if the attacker knows your password.
4. Check account settings and recent activity
Attackers often change details to keep access:
- Recovery email addresses or phone numbers
- Backup/alternate email address
- Automatic messages sent in your name
Undo anything that has been changed.
5. Notify your contacts
If your account was used to send fraudulent messages, tell family, friends or colleagues not to click suspicious links. This helps limit the damage and prevents others being tricked.
6. Contact the service and follow the recovery steps
Almost every platform has a help page for compromised accounts:
- Facebook – hacked account
- Google – Recover your account
- Microsoft – Recover your account
- Instagram – Compromised account
Use these tools to strengthen recovery and secure the account.
7. Scan your devices
Sometimes the breach isn’t due to a weak password but malware on your computer or mobile.
- Update the operating system.
- Run a full scan with a reputable anti-virus.
- Remove suspicious apps or browser extensions.
8. Change passwords on other linked accounts
If you used the same password on more than one site (common, but risky), change those too.
👉 Um ataque a uma conta pode rapidamente transformar-se num efeito dominó.
Conclusão
Discovering an account has been hacked is stressful, but acting quickly lets you regain control and reduce the damage.
Remember:
- Strong passwords + two-factor authentication = double protection.
- Keep devices up to date and malware-free.
- Act fast, every time.
🔒 No digital, a prevenção é a sua melhor defesa.
