Account recovery

Question

So my little brother got his account fully hacked like email phone and 2fa are all changed and i cant recover it using the recovery link( ) but it says . “Because you've turned on two-step verification for your account, we ignore these requests but wanted to let you know.“ but it isnt my 2fa or anything how do i recover this

Answer 1

Kindly try contacting them through their chat support by following the steps I provided above.

But please be advised that Microsoft Support will not be able to assist you with manual recovery, unblock, and escalation for this case, as stated in this article, as they are not permitted to send password resets, access, or even change any details on the account:

https://support.microsoft.com/account-billing/help-with-the-microsoft-account-recovery-form-b19c02d1-a782-dee6-93c3-dc8113b20c42

The only action they can take is to permanently suspend your compromised account to prevent the hacker from continuing to use it.

Best regards,

Darhyl

Answer 2

Hey there! Nice to meet you!

I'm sorry you and your brother are experiencing this.

The only way to recover a hacked account is through the official Microsoft troubleshooter guide:

https://support.microsoft.com/account-billing/how-to-recover-a-hacked-or-compromised-microsoft-account-24ca907d-bcdf-a44b-4656-47f0cd89c245

But since the 2FA has been enabled by the hacker, I'm afraid there is no other working method to recover the Microsoft account, and Microsoft Support cannot help either.

However, I would recommend reaching out to Microsoft Support immediately as they can possibly "Suspend" the account permanently once they have confirmed that the account can no longer be recovered in order to prevent the hacker from using it:

https://support.microsoft.com/home/contact?SourceApp=smc2&ContactUsExperienceEntryPointAssetId=S.HP.SmcContactUsLanding

Type "Microsoft 365 sign-in problem" > Click "Get Help" > Scroll down and select the option "Sign in to contact Support" > Microsoft 365 and Office > Billing and Account Profile Questions > Confirm > then select "Chat with a support agent in your web browser"

Thank you for your understanding.

Best regards,

Darhyl

Answer 3

For a Microsoft account with two-step verification turned on, the recovery form cannot bypass 2FA, even if the current 2FA methods belong to a hacker. When two-step verification is enabled and none of the security methods (phone, email, authenticator) are accessible, Microsoft’s systems will ignore account recovery form submissions for that account.

Key points from Microsoft’s guidance:

1. When two-step verification is on and no security methods are available
   • If two-step verification is enabled and there is no access to any of the alternate methods to get a verification code, Microsoft support agents are not allowed to reset the password, change security info, or override 2FA.
   • This is explicitly stated in the account recovery guidance: if two-step verification is on and none of the verification methods are available, the account cannot be recovered through support or the recovery form.
2. Why the recovery form is being ignored
   • The message about ignoring the request appears because the account has two-step verification enabled.
   • The recovery form is designed for accounts without working 2FA, but it cannot override an active 2FA configuration. This is by design to prevent attackers from using the form to take over accounts.
3. What can still be tried
   • Confirm the correct Microsoft account sign-in name and domain are being used (for example, .com vs .co.uk) and that there are no typos in the email address.
   • If there is any remaining access to one of the original security methods (old phone, old email, or an authenticator app on any device), use that to pass 2FA and then immediately:
     • Go to the Advanced security options page.
     • Add a new way to sign in or verify.
     • Remove any security info that does not belong to the legitimate owner.
   • If the password is still known but only some security info is lost, follow the “I’ve lost access to some, but not all, of my security info” path and add a new method before removing the compromised ones.
4. If there is no access to password and no access to any security info
   • When the password is unknown and all security info (email, phone, authenticator) has been changed by the hacker, Microsoft’s documented path is to use the account recovery form.
   • However, for accounts with two-step verification turned on and no accessible verification methods, the documentation states that recovery is not possible and support cannot override this.

In this situation—2FA enabled, password not known, and all security methods controlled by the attacker—there is no supported way in the provided documentation to recover the account. The only remaining options outside the Microsoft account system are:

• Stop using that compromised Microsoft account for any critical services.
• Update any external services that used that email as a login or recovery address to a new, secure email account.
• If there is evidence of criminal activity (blackmail, fraud), report it to local law enforcement with any available logs or screenshots.

---

References:

• Help with the Microsoft account recovery form
• Troubleshoot Microsoft verification code issues
• My username and password have stopped working
• Hello , welcome to Account help & learning
• How to get a Microsoft account recovery code
• Common problems with two-step verification for a work or school account
• Can't sign in to my email - Microsoft Q&A
• hello my email was (Moderator note: PII removed)@icloud.com and now its (Moderator note: PII removed)@jerkoffmail.com can please someone help me and the team change it my username in xbox is (Moderator note: PII removed) please help me team and change it - Microsoft Q&A
• Unable to change password in my Outlook - Microsoft Q&A
• My personal hotmail account hacked by hacker with authentication app enabled. - Microsoft Q&A
• Locked out of my Outlook account and recovery options not working - Microsoft Q&A