Privacy Emergency Guide: Compromised Account Response

Change the password immediately from a device you trust (not the one that may be compromised). Then revoke all active sessions - most platforms have a 'sign out all devices' option in security settings. After securing the account, check for forwarding rules in email and review recent activity for anything you didn't do.

Signs include password reset emails you didn't request, login alerts from unfamiliar locations, sent emails you didn't write, or contacts receiving spam from your address. Check your email's security log and look for any filters or forwarding rules that were added without your knowledge - attackers often add these to silently forward copies of your mail.

Call your bank or card issuer immediately - not through a link in any email, but through the number on the back of your card or their official website. Report unauthorized transactions, freeze the account if possible, and ask for new account numbers. Then file a report with the CFPB and your local police department for documentation.

A breach is when a company you use gets compromised and your data leaks - you weren't targeted specifically, you were just in the database. Being hacked usually means someone targeted your account directly, often using credentials from a breach. The response is different: breaches require monitoring and password changes for that service; direct account compromise requires immediate lockdown and session revocation.

For a phone or laptop you suspect has malware, a factory reset is the safest option if you have a backup. Don't restore from a backup made after the suspected compromise date. For most people, the risk is usually credential theft (phishing, password reuse) rather than device-level malware - change passwords first and see if that resolves the issue before wiping.