Hacked Account Problems

Question

Sometime between may 14-15 of this year my Microsoft account got hacked. Hacker changed the email, password, and set up two step verification. My dad who manages my account received notifications that info was changed but couldn't do anything about it despite having access and parental controls over the account. My dad put in a form for Microsoft and I'm pretty sure all they did was delete or suspend the account. Why cant Microsoft just recognize that changing the email and password were made so quickly and from a different location showing the account was hacked. Also when i put in a recovery form and get a confirmation email about escalating the situation, and then replying to the email, would the reply delay the process in recovering the account?

Answer 1

Hi Jack, I'm John!

If the case was already escalated after submitting the recovery form, it usually means it was forwarded to a higher-level account recovery team for manual review.

Replying to the confirmation email normally does not delay the process unless the email specifically says not to respond. In most cases, your reply just gets attached to the existing case.

Since your dad already received notifications about the security changes, that information may help during the investigation. I would just recommend waiting for the escalation team’s response first before submitting multiple new recovery requests, as repeated submissions can sometimes complicate the review process.

Should you need further information in the meantime, please let me know. Thanks!

Answer 2

Microsoft consumer account recovery is handled almost entirely by automated security systems, not by manual review, even when a hack seems obvious (sudden changes, new location, fast email/password changes). Support agents are generally not allowed to override those systems or directly reset passwords or security info for personal accounts.

Why Microsoft doesn’t just “see” it was hacked and restore it

• When unusual activity is detected (new device/location, rapid changes), Microsoft may send alerts and sometimes block or challenge sign‑ins, but it still relies on:
  • The Recent activity and security flows where the owner marks “This wasn’t me” or “Secure your account” and then
  • The password reset and account recovery flows to prove ownership.
• For personal Microsoft accounts, agents cannot simply reverse changes based on a story or pattern of activity; they must rely on:
  • The Sign‑in Helper and hacked‑account flow: How to recover a hacked or compromised Microsoft account
  • The account recovery form, which is fully automated and checks the data submitted (old passwords, contacts, subject lines, etc.) against what is on record.
• If the hacker has changed the primary email, password, and security info (and especially enabled 2‑step verification), and the recovery form does not get enough matching data, the system may:
  • Keep the account under the attacker’s control, or
  • Lock/suspend/delete it to protect data, with no way for support to override.

Why parental controls did not prevent or reverse this

• Family/parental controls manage usage, screen time, and some permissions, but they do not give the parent the ability to bypass Microsoft’s security systems or forcibly reset a child’s account once the security info has been changed by an attacker.

Whether replying to the escalation email delays recovery

• For hacked accounts, the primary path is still the automated tools:
  • The hacked‑account helper: Start
  • The account recovery form: Account recovery form
• The confirmation or escalation email is typically informational and may include case details or next steps. Replying to that email does not speed up or meaningfully change the automated verification process, and there is no indication in the provided guidance that replying will delay it either.
• What matters for the decision is the data submitted in the official recovery flow, not email back‑and‑forth.

What can still be done

1. Use the hacked‑account helper and follow its flow: How to recover a hacked or compromised Microsoft account.
2. If sign‑in is still possible anywhere, immediately:
   • Change the password and
   • Review security info and recent activity as described in What happens if there's an unusual sign-in to your account.
3. If the hacker replaced all security info and the account shows “Security info change is still pending” or similar, follow the guidance in What does “Security info change is still pending” mean? and use the built‑in options on that screen (such as Let us know if you did not make the change).
4. If the recovery form repeatedly fails and security info has been fully replaced, moderators indicate that the account may be unrecoverable and support cannot override the automated decision.

---

References:

• How to recover a hacked or compromised Microsoft account
• What happens if there's an unusual sign-in to your account
• What does “Security info change is still pending” mean?
• Help with the Microsoft account recovery form
• Hello , welcome to Account help & learning
• My account got hacked. - Microsoft Q&A
• My account got hacked - Microsoft Q&A
• My personal hotmail account hacked by hacker with authentication app enabled. - Microsoft Q&A
• Need help with hacked microsoft account - Microsoft Q&A