What should I do if my account is compromised?

Change your password as soon as possible if you suspect your account has been compromised. Check any linked accounts and also change their passwords. Finally, you should check if there is no (API) access to an unknown application. With the help of a so-called API hackers can keep control of your account; even after the password has been changed.

A hacker who holds your mail address may have different motives. Hackers are not the mastermind, as they are presented in the movie. Often it is the people from your area, who manage to hack your email. By guessing the correct answer during password recovery, acquaintances can easily crack your account. Your account has been hacked for a short time.

For strangers, it’s hard to guess your pet lover or childhood friend. In this case, the hacker succeeded in attracting you. You should think about where and when you might have given up your password. This way you can avoid similar mistakes in the future. Your computer may also be infected with malware or spyware. Check if your computer is fully secured.

Finally, you are always responsible for the security of your account. Never provide your password on an application that offsets an unknown site. Provide a good anti-virus. Prevention is better than cure.

If it’s still too late, there are some important steps in this article to put things to safety.

Account recovery access

From the beginning, you must request access again. Through the password recovery process, you can prove that you are the rightful owner. More details about the process are described in the help article: I forgot my Hotmail password. What should I do?

As soon as you can login Hotmail, you can check out some points:

  • Account Activity
  • Password
  • Linked accounts
  • Forwarding address
  • Digital email signature
  • Automatic answer
  • Permissions for applications (unwanted)

Request a log of activity

Hotmail logs activity for each account. This log may be requested through your Microsoft account. A Microsoft account is automatically logged in when you create an account for a Microsoft service. So, if you create a Hotmail, you will automatically have a corresponding Microsoft account. For an overview of activities, you go through the ‘privacy’ menu for ‘activity view. Or use this direct link: https://account.live.com/Activity?refp=security. To view activities, you must still be able to sign in to your account. If not, you must first restore access to your account.

Change the password

Typically, an email account is the portal to various online services. Facebook, Google, Netflix, Spotify, PayPal, Globe, Coolblue, Amazon, … These are all services that are connected to your email address. To be sure, you must change all the passwords for these sites. Do not forget to secure your e-mail account from the start.

Be sure to set a new Hotmail password if you have not already done so. You can change your Hotmail password through the ‘privacy’ tab of your Microsoft account. Also, check out your linked accounts if you have an account. https://account.live.com/password/Change?refp=security

Linked accounts

An intelligent hacker knows that you will try to change your password. As a stick behind the door, it can link a new account. That way, the hacker can still access your email later. Check that no unidentified mail addresses are associated. https://outlook.live.com/owa/?path=/options/connections

Forwarding address

Hackers can change the setting so that your email is forwarded to another address. Check the https://outlook.live.com/owa/?path=/options/forwarding forwarding settings

Digital signatures

A digital signature is a piece of text that you can set as the closing standard of an email. Example: “Sincerely, John”. A typical method is a hacker who gives it a bad (bad) link. This way, all your email recipients will receive this link. Check your digital signature before resending your e-mail. https://outlook.live.com/owa/?path=/options/mailsignatures

Automatic answer

Here, unwanted messages can be sent whenever someone sends you a message. This method is very effective because the message sender expects an answer from you. Check if no foreign auto answer has been set. https://outlook.live.com/owa/?path=/options/automaticreplies

Application Authorization (API)

If you are a victim of a large-scale attack, chances are that the hackers did not use your mail account manually. By using an API (Application Programming Interface), program developers can access all of your account functions. In that case, the hacker is a developer with bad intentions. Maybe the hacker has authorized his application to your account. This allows it to perform any command on your account.

To test the application is the developer account that you can use this link: https://apps.dev.microsoft.com/#/appList If you are not a programmer, list this should be empty. If you make applications, then you should look for unknown entries.


As with APIs, plugins can also be enabled. This allows the hacker to authorize your email address with other (malicious) applications. https://outlook.live.com/owa/?path=/options/manageapps