![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 75%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKL%3C/text%3E%3C/svg%3E)
To regain access when the Microsoft account email is hacked, the password is forgotten, and verification codes are no longer working, follow these supported recovery paths:
- Try standard account recovery
- Go to Recover your account and start the reset: Recover your account.
- Enter the Microsoft account sign-in (email/phone/Skype) used on the Surface.
- When prompted for verification, use any working alias (phone or alternate email) still associated with the account.
- Enter the security code received and set a new password when asked.
- Confirm the correct email domain is used (for example,
.comvs.co.uk). - Check that the email name is typed correctly (for example,
rachelvsrachael). - If one alias (email or phone) is not recognized, try another alias or phone number on the account.
- If the email is shut down and security info is partly available
If the password is known but only some security info is lost, the recommended path is:
- Sign in to Advanced security options: Sign in.
- Select Add a new way to sign in or verify, add a new phone/email, verify it, then remove the old security info.
- If all security info is effectively lost or unusable
When the password is forgotten and codes cannot be received on any trusted method, use the account recovery form flow:
- Start sign-in to the Microsoft account: Sign in.
- At the Verify your identity prompt, select I don't have any of these.
- Follow the instructions to replace security info and complete the recovery form with as much accurate information as possible (past passwords, contacts, recent email subjects, etc.), as described in Help with the Microsoft account recovery form.
- Submit the request via the recovery form: Recover account.
- If all security info is replaced, the account may be restricted for 30 days before sign-in is allowed.
- If the old security info is found during those 30 days, it can still be used to sign in, but doing so cancels the pending security-info change.
- If the account itself is locked (no “Next” button when signing in)
If the sign-in page does not show Next, the account may be locked due to suspicious activity or Terms of Use violations:
- Use the aka.ms/ link shown in the lock message window.
- Submit the requested information for account reinstatement.
- Wait for a Microsoft Online Safety agent to review and respond by email.
- If verification codes are not arriving or are rejected
The verification-code article recommends:
- Confirm the correct email address and domain are used.
- If the phone/email shown is not recognized or is no longer accessible, use the recover your account path: Recover your account.
- If codes are repeatedly rejected, wait for any temporary lockout to clear, then retry carefully entering the code exactly as shown in the message body.
If none of the above recovery options succeed (no working security info, recovery form fails), the documentation indicates there is no additional manual method for support agents to override the automated recovery for personal Microsoft accounts.
References:
- My username and password have stopped working
- Troubleshoot Microsoft verification code issues
- Microsoft account has been locked
- Can't sign in to my email - Microsoft Q&A
- My account got hacked. - Microsoft Q&A
- My account got hacked - Microsoft Q&A
- My personal hotmail account hacked by hacker with authentication app enabled. - Microsoft Q&A
- I need to speak with a real person and it seems impossible. - Microsoft Q&A