Outlook hacked

Question

My outlook has been hacked. It is now in a different language and wants to be paid in bitcoin to not show videos or pictures

Answer 1

Hi. I'm Brian and I'll try to help.

The message you describe is most often a scam and does not necessarily mean your account was compromised. Can you log into your mailbox using a web browser and not new Outlook? If you can, is the language correct there?

If not, connect to https://account.microsoft.com/profile/msa-language-settings. You should be able to set your language there.

Answer 2

Take immediate steps to secure the Microsoft/Outlook account and devices, then handle the blackmail as a scam attempt.

1. Clean all devices used with this account

• Run a full, up-to-date antivirus/malware scan on every PC/phone/tablet used to sign in to Outlook.
• If malware is found, remove it and reboot. Do this before changing any passwords.
• If using Windows 10/11, ensure Microsoft Defender is on and run a full scan as described in the guidance.

2. Recover and secure the Microsoft account

• Use the hacked/compromised account recovery flow: start with the sign-in helper at Start.
• After access is restored, immediately change the account password to a strong, unique one using the steps in the hacked-account article.
• If sign-in is blocked or the password was changed by the attacker, use the password reset option linked from the same article.

3. Check and fix Outlook account settings Once back in the account (via Outlook.com or Outlook on the web):

• Check for malicious rules and forwarding:
  • Go to Settings → Mail → Rules and delete any rules that create drafts, auto-forward, or auto-delete mail that were not created intentionally.
  • Check Mail → Forwarding and remove any unknown forwarding addresses.
• Review connected accounts and automatic replies using the links in the hacked-account guidance (connected accounts, forwarding, automatic replies) and remove anything suspicious.
• If the interface language was changed, reset it in Outlook settings after the account is secure.

4. Review recent activity and sign out attackers

• Go to the recent activity page at https://account.live.com/activity and review sign-ins and security events.
• Mark any unfamiliar activity as “This wasn’t me” and follow the prompts.
• Use the Microsoft account security options to sign out of all sessions and require sign-in again.

5. Strengthen account protection

• Add or confirm alternate email and mobile phone as security info so recovery is easier in the future.
• Keep the operating system and all apps fully updated.
• Ensure antivirus is installed and set to update and scan regularly.

6. Treat the bitcoin/extortion message as phishing/blackmail

• Do not pay any ransom or respond to the extortion demand.
• Delete any blackmail or phishing emails and do not click links or open attachments.
• Inform contacts (from another account or channel) that the account was compromised and to ignore suspicious messages from it.

If recovery through self-service fails, use the sign-in helper’s options to reach support or follow the account recovery form guidance from the referenced Q&A content.

---

References:

• How to recover a hacked or compromised Microsoft account
• Hello , welcome to Account help & learning
• Help protect your Outlook.com email account
• Phishing and suspicious behavior in Outlook
• Protect your PC from ransomware
• My personal hotmail account hacked by hacker with authentication app enabled. - Microsoft Q&A
• Hacker set up continuous draft ransomware email - Microsoft Q&A