How can I tell if my email was hacked if I'm still logged in?

Check your sign-in activity log for unfamiliar locations, review your Sent folder for messages you didn't write, and look in Settings > Forwarding for rules you didn't create. These signs often appear before an attacker changes your password.

Can a hacker access my email without knowing my password?

Yes. Attackers can use stolen session tokens or phishing pages to access accounts without the actual password. If you see active sessions from unknown locations, revoke all sessions and change your password immediately, even if you haven't received a login alert.

What should I do if I'm completely locked out of my email account?

Go to your provider's account recovery page — accounts.google.com/signin/recovery for Gmail or account.live.com/acsr for Outlook. You'll need a backup phone number, recovery email, or in some cases a government ID to regain access.

Does changing my password stop a hacker immediately?

Not on its own. You must also sign out all active sessions and delete any forwarding rules the attacker set up. A password change alone doesn't end existing sessions, and a forwarding rule will keep delivering your emails to the attacker regardless.

How long does it take to recover a hacked email account?

Most people with a backup phone or recovery email can regain access in 15–30 minutes. If the attacker changed your recovery options first, Google and Microsoft identity verification can take one to three business days.

Is it safe to keep using the same email account after it's been hacked?

Yes, once you've completed all recovery steps — new password, all sessions signed out, 2FA enabled, forwarding rules cleared, and linked accounts secured. There's no need to abandon the account if you've properly locked it down.

7 Signs Your Email Account Has Been Hacked — and How to Recover It

Something feels off — a sent message you don’t remember writing, a contact asking why you sent them spam, or a password-reset email from a service you barely use. These are among the clearest signs that your email account has been hacked, and the faster you respond, the better your chances of getting full control back.

Email is the master key to your digital life. A hacker who controls your inbox can reset passwords on every account tied to it — banking, social media, and cloud storage included. Knowing the warning signs and having a clear recovery plan can make the difference between a minor inconvenience and a lasting breach.

Quick Answer

If your email account has been hacked, immediately change your password, sign out all active sessions, and enable two-factor authentication. Check your account’s security log for unfamiliar devices or locations right away. Acting within the first hour gives you the best chance to reverse the damage before you get locked out permanently.

7 Signs Your Email Account Has Been Hacked

1. Your Password Stops Working

If you’re suddenly locked out of an account you haven’t changed, an attacker may have updated your password to cut you off. Start account recovery immediately — don’t wait to see if it fixes itself.

2. Sent Messages You Never Wrote

Open your Sent folder now. Emails containing links or money requests that you didn’t write mean someone else is using your account. Attackers often delete sent messages afterward, so a suspiciously empty Sent folder is also worth investigating.

3. Contacts Report Spam Emails from You

When someone asks “Did you send this?” about a message you never wrote, it’s a firm indicator. Hijacked accounts are valuable to attackers precisely because recipients trust email from a familiar address.

4. Unexpected Login Alerts or Security Emails

Any notification about a password change, a new recovery address, or a new device sign-in — when you didn’t initiate it — is an emergency. Go directly to your security settings (not through any link in the alert email) and act immediately.

5. Unfamiliar Locations in Your Sign-In Log

Gmail, Outlook, and Yahoo all log sign-ins by location and device. A login from a city or country you’ve never visited is a strong sign of compromise. In Gmail, scroll to the bottom of your inbox and click Details under “Last account activity” to review the full list.

6. Recovery Options You Don’t Recognize

If your backup phone number or recovery email has been changed to something unfamiliar, an attacker is already working to block your path back in. Restore these before anything else while you can still access your account.

7. Altered Inbox or Unexpected Filters

New folders you didn’t create, missing emails, or mail filters silently forwarding everything to an unknown address mean the attacker is actively monitoring your account — even if you’ve already changed your password.

How to Recover a Hacked Email Account

Act in this exact order — speed matters once you suspect a breach.

Change your password now. Use a unique password of at least 12 characters mixing letters, numbers, and symbols. Never reuse one from another account.
Sign out of all active sessions. In Gmail, click Details at the bottom of your inbox, then Sign out of all other sessions. In Outlook, go to Security > Where you’re signed in and select Sign out everywhere.
Verify and restore your recovery info. Check that your backup phone number and recovery email are yours. Remove any address or number you don’t recognize.
Enable two-factor authentication (2FA). This single step blocks the vast majority of future takeover attempts. Our guide on setting up two-factor authentication on your most important accounts covers Gmail, Microsoft, and more.
Delete unauthorized forwarding rules. In Gmail: Settings > See all settings > Forwarding and POP/IMAP. In Outlook: Settings > Mail > Forwarding. Remove any address you didn’t add.
Scan for malware. If a keylogger captured your password, changing it won’t help while the malware is still running. A free scan with Malwarebytes takes about 10 minutes and catches the most common credential stealers.
Secure every linked account. Change passwords on every service that uses your compromised email as a login or password-reset address — especially banking, shopping, and social media.

Pro tip: Check your email address at Have I Been Pwned — a free service that shows whether your credentials appeared in a known data breach. It takes under 30 seconds and often reveals exactly how the attacker got in.

Troubleshooting tip: If account recovery fails and you’re fully locked out, both Google and Microsoft offer identity verification using a government-issued ID. Look for “More options” or “Verify your identity” on the recovery page — the process typically takes one to three business days.

Recovery Resources by Email Provider

Provider	Recovery Page	Key First Step
Gmail	accounts.google.com/signin/recovery	Verify backup phone or recovery email
Outlook / Microsoft	account.live.com/acsr	Identity verification form
Yahoo Mail	login.yahoo.com/forgot	SMS code or recovery email
Apple iCloud	iforgot.apple.com	Trusted device or recovery key
ProtonMail	proton.me/support	Recovery phrase (must be set up in advance)

Common Mistakes to Avoid

Waiting to act. Every hour you delay gives the attacker more time to lock you out or pivot to linked accounts. Treat any warning sign as urgent — you can always undo changes if it turns out to be a false alarm.
Reusing the same new password elsewhere. If your credentials were exposed in a breach, every account using that same password is equally at risk. Use a unique password for each service.
Skipping the forwarding rules check. A silent forwarding rule lets the attacker continue receiving your emails even after you change your password. Always inspect Settings > Forwarding immediately after any breach.
Clicking links inside the alert email. Navigate to your account security settings directly — never through a link in a notification email, which could itself be a phishing attempt designed to steal your credentials a second time.
Forgetting about linked accounts. Your compromised inbox is the recovery address for banking, shopping, and social media accounts. Audit and update those passwords the same day you secure your email.

Conclusion

Catching a hacked email account early means most people can recover full access in under an hour. Change your password, end all active sessions, restore your recovery info, enable two-factor authentication, and sweep for unauthorized forwarding rules — in that order.

To stay ahead of future threats, learn how to verify that a website is safe before entering your credentials, and audit your browser extensions for risky permissions — both are common paths attackers use to steal email passwords in the first place.