If an account has been hacked, unauthorised persons have gained access to it. Because they can now pretend to be someone else on the internet, this is also called digital identity theft. A hacked email account is particularly dangerous because it is one of the most important building blocks in everyday digital life. Whether in online shops, social networks or digital government services - an email account is always needed.

A hacked email account therefore offers cybercriminals a whole range of possibilities. For example, they can communicate credibly with stored contacts. They may then pretend, for example, to not have access to their bank account during a holiday and ask family members to pay bills for them. They can also reset the passwords of other online accounts. That way, unauthorised persons gain control over several accounts of a user at the same time.

You can protect yourself against this risk with a few simple steps. Unfortunately, you cannot always prevent it completely though. We explain how to recognise a hacked email account and how to proceed.

How do I recognise a hacked email account?

• You can no longer log in to your account: Your login details may have been changed.
• You receive notifications about changes to your account that you have not made yourself. These include logins via new devices.
• You notice activities in your account that you did not make, such as messages that you did not write.
• Third parties, for example friends or customers, inform you about messages that were sent from your email account but not by you.
• You notice similar signs with another of your accounts, for example with an online shop. There, the password may have been reset via the affected email address.

Some websites also allow you to check whether your own (access) data has been published by third parties and can be found on the internet. Under the term "Identity Leak Checker", various free offers from German and international providers can be found online.

How do I regain control over affected accounts?

If an e-mail account has been hacked, there are two cases:

1. The access data has been changed by unauthorised persons and you are no longer able to log in or
2. you can still access your account.

The latter can also be the case if your access data have been changed, but you can reset them using a second e-mail address, for example.

In both cases, you should first collect all necessary information: Which of your online accounts are affected or could be affected? Where did you store the email address, for example, to be able to reset your password for other accounts? After that, the procedures differ.

Important: These tips refer to accounts that were hacking without using malware. If a virus scanner finds malware, the latter must first be removed. Only then will cyber criminals lose access to the account. Read our tips on how to remove an infection by malicious code.

First case: You can no longer access your account.

• Inform the provider. Then follow their instructions and help.
• Change the passwords of other online accounts for which you use the same password or have stored the affected e-mail address. From now on, use a separate password for each account.
• If you use the hacked email account to log in to other applications via single sign-on, also inform the providers of the latter. If possible, create your own login data for such applications.
• Leave a new email address (at least temporarily) with online accounts such as social network profiles where the email address in question was previously stored.
• Inform your contacts that, for example, messages from the affected email address may not come from you.

Second case: You still have access to your account.

• Change your passwords as soon as possible. Use different and strong passwords. Do it in one go: This will minimise the time that unauthorised persons have to get ahead of you.
• Start with the login data of the e-mail account concerned. Then unauthorised persons can no longer use it to reset the passwords of other accounts.
• End all active sessions. These may exist if you access your email account from several devices. In the settings, you can usually end or deactivate all sessions or logins with one click. When reopening, the new password must then be entered on each device.
• Change the passwords of all other accounts for which you use the same password as either for the e-mail address concerned or have stored the latter to reset the password. From now on, assign a different password for each account.
• Check whether any settings have been changed. Critical would be, for example, automatic forwarding of messages to foreign e-mail addresses or changes to fall-back options such as a stored telephone number.
• Also, check applications where you log in via single sign-on using the hacked email account. In the settings of the email account, you can find out for which applications this is the case and whether new ones have been added.
• Inform your contacts. Ask to continue to be informed about possible spam mails sent from your account. If you learn of such, however, check carefully whether the spam mails are still due to this incident or to a new one.
• If friends or acquaintances suspect that they have also been affected, for example because they have clicked on a link in an e-mail sent from the hacked account, they should also carry out the steps mentioned above.
• Monitor your online accounts. If you no longer notice any strange information, it can be assumed that the third-party access has stopped.

How can I file a complaint?

You can file a criminal complaint with the relevant law enforcement agency. Ideally, take comprehensive information with you, such as screenshots. A report may also be necessary for reasons of insurance law.

If reminders are sent by post, for example due to online purchases by the perpetrators, you can also consider contacting a lawyer. The BSI cannot give you any legal advice in this regard.

Reminders in the form of an e-mail, on the other hand, are often forged and should therefore be examined with particular caution. If you are unsure whether the reminder does refer to a purchase from you, ask the sender. However, do not blindly trust the contact details given in the e-mail. You can also get further information and support from the consumer advice centre in your region