How to Know If You've Been Hacked

Don't Panic (But Do Pay Attention)

"Have I been hacked?" is one of the most common questions in internet security. The answer is usually no. A slow computer is usually just a slow computer. But sometimes the signs are real, and catching a breach early is the difference between a minor inconvenience and identity theft.

Here's how to actually tell, and what to do if the answer is yes.

Signs You Might Be Hacked

Your Accounts

• Password reset emails you didn't request: Someone is trying to get into your accounts. This is the most common early warning sign.
• "New login from unknown device" alerts: Check the location and device. If it's not yours, someone else is in.
• You're locked out of an account: If your password suddenly stops working and the recovery email has been changed, someone took over.
• Sent messages or emails you didn't write: Check your email's "Sent" folder and your social media outbox. Hackers often use compromised accounts to spam your contacts.
• Friends say they got a weird message from you: Classic sign of account compromise.

Your Devices

• Unfamiliar apps you didn't install: On your phone, check your app list. On your computer, check installed programs.
• Battery draining unusually fast: Malware running in the background burns power. This alone isn't proof (batteries degrade), but combined with other signs, it's a red flag.
• Data usage spikes: If your mobile data usage suddenly jumped without you changing habits, something might be phoning home.
• Your camera or microphone indicator turns on randomly: Modern phones and laptops show when the camera or mic is active. If it activates when you're not using it, that's bad.
• Unfamiliar browser extensions: Check your browser's extension list. Malicious extensions can redirect searches, inject ads, and steal passwords.

Your Finances

• Charges you don't recognise: Even small ones. Fraudsters often test stolen cards with tiny purchases before going big.
• New accounts you didn't open: Check your credit report. New credit cards or loans in your name are a sign of identity theft, not just hacking.

How to Check for Real

Step 1: Check Your Email in Breach Databases

Go to haveibeenpwned.com and enter your email address. This tells you which data breaches included your email and password. If your email shows up (it's common - the database contains billions of records), check which breaches exposed passwords and change those passwords immediately.

You can also use our IP Address Check to see what's currently visible about your connection, and our Browser Fingerprint tool to understand how trackable your browser is.

Step 2: Review Active Sessions

For every important account (email, social media, banking), go into settings and find "Active sessions," "Security," or "Where you're logged in." Sign out of everything you don't recognise.

Where to find this:

• Google: myaccount.google.com > Security > Your devices
• Apple: Settings > Your Name > scroll down to see all signed-in devices
• Facebook: Settings > Security and login > Where you're logged in
• Instagram: Settings > Security > Login activity
• X/Twitter: Settings > Security and account access > Apps and sessions

Step 3: Check Email Forwarding Rules

This is sneaky and often missed. Hackers sometimes add a forwarding rule to your email so they get a copy of everything, even after you change your password.

• Gmail: Settings > Forwarding and POP/IMAP > Check that no forwarding address is set
• Outlook: Settings > Mail > Forwarding > Make sure it's off
• Also check email filters/rules for anything that auto-deletes or redirects messages

Step 4: Scan Your Devices

• Windows: Run a full scan with Windows Defender (which scores well in independent tests) or Malwarebytes
• Mac: Malwarebytes for Mac is a well-regarded option. Also check System Settings > General > Login Items for anything you don't recognise
• Phone: On Android, make sure Google Play Protect is running (Play Store > Play Protect). On iPhone, malware is rare but check for unknown configuration profiles (Settings > General > VPN & Device Management)

What to Do If You've Been Hacked

Immediate Steps (Do These First)

1. Change your passwords: Start with your email (that's the master key to everything else), then banking, then social media. Use unique, strong passwords. Now is the time to get a password manager if you don't have one. Check our password manager comparison.
2. Enable two-factor authentication: On every account that supports it. Use an authenticator app (not SMS - SIM swapping attacks can intercept SMS codes). TOTP apps like Aegis (Android) or Ente Auth (iOS/Android, open source) work well.
3. Revoke connected apps: Go into each account's settings and remove any third-party apps or OAuth connections you don't recognise or use. That random quiz app you authorised on Facebook three years ago? Revoke it.
4. Check recovery settings: Make sure your recovery email and phone number are still yours. Hackers often change these so they can get back in even after you change your password.

If Your Device Is Compromised

1. Disconnect from the internet: If you suspect active malware, go offline first to stop data from being sent out.
2. Back up your important files to a clean USB drive (documents, photos, not applications)
3. Factory reset the device: This is the most reliable way to remove malware. Yes, it's annoying. No, there's no shortcut.
4. Reinstall from scratch: Don't restore from a backup that might include the malware. Reinstall apps fresh and copy back only data files.

If Your Identity Is Compromised

1. Freeze your credit with the major credit bureaus. In the US, credit freezes are free via Equifax, Experian, and TransUnion. In the UK, contact Experian, Equifax, and TransUnion UK, or place a CIFAS protective registration to flag your identity. In Germany, contact Schufa. This prevents new accounts from being opened in your name.
2. Report to your bank: If you see fraudulent charges, call your bank immediately. Under UK Payment Services Regulations, you may be entitled to a refund for unauthorised transactions.
3. File an identity theft report: In the UK, report to Action Fraud (the national reporting centre). In the US, use identitytheft.gov.
4. Monitor your credit for the next 6-12 months. Look for accounts you didn't open.

How to Not Get Hacked Again

• Use a password manager: One unique password per account. The single biggest security upgrade you can make.
• Enable 2FA everywhere: Especially email, banking, and social media.
• Don't reuse passwords: If you use the same password on two sites and one gets breached, both are potentially compromised. This is how most "hacks" actually happen.
• Be sceptical of links: Phishing is consistently the most common attack vector according to the Verizon Data Breach Investigations Report. If an email asks you to "verify your account" or "confirm unusual activity," don't click the link. Go directly to the website instead.
• Keep your software updated: Most malware exploits known vulnerabilities that have already been patched. Updates are annoying. Getting hacked is worse.
• Run our Privacy Checkup: It takes 2 minutes and identifies the biggest gaps in your setup.

When It's Not Actually a Hack

Some things look scary but aren't:

• "Your account was accessed from a new location": If you're travelling or using a VPN, this is just you from a different IP.
• Random password reset emails: Could be someone mistyping their email address. Only worry if it happens repeatedly for the same account.
• Slow computer: Usually means too many browser tabs, aging hardware, or a drive that needs cleaning. Not malware.
• Spam increase: Your email leaked in a breach, but that doesn't mean your account is compromised. Just means you're on a spam list now.
• Targeted ads that seem creepy: That's ad tracking, not hacking. Creepy, but different.

If you're not sure, check the actual signs above. And when in doubt, changing your passwords and enabling 2FA costs you nothing.