Share via

Compromised account

Armandas 0 Reputation points
2026-06-16T22:48:20.9066667+00:00

My other account has been compromised due to malware on my pc: LummaStealer, I've been trying to recover it through automated methods of Microsoft, but it has been unsuccessful. So I'm writing from my other account.

The account was compromised not long ago, around 2-3 hours ago as of this post. It was changed under a new alias, email address, so when I try to log in with my original, it says: account does not exist. If I try all the automated methods, like reset password, forgot username or account recovery form - the account simply does not exist, therefore it is not possible. But I do have screenshots of where it was logged in under that original email

I have:

  • Evidence and timestamps of the changes happening in my original email account
  • The attacker's email address
  • My old username
  • Old passwords
  • Could try to prove something with Minecraft, but its most likely been compromised too.
Windows for home | Windows 11 | Accounts, profiles, and login
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Darhyl Amizola 44,035 Reputation points Independent Advisor
    2026-06-16T23:25:53.5666667+00:00

    Hey there! Nice to meet you!

    I'm sorry you are experiencing this.

    Since the security info has been replaced by the hacker, I'm afraid there is no other working method to recover the Microsoft account, and Microsoft Support cannot help either.

    Please perform the workarounds outlined in this thread to help protect your device from malware attacks:

    https://learn.microsoft.com/answers/questions/5555106/im-having-trouble-removing-a-virus-malware-can-you

    Thank you for your understanding.

    Best regards,

    Darhyl

    Was this answer helpful?

    0 comments

  2. AI answer

    2026-06-16T22:48:36.02+00:00

    Follow these steps immediately to protect devices and attempt recovery. Since the compromise is very recent (2–3 hours), act as quickly as possible.

    1. Clean the infected PC before doing anything with accounts
      LummaStealer is credential‑stealing malware, so devices must be clean before changing any passwords.
      • Make sure Windows is fully updated.
      • Run a full antivirus scan using Windows Defender or another trusted antivirus. For Windows 10/11, Windows Defender is built in:
        • Select Start.
        • Type Windows Defender in Search or select Windows Defender.
        • Turn on protection and run a full scan.
      • Do not sign in to important accounts from this PC until scans are complete and threats removed.
      More detail is in Step 1: Clear your PC of viruses or malware before you change your password in the hacked‑account guidance.
    2. Try the official hacked/compromised account recovery flow
      Use Microsoft’s official guide for hacked accounts. It walks through:
      • Scanning for malware (already started above).
      • Changing or resetting the Microsoft account password.
      • Checking mailbox settings (forwarding, connected accounts, automatic replies) that an attacker may have altered.
      See: How to recover a hacked or compromised Microsoft account.
    3. Change or reset the Microsoft account password
      After the PC is clean:
      • If sign‑in is still possible, change the password immediately using the link in the hacked‑account article. Use a strong, unique password not used on any other site.
      • If sign‑in is no longer possible, use the password reset option from the same article.
    4. Check for unusual sign‑ins and activity
      Once access is regained (if possible):
      • Go to the Security basics page and open Recent activity.
      • Review sign‑ins and security events.
      • For any activity that is not recognized:
        • If it appears under Unusual activity, expand it and select This wasn’t me.
        • If it appears under Recent activity, expand it and select Secure your account.
      This helps Microsoft mark the activity as unauthorized and secure the account.
    5. Check and fix account settings the attacker may have changed
      After regaining access, review:
      • Connected accounts
      • Forwarding rules
      • Automatic replies
      These are specifically called out in the hacked‑account guidance because attackers often use them to keep reading or redirecting email even after a password change.
    6. Use the Microsoft account recovery form if normal reset fails
      If automated recovery (code to phone/email, standard reset) fails because the attacker changed security info:
      • Use the Microsoft account recovery form.
      • Provide as much accurate information as possible, including:
        • Old passwords.
        • Old username.
        • Details of recent activity and timestamps (the evidence already collected).
        • Any billing or service details that are requested.
      • After submitting, Microsoft sends the result to the working email specified within 24 hours.
      • If verification fails, it is possible to try again (up to two times per day), ideally from a familiar device and network.
      Note: Support agents are not allowed to send password reset links or directly change account details; the form is the only path when normal reset does not work.
    7. If the recovery form continues to fail
      Community and support answers indicate:
      • If the attacker has fully replaced the security info and the recovery form cannot verify ownership, there is no alternative method for Microsoft to restore access to a personal Microsoft account.
      • Microsoft Support cannot override the automated decision or manually grant access.
    8. Secure other accounts and devices
      Because LummaStealer targets many credentials:
      • Repeat malware scans on any other PCs where the account was used.
      • Change passwords for other important services (email, banking, game accounts such as Minecraft) from a known‑clean device.
      • Add alternate email and mobile phone numbers as security info on accounts that are still accessible so recovery is easier in the future.
    9. Monitor for further unusual activity
      • Watch for new unusual‑sign‑in alerts from Microsoft.
      • Use the Recent activity page regularly to confirm only legitimate sign‑ins are occurring.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.