Thank you!! I will check the link you mentioned manage sign in in 30 days!!
My email account got hacked - unable to update recovery email
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 24%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMG%3C/text%3E%3C/svg%3E)
Maria G
0
Reputation points
My hotmail account got hacked. Folder were renamed in Vietnamese language. I was able to change password and to change folder language back to English.
However, the hacker changed my recovery email. When I enter my recovery email to send a code, it does not recognize my recovery email.
Its now whatever the hacker changed it to.
How can I access my recovery email to change it back to what it was?
Outlook | Web | Outlook.com | Account management, security, and privacy
3 answers
Sort by: Most helpful
-
Maria G 0 Reputation points
2026-03-02T01:12:16.4933333+00:00 -
Emmanuel Santana 37,405 Reputation points Independent Advisor2026-03-02T01:16:41.14+00:00 Sure thing, just keep an eye on your email in case anything changes.
Sign in to comment -
-
Emmanuel Santana 37,405 Reputation points Independent Advisor
2026-03-02T00:43:47.7633333+00:00 Hello. If you were able to reset your password, that indicates you still have access to the account, is that right?
Please go to the following page and check the section labeled “Ways to prove who you are”:
https://account.live.com/proofs/manage/additional
If you’re able to access it, look for any recovery email you don’t recognize and remove it from the list.
-
Maria G 0 Reputation points
2026-03-02T00:50:35.7766667+00:00 I was just able to change my recovery email to a completely different one(not the one that was hacked), using account recovery form. However, it said it will take 30 days to take affect. Does that imply that the hacker can still access my account, even though I updated the main email's password?
-
Maria G 0 Reputation points
2026-03-02T00:53:03.5466667+00:00 I'm unable to access https://account.live.com/proofs/manage/additional because it tells me its unavailable until it takes effect in 30 days. However, I am able to access my main email with changed password. I hope hacker cant get back with my changed password, although his recovery email is probably still active since my update wont take affect for 30 days, right?
-
Emmanuel Santana 37,405 Reputation points Independent Advisor
2026-03-02T00:56:07.6866667+00:00 The 30-day notice only means the new recovery email needs time to be fully confirmed. It does not automatically mean the other person still has access, especially if you already changed your password.
The only risk would be if:
- They still know your password, or
- They have an active session open.
To be safe:
- Go to https://account.microsoft.com/security
- Open Advanced security options
- Remove any unfamiliar phone numbers, emails, or authenticator apps
- Enable Two-step verification
- Review recent activity at https://account.microsoft.com/activity
- Use “Sign me out from everywhere” under Advanced security options
Microsoft explains the 30-day security info process here: https://support.microsoft.com/account-billing/what-does-security-info-change-is-still-pending-mean-cbd0f64f-02d9-45d2-90c3-2375e5a72e52
-
Maria G 0 Reputation points
2026-03-02T01:01:58.9133333+00:00 I don't see an advanced security button. I see a "manage how I sign in" button under Security. However, when i select that, it also tells me that I cant access that site right now, for 30 days. Same error message if I go to activity link.
-
Emmanuel Santana 37,405 Reputation points Independent Advisor
2026-03-02T01:07:10.3866667+00:00 The Advanced Security settings are the ones displayed when you select “Manage how I sign in.”
You should see the option shown at the bottom of that page, it’s the same section where you updated your recovery email.
For now, your ability to make additional changes may be restricted because of the recent updates to your security information (as explained in the Microsoft article shared earlier). Since you’ve already changed your password, that action helps prevent unauthorized access and reduces the likelihood of someone regaining access to your account.
Sign in to comment -
-
Q&A Assist2026-03-02T00:06:23.42+00:00 AI generated content. This question contains an answer created with AI from Q&A Assist. Learn moreBecause the recovery email was changed by the hacker, the previous recovery email can’t be used or “seen” anymore, and it can’t simply be reverted from the outside. The only supported way to fix this is to go through Microsoft’s account recovery and security processes and then update the security info once access is restored.
Follow these steps:
- Verify you’re using the correct sign-in details
Make sure the primary email address (including the correct domain likeoutlook.com,hotmail.com, etc.) is typed correctly. If the username isn’t recognized, try any other alias or phone number that might be on the account, as described in My username and password have stopped working. - Use the standard account recovery flow
Since the recovery email and possibly other security info were changed, use the “Forgot my password” / “Recover your account” path and follow the prompts:- Go to the password reset page (for example via Recover your account in the guidance).
- When asked where to send a security code and you don’t recognize or can’t access the options, choose I don’t have any of these (this appears in both consumer and work/school flows).
- This will lead to the Microsoft account recovery form.
- Fill out the Microsoft account recovery form thoroughly
The recovery form is the main way to regain access when security info (like recovery email) has been changed:- Provide a different, working email address you can access now; Microsoft will use it to contact you about the recovery request.
- Answer as many questions as possible: old passwords, subject lines of recent emails, contacts you email often, folder names, etc.
- Submit the form from a device and location you commonly used with this Hotmail account to improve the match.
- Microsoft will review and respond, typically within 24 hours.
- If the account was hacked, follow the compromised-account steps
Since the account was clearly compromised (folders renamed, recovery info changed), follow the hacked-account guidance once you regain access:- Run a full antivirus/malware scan on PCs/phones used with this account before changing anything else.
- Change the password again to a strong, unique one.
- Review account settings such as connected accounts, forwarding, and automatic replies to remove anything the hacker added.
- Update security info after access is restored
When back in the account:- Go to the Microsoft account security page.
- Add a new recovery email and/or phone number that only you control.
- Remove the attacker’s recovery email.
- Avoid changing all security info at once, because that can trigger a 30‑day restriction on changes.
If the recovery form fails repeatedly and two-step verification was enabled with methods you no longer control, support agents cannot override or bypass security; only successful self-service recovery will restore access.
References:
- Verify you’re using the correct sign-in details