Account Primary Alias changed

Question

Yesterday, a person made me click on a link. I thought it was official because I had a browser which helps me prevent clicking on fake links. But it didnt stopped me and I enter the code I got in my gmail. Suddenly, my secuirty info were changed. My primary alias, password and also my original email was deleted. Can someone help me how do I recover my accont as I have spent both money and time in that microsoft account which I dont want to do it again.

Answer 1

Hey there! Nice to meet you!

I'm sorry you are experiencing this.

Based on your description, your Microsoft account was compromised. The hacker was able to remove the account's primary email address/security info and replace it with their own email address.

Since the security info has been replaced by the hacker, I'm afraid there is no other working method to recover the Microsoft account, and Microsoft Support cannot help either.

Thank you for your understanding.

Best regards,

Darhyl

Answer 2

The account has been compromised and the attacker has changed the primary alias, password, and removed the original email, which is a severe security change.

Follow these steps in order:

1. Scan the device for malware
   • Before changing anything, run a full antivirus scan on the PC (or any device used to sign in) to ensure there is no malware capturing passwords.
   • On Windows 10/11 or 8.1, use Windows Defender by selecting Start, searching for Windows Defender, and following the on‑screen instructions.
2. Try to secure or recover the Microsoft account
   • Go through the official hacked/compromised account recovery flow: see How to recover a hacked or compromised Microsoft account and follow all steps, including changing the password if sign‑in is still possible, or using the password reset flow if not.
   • When filling the recovery form, provide as much accurate information as possible (old passwords, services used, approximate creation date, etc.). If the form says the information is insufficient, keep in mind that recovery may not be possible if the attacker fully replaced the security info.
3. Check for “security info change pending”
   • If a message like “Your security info change is still pending” or “You can’t access this site right now” appears, it means the attacker removed and replaced all previous security info and a 30‑day waiting period is in progress.
   • On that pending screen, use the built‑in options if available:
     • Cancel this request if the change was initiated by you and you still have access to the old security info.
     • Let us know if you did not make the change; this routes through the “unauthorized change” flow.
4. Remove attacker aliases if access is regained
   • If sign‑in becomes possible again and access to Manage how you sign in to Microsoft is available, remove any email aliases that are not recognized by selecting Remove next to them. This prevents the attacker from using those aliases to sign in again.
5. Add safer security info once control is restored
   • After regaining control, immediately add new, trusted security info (such as a phone number or Microsoft Authenticator) so verification codes no longer go to the attacker.
6. If recovery fails
   • If the recovery form and built‑in flows fail, and the attacker has fully replaced the security info, there is no additional method in support or the community to override the automated recovery process. In that case, the account may not be recoverable.

For future protection, always verify suspicious links and never enter verification codes that were not explicitly requested by a known, legitimate sign‑in action.

---

References:

• How to recover a hacked or compromised Microsoft account
• Add or remove an email alias in Outlook.com
• Help with "phone number is already used" in a Microsoft account
• How to fix "This username has been turned off" error
• My account got hacked. - Microsoft Q&A
• Need help with hacked microsoft account - Microsoft Q&A
• my microsoft account has been compromised - Microsoft Q&A
• Entraron a mi cuenta de microsoft y cambiaron el gmail y contraseña - Microsoft Q&A
• Lock or block login attempts - Microsoft Q&A