Someone Hacked My Account: Complete Response Guide

Discovering that someone has hacked your account can be overwhelming. The first 24 hours are critical—both for securing your accounts and for documenting evidence that may be needed for legal action. Here's a step-by-step guide to responding effectively.

Why the First 24 Hours Matter

Every minute counts when your account has been compromised. Attackers can:

Change passwords and lock you out permanently
Modify recovery information to maintain access
Access sensitive data (emails, photos, financial information)
Use your account to target others (spam, phishing)
Delete evidence of their access

Acting quickly can limit damage and preserve evidence for legal proceedings.

Immediate Actions (First Hour)

1. Don't Panic—Document Everything First

Before making any changes, document what you see:

Screenshot any suspicious activity
Note the exact time you discovered the compromise
Record any unusual settings or changes
Don't delete anything yet—evidence may be needed

2. Change Passwords from a Secure Device

Use a device you trust (not the potentially compromised one) to change passwords:

Start with the compromised account
Change passwords for all linked accounts (email, social media, financial)
Use strong, unique passwords for each account
Consider using a password manager to generate and store secure passwords

Important: If you can't access your account because the password was changed, use account recovery options immediately. If recovery information was also changed, contact platform support right away.

3. Enable Two-Factor Authentication

Two-factor authentication (2FA) adds an extra layer of security:

Enable 2FA on all affected accounts
Use an authenticator app (Google Authenticator, Authy) rather than SMS when possible
Review and remove any backup codes the attacker may have generated
Generate new backup codes and store them securely

4. Review and Remove Unknown Devices

Check your account's device list and remove anything you don't recognize:

Google: myaccount.google.com/device-activity
Apple: appleid.apple.com → Sign-In and Security → Devices
Facebook: Settings → Security and Login → Where You're Logged In
Instagram: Settings → Security → Login Activity

Remove all unknown devices immediately. If you see devices you recognize but don't remember authorizing, remove them too—they may have been compromised.

5. Check Recovery Email and Phone Settings

Attackers often change recovery information to maintain access:

Verify your recovery email address is correct
Confirm your recovery phone number hasn't been changed
Check for any backup email addresses you didn't add
Review security questions and answers

If any recovery information was changed, change it back immediately and secure your account.

Evidence Collection (Hours 1-24)

Screenshot Everything Suspicious

Document all evidence before making changes:

Screenshot login history showing unauthorized access
Capture device lists showing unknown devices
Document any changed settings or recovery information
Save emails or notifications about account changes
Take screenshots of any suspicious messages or posts sent from your account

Store screenshots in a secure location (not on the compromised account).

Export Account Activity Logs

Download complete account data exports for forensic analysis:

Google: takeout.google.com → Select Account Activity, My Activity, Location History
Apple: privacy.apple.com → Request a copy of your data
Facebook: Settings → Your Facebook Information → Download Your Information
Instagram: Settings → Your Activity → Download Your Information

These exports contain timestamped evidence that can be used in legal proceedings.

Document Timeline of Events

Create a detailed timeline:

When you first noticed suspicious activity
When unauthorized logins occurred (from activity logs)
When passwords or recovery information were changed
When unknown devices were added
Any other suspicious activity you've discovered

This timeline will be crucial if you need to file a police report or pursue legal action.

Preserve Deleted Messages or Emails If Possible

If the attacker deleted messages or emails, check:

Trash or deleted items folders
Archive folders
Email forwarding rules (they may have forwarded emails before deleting)
Account exports (may contain deleted items depending on platform)

Generate Forensic Report for Legal Proceedings

Professional forensic documentation includes:

Timestamped evidence of unauthorized access
IP addresses and device fingerprints
Geographic location data
Chain of custody documentation
Methodology and analysis summary

ForensAI generates professionally documented PDF reports with all of this information automatically.

ForensAI generates professionally documented documentation with timestamped findings, IP addresses, and device fingerprints in minutes. No need to wait weeks for a forensic firm or pay thousands of dollars.

Notification Steps

Alert Your Contacts About Potential Spam

If your account was used to send spam or suspicious messages:

Post a public notice (if appropriate for the platform)
Contact close friends and family directly
Warn them not to click any links sent from your account
Ask them to report any suspicious messages they received

Report to Platform Support

Report the compromise to the platform:

Google: Account Recovery
Apple: Apple ID Support
Facebook: Help Center → Report a Problem
Instagram: Settings → Help → Report a Problem

Platform support can help restore access and may be able to provide additional information about the compromise.

File Police Report If Needed

Consider filing a police report if:

The compromise is part of harassment or stalking
Financial information was accessed
Identity theft is suspected
You need documentation for legal proceedings (restraining order, divorce, etc.)

Bring your forensic report and timeline of events to the police. Many departments have cybercrime units that handle these cases.

Contact Credit Bureaus If Financial Info Exposed

If financial accounts or information were accessed:

Place a fraud alert with the three major credit bureaus (Equifax, Experian, TransUnion)
Consider a credit freeze to prevent new accounts from being opened
Monitor bank and credit card statements closely
Report any unauthorized transactions immediately

Legal Preparation

When You Need Professionally documented Documentation

Professional forensic documentation is essential for:

Restraining orders - Evidence of stalking or harassment
Divorce proceedings - Proof of infidelity or financial misconduct
Custody disputes - Evidence of inappropriate behavior
Civil lawsuits - Documentation of damages or breach of privacy
Criminal cases - Evidence for prosecution

What Lawyers Look For in Hacking Cases

Attorneys need:

Timeline of events - When unauthorized access occurred
IP addresses and device information - To identify the attacker
Geographic data - To establish location patterns
Chain of custody - Proof that evidence wasn't tampered with
Methodology documentation - How the analysis was conducted
Professional format - Reports that meet legal standards

How to Build Evidence Chain of Custody

Chain of custody proves evidence hasn't been altered:

Document when you downloaded data - Timestamp the export
Store exports securely - Don't modify files after export
Use forensic analysis tools - Tools that preserve original data
Generate reports immediately - Timestamped documentation
Keep original exports - Never delete or modify source files

ForensAI maintains chain of custody by analyzing original exports without modification and generating timestamped reports.

"I needed evidence for a restraining order but couldn't afford a $4,500 forensic consultant. ForensAI gave me professionally documented documentation in five minutes that my lawyer accepted. The report showed exactly when and where my ex was accessing my accounts."
— ForensAI User

Prevention: Steps to Prevent Future Unauthorized Access

Security Hygiene Best Practices

Use strong, unique passwords - Different password for each account
Enable two-factor authentication - On all accounts that support it
Review account activity regularly - Monthly security checks
Be cautious about shared devices - Don't save passwords on shared computers
Monitor recovery information - Check that it hasn't been changed
Use a password manager - Generate and store secure passwords
Be wary of phishing - Don't click suspicious links or enter passwords on untrusted sites
Keep software updated - Security patches protect against vulnerabilities

Regular Security Audits

Schedule regular comprehensive security checks:

Monthly: Review login activity and connected devices
Quarterly: Run full forensic analysis of all accounts
After any suspicious activity: Immediate comprehensive check

ForensAI makes regular security audits easy—upload your account exports and get instant analysis of all security patterns.

Check All Your Accounts Now

Scan Google, Apple, Facebook, Instagram, and 8 more platforms (12 total) for unauthorized access

Scan All Accounts

Related Resources

Frequently Asked Questions

What should I do immediately if my account is hacked?

Document everything first (screenshots), then change passwords from a secure device, enable two-factor authentication, review and remove unknown devices, and check recovery email/phone settings.

How do I document evidence for legal proceedings?

Screenshot suspicious activity, export complete account activity logs, create a timeline of events, and generate a forensic report with timestamped evidence. ForensAI creates court-ready documentation automatically.

Should I file a police report?

Consider filing a police report if the compromise is part of harassment or stalking, financial information was accessed, identity theft is suspected, or you need documentation for legal proceedings.

What do lawyers look for in hacking cases?

Attorneys need a timeline of events, IP addresses and device information, geographic data, chain of custody proof, methodology documentation, and professional format reports.