What is the first thing you should change if you are hacked?

Hacked Account? Act Fast to Secure Your Data

When you realize your account is compromised, you face a critical race against time. Knowing what is the first thing you should change if you are hacked minimizes the damage and helps you reclaim control of your digital identity. Learn the essential steps to protect your sensitive information and accounts.

The Single Most Critical Action: Change Your Compromised Account Password

The very first thing you should change if you are hacked is the password for the compromised account to cut off the attackers access immediately. Speed is your only real ally because hackers often use the first few minutes of a breach to establish persistence - a way to stay in your account even after you think you have kicked them out. There is one specific mistake people make during this recovery process that actually lets the hacker back in within minutes, but I will reveal how to avoid this re-entry trap in the containment section below.

Time is not on your side. Global data from 2026 indicates that the median dwell time - the period a hacker spends inside a system before being detected - has risen to 14 days.

However, when a breach involves stolen credentials, it takes an average of 328 days to identify and fully contain the intrusion. This massive gap exists because most users do not realize they have been breached until their data is already being sold or used for further attacks. Changing your password immediately breaks this cycle. If you wait, you are essentially giving the intruder a master key to your digital life for weeks or months. It is a race against an automated clock.

I have been there myself - staring at a login screen that says Incorrect Password at 2 AM while your heart sinks. The panic makes you want to click everything at once. But you have to be surgical.

If you can still get in, change that password to something entirely new and unique. Do not just add a 1! to the end of your old one. Hackers use automated tools that can guess simple variations in less than one second. Use a completely different string of words or a random character generator. It feels like a hassle, but it is the difference between a minor scare and total identity theft.

The Master Key: Why Your Email Password Must Be Next

If the hack involves a central account like your email, you must change that password first because it is the primary tool used to how to recover a hacked email account for all your other accounts. Your inbox is the Master Key to your digital kingdom. If a hacker controls your email, they can request a forgot password link for your bank, your social media, and even your work accounts. They will simply click the link, change those passwords, and then delete the notification emails before you ever see them.

This is a widespread vulnerability. Statistics show that 78% to 85% of people reuse the same password across multiple sites,^[3] creating a domino effect once a single set of credentials is leaked.

If your email uses the same password as the hacked account, you are effectively leaving the front door wide open while you try to lock the windows. About 13% of users go as far as using the exact same password for every single account they own.^[4] This habit turns a single breach into a total digital takeover. Changing your email password immediately creates a firewall between the intruder and the rest of your sensitive information.

Wait for it - there is a hidden layer to this. Most hackers do not just stop at the inbox. They often set up forwarding rules that send copies of all your incoming mail to an external address they control.

Even if you change your password, they are still listening to your resets. Before you move on to other accounts, check your email settings for any unrecognized forwarding addresses or filters. It is a sneaky trick that catches even tech-savvy users off guard. I once spent three hours helping a friend who could not understand why their new passwords kept getting stolen - the hacker was literally getting carbon copies of every reset link.

Don't Get Re-Hacked: The 'Clean Device' Rule

Performing password changes on a different, clean device is vital to ensure you are not being monitored in real-time. If your computer was the source of the breach, it might be infected with a keylogger - a type of malware that records every single keystroke you type and sends it back to the attacker. If you change your password on an infected machine, you are literally handing the hacker the new credentials as you type them. Use your phone (via cellular data, not the same Wi-Fi) or a tablet that you know is safe.

Furthermore, mobile users are more likely to click on malicious links than desktop users,^[6] leading to a surge in mobile-specific spyware.

Kick Them Out: Terminating Active Sessions

Here is the re-entry trap I mentioned earlier: simply changing your password does not always kick a hacker out of an active session. Many modern platforms use session tokens that can stay valid for days or even weeks. If the hacker is already logged in on their laptop, your password change might only affect future logins, leaving them free to continue rummaging through your data right now. You must find the Sign out of all sessions or Log out of all devices option in your security settings.

This is a critical containment step. In the technology sector, 70% of cloud-related breaches originate from compromised identities and session hijacking rather than software flaws.^[7]

By forcing a global logout, you invalidate all active tokens and force everyone - including yourself and the intruder - to provide the new credentials to get back in. This is the only way to ensure the digital house is empty before you lock the door. Most major services like Google, Facebook, and Microsoft provide a list of active devices. If you see a login from a city you have never visited on a device you do not own, you have found your culprit. Terminate it immediately.

Build the Wall: Enabling Multi-Factor Authentication (2FA)

Once the password is changed and sessions are cleared, the final immediate step is to enable Multi-Factor Authentication (2FA). This adds a second layer of security that requires more than just a password to gain access - usually a code from an app or a physical key. It is the single most effective deterrent in the modern cybersecurity landscape. If a hacker tries to log in with your new password, they will be stopped dead by the request for a code that only you have on your physical phone.

The numbers are staggering. Over 99.9% of accounts that end up compromised do not have MFA enabled.^[8] By simply turning this feature on, you effectively eliminate the vast majority of automated credential stuffing and phishing attacks. However, avoid SMS-based 2FA if possible. Attackers have become adept at SIM-jacking or intercepting text messages. Using an authenticator app or a hardware security key is significantly more robust. In fact, 95% of users who implement MFA now prefer software-based mobile apps over traditional SMS codes for this very reason. It is a five-minute setup that provides a lifetime of protection. Knowing first steps after being hacked and protecting accounts after security breach is essential, and you should also know what to do when your account is hacked and how to logout of all sessions to secure your data.

Immediate Actions vs. Long-term Security Strategies

Immediate 'Firefighting' (Hour 1)

1. Regaining control of the primary email and core accounts
2. Stop active data theft and evict the intruder
3. Password resets and 'Logout All' commands

Long-term 'Fireproofing' (Week 1)

1. Zero unauthorized login attempts and stable credit reports
2. Prevent future breaches and monitor for identity theft
3. Password managers, 2FA, and credit freezes

The Email Reset Loop: Sarah's Recovery Struggle

Sarah, a freelance designer, noticed her Instagram was posting crypto scams at midnight. She panicked and immediately tried to reset her password using her laptop, but the 'Reset Password' link never arrived in her inbox.

She spent an hour hitting 'Resend' but grew frustrated and realized the hacker was already inside her email. They were deleting the reset emails before she could see them, effectively locking her in a loop.

Sarah stopped using her laptop, switched to her phone's cellular data, and changed her primary email password first. She discovered a hidden filter the hacker set up to auto-delete all emails containing the word 'password'.

Once the filter was deleted and her email secured, she recovered all other accounts within 45 minutes. She learned that securing the 'Master Key' (email) is the only way to win a recovery race.

Vietnamese Freelancer's Security Breakthrough

Minh, an IT developer in Da Nang, woke up to unauthorized bank transfers totaling 15 million VND. He initially thought his bank app was glitched, but soon realized his credentials were stolen through a fake 'work' document he opened on his PC.

He tried changing his passwords on the same PC, but within ten minutes, the new passwords were leaked again. He was terrified that he was being watched through his webcam or screen share.

He pulled the LAN cable, switched to his smartphone, and used an authenticator app to enable 2FA on his banking and email accounts. He realized the PC had a keylogger that was recording his 'fixes'.

After switching to 2FA and wiping his PC, the unauthorized activity stopped completely. Minh now uses a hardware security key for all financial transactions, a 500,000 VND investment that saved his savings.