![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 38%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESL%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Identity Manager
A tool for managing user identities, credentials, and access across on-premises and cloud environments
When a Microsoft account is hacked and the sign‑in email and security info are changed, recovery is only possible through the official automated processes. If those systems cannot verify ownership, support cannot override them for consumer accounts.
Follow these steps:
- Secure devices first
- Run a full antivirus/malware scan on every device used to access the account (PC, phone, tablet) before attempting more recovery steps, as recommended in the hacked‑account guidance.
- If malware is found, remove it and consider resetting heavily compromised devices.
- Use the official hacked/compromised account flow
- Follow the steps in How to recover a hacked or compromised Microsoft account: scan devices, then try to change or reset your password using the normal sign‑in and “Forgot my password” flow.
- If sign‑in is still possible at all, immediately change the password and then review account settings (connected accounts, forwarding, automatic replies) for malicious changes.
- Use the Microsoft Account Recovery form (ACSR) carefully
- Go to the Microsoft account recovery form and submit it for the hacked address.
- Provide as much accurate detail as possible: old passwords, approximate account creation date, frequently emailed contacts, typical subject lines, and any other info requested.
- Submit the form from a device and location commonly used with the account; this improves the automated checks.
- If the recovery form is rejected
- If the form response says there is not enough information to validate ownership, and the hacker has replaced the sign‑in email and security info, there is no alternate manual method for Microsoft to restore access to that consumer account.
- Microsoft Support and forum moderators cannot bypass or override the automated recovery decision.
- Contain damage and protect other assets
- If the same password was used on other services, change those passwords immediately and enable multi‑factor authentication (MFA) where available.
- Inform important contacts (from another email or channel) that the old Microsoft address is compromised so they can ignore suspicious messages.
If the account is also tied to specific services (for example, Minecraft or Xbox purchases), contact that service’s support separately to ask about options tied to purchase proof, as suggested in similar hacked‑account cases.
References:
- How to recover a hacked or compromised Microsoft account
- Cannot Access Microsoft Account After Hacker Changed Email, Advice Needed - Microsoft Q&A
- hello my email was (Moderator note: PII removed)@icloud.com and now its (Moderator note: PII removed)@jerkoffmail.com can please someone help me and the team change it my username in xbox is (Moderator note: PII removed) please help me team and change it - Microsoft Q&A