How to Tell if Your Account Has Been Hacked
How to check if your Gmail, Facebook, Instagram, Twitter, and other accounts have been hacked.
Image: Cathryn Virginia/Motherboard
The Weakest Link is Motherboard's third, annual theme week dedicated to the future of hacking and cybersecurity. Follow along here.
Hackers routinely target high profile victims like politicians or wealthy cryptocurrency investors. But you could become a target too. Maybe an abusive former partner wants to stalk you, or a run-of-the-mill cybercriminal wants to get into your bank account.
If you think you have been targeted, or worse, hacked, how can you even tell if someone got hold of your account?
That’s actually a really hard question to answer, as different online services offer different types of data, and it’s usually not that easy to find. In this small guide, we’ll teach you the basic steps you can take to see if there’s any trace of an intrusion in your online accounts, such as Gmail, Microsoft’s email, Facebook, and Twitter.
A word of caution: sometimes, you won’t be able to get a definitive answer on whether there’s been a breach. If you think there was, we suggest talking to a professional, such as your local IT store employee, or Access Now’s digital security helpline. Also, this guide only covers breaches of online services, if a hacker has broken into your computer, all these services could be compromised and the techniques described here wouldn’t necessarily help you detect that kind of breach.
The first thing you need to do if you suspect someone has gotten into your Gmail account is check “Last Account Activity.” You can find it in the bottom right corner of your main Gmail interface.
This will pop up a window that will look like this:
Do you recognize the devices and IP addresses listed here? If you don’t, and you see a strange-looking one (perhaps the location is in another country you’ve never been to), that might be a sign someone has entered your Gmail account. In that case, click on “Sign out all other web sessions,” which will log out anyone else except for you, and change your password right away.
Then, go to your Google account security dashboard (https://myaccount.google.com/security) and go through the security checkup and complete all the steps. In particular, review what apps have permission to access information on your account. Do you recognize them? If not, revoke the permissions. Here you’ll also be able to see if there were any security “events,” and check your two-factor authentication settings.
Finally, check to see if the hackers have added any filters, email redirects, or forwarding settings to surreptitiously steal your emails or hide the fact that they’re doing it. Also, check the trash to see if some revealing emails have been removed by the attackers.
If you find anything suspicious, change your password.
The email service of the computing giant offers similar mechanism as Google’s. Go to https://account.microsoft.com/security and click on Review Activity to see recent logins and other activity.
This will give you a page that looks like this:
If you see anything suspicious, go back to the main Security page and then click on change password.
Just like Google and Microsoft, Yahoo gives users the ability to see some information on what devices and IP addresses were used to log into the account.
To see this data, go to https://login.yahoo.com/account/activity.
If you click on the individual devices displayed in the list, you’ll be able to see more information about them, such as the IP address, the time, and location they logged in for the last 30 days.
Yahoo also has a page that helps users identify legitimate Yahoo websites, requests, and communications, to help them spot fake ones.
If anything looks off in your Recent activity page, change your password.
The social network has an array of tools that help you figure out if something sketchy is going on. Head on to Facebook’s Security and Login page (https://www.facebook.com/settings?tab=security). Here you can see where you’re logged in, a feature similar to Gmail’s.
If you hover over the device, it will also display the IP address.
We also recommend turning on the setting “Get alerts about unrecognized logins,” which will prompt Facebook to warn you if someone from a new IP address or location logins into your account.
If you think someone has hacked into your account, check App passwords and Authorized Logins to see if there’s anything suspicious, if there is, remove it. If you think something went wrong, change your password immediately, that should also log out any hacker.
The microblogging service doesn’t have as detailed or granular mechanisms to figure out if you have been hacked. If you are worried, go to https://twitter.com/settings/sessions and see what devices have been used to access your account. Unfortunately, this does not display IP addresses.
Again, if you see anything suspicious log it out and then change your password. Also, since you’re here, review the apps that have access to your Twitter account.
The photo-sharing social network has a feature to check previous logins, but it’s fairly limited in the kind of data you can see. All it displays is the date and time of login, no location, no IP address.
To check it, go to https://www.instagram.com/accounts/access_tool/ and click View All under Activity, Logins.
If you’re using the mobile app, click on the hamburger menu on the top right corner, then Settings in the bottom right corner, scroll down to Privacy and Security, and click on Account Data. Then scroll down and click on view All under Activity, Logins.
If you see a suspicious login—though it may be hard to tell given the lack of data here—change your password immediately.
The video gaming platform does not allow you to see what computers or IP addresses are logged in. But if you’re concerned about a hacker having broken in, go to https://store.steampowered.com/account/, click on Manage Steam Guard under Account Security, and then click on “Deauthorize all other devices.”
This will force log out anyone else who’s logged into your account. We suggest you then change your password.