What To Do After Getting Hacked: Guide for 2025

You’ve been hacked and I know how you feel. It sucks. Once you’re done feeling sorry for yourself, you need to start picking up the pieces and fixing things. Whether it’s as simple as your account password being stolen or as devastating as a data breach or identity theft, you must act fast. Here is a step-by-step guide for what to do when you’ve been hacked.

II woke up one morning to find a bunch of authentication texts from Google asking if I had forgotten my password.

I hadn’t.

Instead, I quickly discovered that my email had somehow been hacked and that Google had shut down my access when they couldn’t reach me for verification.

I breathed a sigh of relief until later that morning when my bank sent me an email saying that they noticed some suspicious activity. I was beginning to get quite nervous.

Less than two hours later, my phone company sent me a text alerting me to fraudulent activity on my account.

At that point, I was in full freak-out mode.When it comes to hacking and identity theft, speed is key. When it comes to hacking and identity theft, speed is key. Hackers know they have limited time to take advantage of their new-found account access so they often make quick work of your identity.

What I learned that day – and have continued learning since – are the steps that I had to take to lock down my accounts, secure my identity, and reset my life after being hacked.

Here are the 5 steps to take after you’ve been hacked:

I hope this can be helpful for you as well.

Note: Some of the links in this article are affiliate links, which means that at no extra cost to you, I may be compensated if you choose to use one of the services listed.

Step #1: Immediately Change Your Passwords

After finding that my email had been hacked, the very first order of business for me was to change my secure password for my most sensitive logins and ensure that every online account was protected.

As easy as that may sound, because Google had locked down my Gmail account, it was actually quite difficult (thankfully, I still had access to the email I had created as an alternative to Gmail).

Thankfully, I had listed a recovery email and verified my phone with Google, so after about 5-10 minutes of requesting the password reset link and creating a new password using my favorite password manager software, I was squared away.

Make sure your new password is even better than your last. If you’re not using a password manager to help you create these stronger passwords, here is a comparison of my recommended password managers.

If for some reason changing the password is not possible, you need to call the company and freeze the account.

Once you’ve changed your password, it’s also a good idea to go through these 5 steps to further secure your Gmail account. You may want to finish working to fix your current hacking situation, but you’ll eventually want to go back and secure your account.

Step #2: Quickly Assess the Situation (& Assume the Worst)

At this point, you should take a moment, breathe, and try to assess what has happened.

Take a short walk or call a friend if you need to. You need a level head to start thinking through implications and worst-case scenarios.

Try to imagine what could have happened to determine what you need to do next. For example:

• Did you use this password elsewhere? If you’re the kind of person who recycles the same password in multiple places, you might have some work to do. If the hacker somehow gets a hold of your email and password, they will immediately find your other online logins and start trying that password. You need to start changing your passwords for your most sensitive accounts immediately, and you don’t want them to be the same password. Creating secure passwords via a good password manager comes in handy in situations like these.
• What kind of information did your archive have? After my email was hacked, I didn’t realize that the hacker had been able to gain access to my social security number until my bank alerted me of possible credit fraud. Over the years of emailing my tax documents to accountants (why did I do that?!), I forgot that my SSN was probably an easy grab for the hacker.
• Are there any changes to the account? After my email was hacked, I immediately looked at my sent mail as well as my settings to make sure that the hacker hadn’t authorized another user to send or receive my mail. With my bank and phone company, I called to make sure no changes had been made in the past 24 hours. Additionally, check your social media account settings and activity to ensure that no unauthorized changes have been made.

It’s stressful to have to think through all of this.

Trust me, I know.

Still, you must take the time as you figure out what to do now that you’ve been hacked. This is your opportunity to minimize the damage and make sure that nothing bad happens.

Try to use this as an opportunity to create a better password profile and better personal security practices.

Step #3: Create Fraud Alerts for Your Credit

I don’t care if the account that got hacked was your bank, your email, or your shopping log-in at Amazon.

Setting up a credit freeze or fraud alert with the credit bureaus is a no-brainer.

The first thing I did was call my bank (Chase) to ask for the details behind the security alert. They told me about a credit pull that took place with another bank in another state.

When I called the other bank (Citibank), they confirmed that somebody had opened an account using my social security number…

…and it had been approved!

After identity verification, we were able to cancel that account without issue. Thankfully, I had caught this fast.

I then spent 10 minutes online creating a credit freeze with all three of the credit bureaus.

A credit alert means that any future credit applications made using my information in the future will be subject to even further scrutiny and require extra verification.

An alert will make it very hard (but not impossible) for you to open a new credit card or get a loan, but it will also eliminate any threat of your identity being used for further harm.

Unfortunately, you can’t set up the freeze with just one bureau…you need to go through each of the big three to make sure it’s been set up individually.

Honestly, these credit bureaus don’t seem to be very organized (I called them), so I recommend just setting up an alert for all three at the same time. It’s definitely not going to hurt you to do this.

The credit freeze lasts as long as you want it to, so you’ll have to go in and “thaw” the freeze whenever you want to start using more credit again.

IMPORTANT: Identity Theft Victims

If you’ve been hacked and you suspect that your identity has been stolen or is being used maliciously, there are two extra steps you should take.

First, you’ll want to jump over to IdentityTheft.gov to report the theft and get help developing a recovery plan.

Second, you’ll want to set up credit monitoring, which I will address below in step 5. Various companies do this, but I use and recommend Identity Guard.

Step #4: Go Back & Set Up 2-Factor Authentication

Now that you’ve defensively changed your passwords, assessed the situation, and set up a fraud alert, you now need to go on the offensive.

You need to take the steps necessary to future-proof yourself from being hacked again.

If you haven’t already done this, make sure you activate 2-step authentication for all of your online logins. It’s a bit of an annoyance, I know, but the security is worth the effort, I promise.

Two-factor authentication (2FA) is becoming a standard security feature for many online accounts. This is true whether you’re trying to change the privacy settings on Facebook or you’re locking down Google or Twitter.

It takes many different forms, but usually looks like one of the following:

• Two Factor Authentication via Text Message: Formerly the most common form of authentication, SMS authentication is now considered the least secure. You log into your account with your password, which then sends a text message with a numeric passcode that you must enter to ensure it is you. Of these three listed options, text message 2FA verification is the least secure
• 2-FA via Mobile App: A number of applications and websites rely on the Google Authenticator app (available for iOS and Android) for 2-factor authentication. This app generates a new key every 20 seconds or so and you must open the app and type in the numeric code after entering your password. If you need help, here is my tutorial for how to set up Google Authenticator.
• 2-FA via Secure Key: The newest and most secure method for 2-factor authentication is what’s known as a “secure key”. This USB or Bluetooth key can be kept on your key chain and automatically lets your computer or mobile device know that you are the real you. You can learn how to set up a Yubico 2FA key here.

Whichever method you choose, I recommend you activate this 2-factor authentication for every login that will allow you to do so.

You can either look in your settings or search Google for “how to set up 2-factor authentication for ________.”

Step #5: Monitor Your Accounts Closely for the Next Month

The final step here is to monitor all your bank, email, and social media accounts login credentials like a hawk for the next month or two.

I’m not just talking about the account that was hacked – you should be monitoring ALL of them for the next month.

This should be done in a number of different ways:

• Get Your Free Credit Report: Each credit bureau is required to give you one free credit report per year, so take advantage of yours now. Check through to make sure that there isn’t any information that you don’t recognize.
• Tell Your Friends/Family to be on Alert: Tell them about being hacked so if they get weird social media requests from you or a fishy phone call, they know to be careful about what kind of information they give. They should also tell you about it.

• Consider an Identity Monitoring Service: Although there’s a cost involved here, identity monitoring companies such as Identity Guard provide a valuable service (which includes $1 million in identity theft protection). After a month of getting bored of monitoring your accounts, you’ll more than likely start to forget about having been hacked. Identity Guard will maintain vigilant monitoring after you’ve long forgotten about it (and hackers know that).

Step #6: Preventing Future Hacks

Preventing future hacks requires a combination of common sense, best practices, and the right tools. Here are some steps you can take to protect yourself:

1. Use Two-Factor Authentication: Two-factor authentication (2FA) is a security process that requires you to provide two forms of identification before accessing your online accounts. This usually involves something you know (like your password) and something you have (like a verification code sent to your phone). By enabling 2FA, you add an extra layer of security, making it much harder for hackers to gain access to your accounts.
2. Use a Password Manager: A password manager is a lifesaver when it comes to keeping your online accounts secure. It stores and organizes your passwords, allowing you to use unique, complex passwords for each account without having to remember them all. With a password manager, you only need to remember one master password, and the software takes care of the rest. This significantly reduces the risk of using the same password across multiple sites.
3. Use a Different Password for Each Account: Using the same password for multiple accounts is a recipe for disaster. If one account is compromised, all of your accounts are at risk. A password manager can help you generate and store unique passwords for each of your online accounts, ensuring that a breach in one account doesn’t lead to a domino effect.
4. Keep Your Software Up to Date: Regularly updating your operating system, browser, and other software is crucial for protecting yourself from known vulnerabilities. Hackers often exploit outdated software to gain access to your sensitive data. By keeping your software up to date with the latest security patches, you can close these vulnerabilities and keep your data safe.
5. Use Anti-Malware Software: Anti-malware software is essential for protecting your computer from malicious software that can steal your sensitive data or take control of your system. Make sure you have reputable anti-malware software installed and keep it updated to protect against the latest threats.
6. Be Cautious of Phishing Emails: Phishing emails are designed to trick you into revealing sensitive information, such as your login credentials or financial information. Be cautious of emails that ask you to click on a link or download an attachment, and never give out sensitive information via email. Always verify the sender’s identity and look for signs of phishing, such as poor grammar or suspicious links.

By following these steps, you can significantly reduce the risk of future hacks and keep your online accounts secure. Remember, the key to preventing hacks is to stay vigilant and proactive about your online security.

Final Thoughts | What To Do When You’ve Been Hacked

You’re not the first person who’s been hacked and you certainly won’t be the last. Take a deep breath and follow the steps outlined in this guide.

• Immediately change the password of the hacked login. Follow suit with others if you have the time.
• Assess the situation and determine what needs to be done.
• Create a fraud alert with the credit bureaus.
• Go through all your online accounts to set up 2-factor authentication.
• Finally, when all of that is done, monitor your financial accounts and email for any suspicious activity.

There’s no way to escape the sick feeling of being violated and it sucks to know that this hacker likely won’t get caught for what they’ve tried to do to you.

However, these steps will give you confidence that your online logins are secure and your identity is safe. The tools listed here as well as other recommended online security resources will help you take back control of your privacy and identity.