![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 97%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAL%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Identity Manager
A tool for managing user identities, credentials, and access across on-premises and cloud environments
Follow these steps to attempt recovery and secure the account:
- Run a malware/virus scan on the device
- Before changing any passwords, run a full antivirus scan to ensure there is no malware that could keep stealing credentials. On Windows 10/11 or 8.1, use Windows Defender:
- Select Start.
- Search for Windows Defender and open it.
- Turn on protection and run a full scan.
- Before changing any passwords, run a full antivirus scan to ensure there is no malware that could keep stealing credentials. On Windows 10/11 or 8.1, use Windows Defender:
- Use Microsoft’s hacked-account recovery flow
- Use the official “hacked or compromised account” guide and sign-in helper. This is the only supported path to recover a hacked Microsoft account:
- Go to the hacked-account recovery page and start the helper: Start.
- The helper will:
- Ask for the email/phone/Skype name.
- Offer self-help or a path to contact support depending on what is detected.
- Use the official “hacked or compromised account” guide and sign-in helper. This is the only supported path to recover a hacked Microsoft account:
- If able to sign in, immediately secure the account
Once access is regained, do all of the following:
- Change the password to a strong, unique one using the change your password link from the article.
- Review and clean up account settings that attackers often modify:
- Check connected accounts, forwarding, and automatic replies and remove anything suspicious.
- Review recent sign-in activity and mark unfamiliar activity as “not you” using the Recent activity page referenced in the unusual sign-in article.
- If security info (email, phone, authenticator) was changed
- If the password is still known but some security info is still accessible:
- Sign in to Advanced security options and use Add a new way to sign in or verify to add a new email/phone, verify it, then remove the attacker’s info.
- If all security info was replaced and cannot be accessed:
- Start sign-in, and at the Verify your identity prompt choose I don't have any of these.
- Follow the steps to replace security info. After replacement, there is a 30‑day wait before normal sign-in is allowed.
- If the password is no longer accepted and no security info is available:
- Use the account recovery form linked from the verification-code troubleshooting article and the “Help with the Microsoft account recovery form” guide.
- If the password is still known but some security info is still accessible:
- If the recovery form says the account does not exist or fails repeatedly
- The Q&A references indicate that if the account recovery form and hacked-account flow cannot locate or verify the account, and the attacker has fully replaced security info, there is no additional Microsoft method to restore that Microsoft account.
- In that case, for Minecraft specifically, contact Minecraft Support separately with the purchase receipt and card information to see if they can help with game access, as suggested in the similar scenario from the Q&A.
- Watch for phishing and future attacks
- The compromise appears to have started from joining a Discord server, which may have led to phishing or malware. Avoid reusing the old password on any other sites and enable multi-factor authentication on all important accounts.
References:
- How to recover a hacked or compromised Microsoft account
- Troubleshoot Microsoft verification code issues
- Hello , welcome to Account help & learning
- What happens if there's an unusual sign-in to your account
- Cannot Access Microsoft Account After Hacker Changed Email, Advice Needed - Microsoft Q&A
- hello my email was (Moderator note: PII removed)@icloud.com and now its (Moderator note: PII removed)@jerkoffmail.com can please someone help me and the team change it my username in xbox is (Moderator note: PII removed) please help me team and change it - Microsoft Q&A
- Entraron a mi cuenta de microsoft y cambiaron el gmail y contraseña - Microsoft Q&A