How to Recover a Hacked or Locked Account

8 min read · Covers Google, Apple ID, Facebook, email, and more

Being locked out of an account is stressful — especially if someone else may have taken it over. The most important thing is to act quickly. Most accounts have built-in recovery options, and if you act within hours, you can usually get back in and secure your account before serious damage is done.

Act fast: If you think someone has access to your account right now, follow these steps immediately. Every minute counts — hackers often change recovery information to lock you out permanently.

Step 1: Try the Official Recovery Process First

Every major service has a built-in account recovery flow. Always start here:

Google: Go to accounts.google.com/signin/recovery
Apple ID: Go to iforgot.apple.com
Facebook: Go to facebook.com/login/identify
Microsoft: Go to account.live.com/password/reset

Enter your email address or phone number and follow the prompts. You'll typically be asked to verify your identity via a code sent to a recovery email or phone number.

What to Do If Recovery Fails

Try every email address you've ever used

Recovery emails are often old addresses people forget about. Think back — did you create the account 5 years ago? Try an old Hotmail, Yahoo, or work email address in the recovery flow.

Check if you have backup codes saved

If you set up two-factor authentication, you may have been given backup codes. Check your notes app, email (search "backup codes"), password manager, or physical notes. These codes can bypass the normal login entirely.

Try logging in from a trusted device

If you've logged in from this phone or computer before, the service might recognize the device and offer easier recovery. Try the recovery link from a device you've used with that account in the past.

Submit an identity verification request

If automated recovery fails, look for a "Need more help?" or "Contact support" link at the bottom of the recovery page. For Google and Apple, you can submit a form with identifying information. Response times are typically 1–3 business days.

After You Get Back In: Secure Your Account

Change your password immediately

Use a strong, unique password — at least 12 characters with a mix of letters, numbers, and symbols. Don't reuse a password from another account. A password manager like Bitwarden (free) or 1Password makes this easy.

Turn on two-factor authentication

This means even if someone gets your password, they can't log in without also having your phone. Go to your account's Security settings and enable it. Use an authenticator app (Google Authenticator, Authy) rather than SMS if possible — it's more secure.

Check for unauthorized access and connected apps

Look through your account's security settings for recent sign-in activity and connected third-party apps. Remove anything suspicious. Also check if any email forwarding rules or auto-replies were set up by the attacker.

Important: If the hacked account shares a password with any other account (banking, email, shopping), change those passwords immediately too. Credential stuffing — using stolen passwords on other sites — is extremely common.

Need help step by step?

Tell Koda which account you're locked out of and get personalized recovery instructions for your exact situation.

Get instant help from Koda →