How to Tell If Your Email Has Been Hacked

If you believe your email has been hacked, stop and change your password immediately. Not after this article. Not in five minutes. Do it first, then come back. We will still be here.

Email security is something I take seriously because it is the reset key for almost every online account you have. If someone else has access to it, they do not need to rush or make noise. They can quietly watch incoming messages, reset passwords elsewhere, and lock you out later.

In this guide, I will walk through the clear signs to tell if your email has been hacked, how attackers usually get access, exactly how to check whether your email has been exposed, and what to do about it.

Warning Signs Your Email Has Been Hacked

Most email compromises are discovered through small clues, not obvious takeovers. One sign alone does not always mean your account is hacked, but patterns matter.

Watch for these red flags:

• Password reset emails you did not request
• Security alerts about new logins you do not recognize
• Login notifications from unfamiliar locations or devices
• Emails in your Sent folder that you did not send
• Messages marked as read or deleted that you never opened
• Changes to account settings, forwarding rules, or recovery options
• Contacts receiving spam or phishing emails from your address
• Automatic replies you did not set
• Account recovery emails going to an address you do not recognize

One of the most common things I personally have seen is the creation of new email rules. Attackers often set rules that automatically move incoming messages to the Deleted folder so you don’t start receiving replies from people asking whether a suspicious email they received from you is legitimate. They also want to try and prevent you from seeing a barrage of auto-replies, since those responses can quickly alert you that your account is being used to send bad emails to your contacts.

If you notice more than one of these warning signs, treat it seriously and act quickly to secure your account. Changing your password may feel inconvenient, but losing control of your account entirely is far worse.

How Attackers Usually Get Access

Email accounts are rarely hacked through brute force. In most cases, access is handed over without the victim realizing it.

Common ways this happens:

• Phishing emails that look like shipping notices, invoices, or security alerts
• Fake login pages that closely resemble your email provider
• Reused passwords exposed in older data breaches
• Malware on a device that captures saved credentials
• Public Wi-Fi attacks that intercept login credentials

Many email compromises start with phishing messages that look completely legitimate. To learn how to spot these before they cause damage, read How to Spot Scam Emails.

How to Check If Your Email Was Exposed in a Data Breach

One of the easiest ways to assess risk is to check whether your email address has appeared in known data breaches. This does not mean your email has been hacked, but it does indicate your address and possibly a password were exposed somewhere online.

Have I Been Pwned

Have I Been Pwned is a widely trusted breach notification site used by security professionals, companies, and governments.

How to use it:

• Go to the site
• Enter your email address
• Review any breaches listed

Why this matters:

• It shows which services were breached and when
• It helps identify password reuse risk
• It does not require you to enter a password

If your email appears in multiple breaches and you reused passwords, your email account is at higher risk even if nothing looks wrong yet.

Google Dark Web Report

If you have a Google email address, you can also use Google’s built-in Dark Web Report to monitor for data breaches.

If you use a non-Google email address, such as Outlook.com, you can still use this feature by adding and verifying that email in your Google account, but the experience is more limited.

This is especially useful if your email is tied to a large number of online accounts.

Why You Should Test Your Email Even If Nothing Seems Wrong

Most compromised accounts show no obvious symptoms at first. Attackers often wait before taking action, especially if the email can be used to reset other accounts.

Checking your email against breach databases helps you:

• Understand your exposure history
• Decide whether a password change is urgent
• Prioritize securing high-risk accounts

Even if no breaches are found, confirming that gives peace of mind.

What To Do If Your Email Has Been Hacked

If you have not already changed your password, do that first.

Then work through this checklist:

Immediate actions to secure account:

• Change your email password to something completely new and unique
• Enable two-factor authentication if it is not already on
• Log out of all active sessions in your email provider’s security settings
• Review and remove any third-party apps or services connected to your email account that you do not recognize

Within the next hour:

• Review recent login activity if your provider shows it
• Check recovery email addresses and phone numbers for unauthorized changes
• Look for unfamiliar forwarding rules or filters in your email settings
• Review and change passwords on your most important accounts (banking, shopping, social media)
• Scan your primary device for malware using Windows Defender, Malwarebytes, or your device’s built-in security tools
• If your email provider supports it, enable login and security alerts so you are notified immediately of new sign-ins or account changes.
• If suspicious emails were sent, let your contacts know your email has been hacked so they do not interact with any recent messages.
• Contact your email provider through their official support or account recovery process to report the compromise.
• After changing your password, take a moment to review and update your security questions.

Do not skip the recovery options. Attackers often change those first so they can regain access even after you secure your account.

What If You Are Locked Out Completely

If your email has been hacked and the attacker changed your password so you cannot get back in, you need to quickly follow these steps.

Immediate steps:

• Use your email provider’s account recovery process right away
• Have your phone ready for verification codes
• Prepare backup email addresses or security questions
• Contact your email provider’s support directly if automated recovery fails

While locked out:

• Change passwords on your most critical accounts, even if they do not use your email address for login, prioritizing banks, credit cards, investment accounts, and other financial services.
• Enable login alerts on financial accounts
• Monitor your bank and credit card statements closely
• Consider placing a fraud alert on your credit report if the compromise seems serious

Time matters here. Most providers give you a window to recover your account before permanent changes take effect.

Lock It Down So It Does Not Happen Again

Once you regain control, focus on preventing a repeat.

Core security steps:

• Enable two-factor authentication on your email account
• Use a unique password that is not used anywhere else
• Store passwords in a reputable password manager
• Review and remove unused third-party app connections in your account settings
• Set up login alerts so you know immediately if someone else tries to access your account

Build better habits:

• Be cautious with urgent or threatening emails
• Verify sender addresses before clicking links
• Never enter your password on a page you reached by clicking a link in an email
• Keep your devices updated and run regular security scans

If you only take one step from this list, make it two-factor authentication. It adds a critical layer of protection even if your password is compromised.

For a full breakdown of how two-factor authentication works and why it matters, read Two-Factor Authentication 101: Your Second Line of Defense.

Using a password manager makes it much easier to use strong, unique passwords without having to remember them all. For a clear explanation of how they work and why they matter, read Password Managers 101: What They Are and How They Work.

Why Email Is the Master Key to Your Online Life

Email controls password resets for:

• Banks and credit cards
• Social media accounts
• Shopping sites and retail accounts
• Cloud storage and subscriptions
• Work accounts and professional services
• Medical portals and insurance accounts

If your email has been hacked successfully, they can quietly expand access elsewhere without touching those accounts directly. They reset passwords, intercept verification codes, and move through your digital life methodically.

This is why email security is not just about protecting your inbox. It is about protecting everything connected to it.

When to Take This Further

You should escalate if you notice:

• Financial alerts or unauthorized purchases you did not make
• Multiple accounts locked or compromised beyond just email
• Continued login attempts after securing your account
• Identity theft warning signs like new credit inquiries or accounts in your name
• Threats, blackmail, or harassment using information from your email

For financial issues, contact your bank and credit card companies immediately.

If your email compromise leads to identity theft signs, you may need to take additional protective steps. For a practical starting point, see Identity Theft 101: Identity Protection Starter Guide.

For ongoing harassment or threats, document everything and consider contacting local law enforcement.

Final Thoughts

Wondering if your email has been hacked can be scary. But it is often fixable if caught early. You do not need to be highly technical to secure your account, but you do need to act deliberately.

If you do nothing else, do this:

• Change your email password right now if you have not already
• Turn on two-factor authentication today, not later
• Check Have I Been Pwned to see if your email appears in known breaches
• Review your email security settings this week
• Set up a password manager to prevent password reuse going forward

Many people do not think about email security until their email has been hacked and they experience how difficult recovery can be. You are already ahead by taking the time to read this. The difference between a minor inconvenience and a major security incident is often just a few preventive steps taken early.

Your email is the foundation of your online security. Treat it that way.