THE PRIVACY AUTHORITY
Cover image for guide: How to Know If You've Been Hacked
Guide9 min read

How to Know If You've Been Hacked

Weird charges, slow phone, locked out of accounts? Here's how to tell if you've actually been hacked and what to do about it.

By The Privacy Authority

Don't Panic (But Do Pay Attention)

"Have I been hacked?" is one of the most common questions in internet security. The answer is usually no. A slow computer is usually just a slow computer. But sometimes the signs are real, and catching a breach early is the difference between a minor inconvenience and identity theft.

Here's how to actually tell, and what to do if the answer is yes.

Signs You Might Be Hacked

Your Accounts

  • Password reset emails you didn't request: Someone is trying to get into your accounts. This is the most common early warning sign.
  • "New login from unknown device" alerts: Check the location and device. If it's not yours, someone else is in.
  • You're locked out of an account: If your password suddenly stops working and the recovery email has been changed, someone took over.
  • Sent messages or emails you didn't write: Check your email's "Sent" folder and your social media outbox. Hackers often use compromised accounts to spam your contacts.
  • Friends say they got a weird message from you: Classic sign of account compromise.

Your Devices

  • Unfamiliar apps you didn't install: On your phone, check your app list. On your computer, check installed programs.
  • Battery draining unusually fast: Malware running in the background burns power. This alone isn't proof (batteries degrade), but combined with other signs, it's a red flag.
  • Data usage spikes: If your mobile data usage suddenly jumped without you changing habits, something might be phoning home.
  • Your camera or microphone indicator turns on randomly: Modern phones and laptops show when the camera or mic is active. If it activates when you're not using it, that's bad.
  • Unfamiliar browser extensions: Check your browser's extension list. Malicious extensions can redirect searches, inject ads, and steal passwords.

Your Finances

  • Charges you don't recognize: Even small ones. Fraudsters often test stolen cards with tiny purchases before going big.
  • New accounts you didn't open: Check your credit report. New credit cards or loans in your name are a sign of identity theft, not just hacking.

How to Check for Real

Step 1: Check Your Email in Breach Databases

Go to haveibeenpwned.com and enter your email address. This tells you which data breaches included your email and password. If your email shows up (and it almost certainly will), check which breaches exposed passwords and change those passwords immediately.

You can also use our IP Address Check to see what's currently visible about your connection, and our Browser Fingerprint tool to understand how trackable your browser is.

Step 2: Review Active Sessions

For every important account (email, social media, banking), go into settings and find "Active sessions," "Security," or "Where you're logged in." Sign out of everything you don't recognize.

Where to find this:

  • Google: myaccount.google.com > Security > Your devices
  • Apple: Settings > Your Name > scroll down to see all signed-in devices
  • Facebook: Settings > Security and login > Where you're logged in
  • Instagram: Settings > Security > Login activity
  • X/Twitter: Settings > Security and account access > Apps and sessions

Step 3: Check Email Forwarding Rules

This is sneaky and often missed. Hackers sometimes add a forwarding rule to your email so they get a copy of everything, even after you change your password.

  • Gmail: Settings > Forwarding and POP/IMAP > Check that no forwarding address is set
  • Outlook: Settings > Mail > Forwarding > Make sure it's off
  • Also check email filters/rules for anything that auto-deletes or redirects messages

Step 4: Scan Your Devices

  • Windows: Run a full scan with Windows Defender (it's genuinely good now) or Malwarebytes
  • Mac: Malwarebytes for Mac catches most things. Also check System Settings > General > Login Items for anything you don't recognize
  • Phone: On Android, make sure Google Play Protect is running (Play Store > Play Protect). On iPhone, malware is rare but check for unknown configuration profiles (Settings > General > VPN & Device Management)

What to Do If You've Been Hacked

Immediate Steps (Do These First)

  1. Change your passwords: Start with your email (that's the master key to everything else), then banking, then social media. Use unique, strong passwords. Now is the time to get a password manager if you don't have one. Check our password manager comparison.
  2. Enable two-factor authentication: On every account that supports it. Use an authenticator app (not SMS, SIM swapping is real). TOTP apps like Aegis (Android) or Raivo (iOS) work great.
  3. Revoke connected apps: Go into each account's settings and remove any third-party apps or OAuth connections you don't recognize or use. That random quiz app you authorized on Facebook three years ago? Kill it.
  4. Check recovery settings: Make sure your recovery email and phone number are still yours. Hackers often change these so they can get back in even after you change your password.

If Your Device Is Compromised

  1. Disconnect from the internet: If you suspect active malware, go offline first to stop data from being sent out.
  2. Back up your important files to a clean USB drive (documents, photos, not applications)
  3. Factory reset the device: This is the most reliable way to remove malware. Yes, it's annoying. No, there's no shortcut.
  4. Reinstall from scratch: Don't restore from a backup that might include the malware. Reinstall apps fresh and copy back only data files.

If Your Identity Is Compromised

  1. Freeze your credit with the major credit bureaus. In the US, you can freeze your credit with Equifax, Experian, and TransUnion; other countries have their own bureaus (e.g., Experian, Equifax, and TransUnion in the UK; Schufa in Germany). This prevents new accounts from being opened in your name. In the US, credit freezes are free and take about 10 minutes.
  2. Report to your bank: If you see fraudulent charges, call your bank immediately. Most banks have a fraud department that can reverse unauthorized charges.
  3. File an identity theft report at identitytheft.gov (US) or your country's equivalent.
  4. Monitor your credit for the next 6-12 months. Look for accounts you didn't open.

How to Not Get Hacked Again

  • Use a password manager: One unique password per account. The single biggest security upgrade you can make.
  • Enable 2FA everywhere: Especially email, banking, and social media.
  • Don't reuse passwords: If you use the same password on two sites and one gets breached, both are potentially compromised. This is how most "hacks" actually happen.
  • Be skeptical of links: Phishing is the number one attack vector. If an email asks you to "verify your account" or "confirm unusual activity," don't click the link. Go directly to the website instead.
  • Keep your software updated: Most malware exploits known vulnerabilities that have already been patched. Updates are annoying. Getting hacked is worse.
  • Run our Privacy Checkup: It takes 2 minutes and identifies the biggest gaps in your setup.

When It's Not Actually a Hack

Some things look scary but aren't:

  • "Your account was accessed from a new location": If you're traveling or using a VPN, this is just you from a different IP.
  • Random password reset emails: Could be someone mistyping their email address. Only worry if it happens repeatedly for the same account.
  • Slow computer: Usually means too many browser tabs, aging hardware, or a drive that needs cleaning. Not malware.
  • Spam increase: Your email leaked in a breach, but that doesn't mean your account is compromised. Just means you're on a spam list now.
  • Targeted ads that seem creepy: That's ad tracking, not hacking. Creepy, but different.

If you're not sure, check the actual signs above. And when in doubt, changing your passwords and enabling 2FA costs you nothing.