PanicStation.org
UK USA
uk Technology & digital loss account takeover • identity details changed • profile changed without you • email changed on account • phone number changed on account • name changed on account • address changed on account • date of birth changed • security settings changed • can’t tell what changed • suspicious account alert • unauthorized account changes • hacked account warning • login alert you didn’t do • recovery details altered • account locked out risk • reset links not arriving • unknown device sign-in • identity info tampered with

What to do if…
a key online account says your identity details were changed and you cannot tell what was altered

Short answer

Treat it as an account takeover attempt: secure your email first, then lock down the affected account by changing the password, signing out everywhere, and replacing any recovery details you don’t fully control.

Do not do these things

  • Don’t click “review changes” links in the alert email/text unless you reached the site/app by typing the address yourself or using the official app (alerts can be phishing).
  • Don’t keep trying passwords repeatedly if you’re unsure — you can trigger lockouts while an attacker is still active.
  • Don’t rely on SMS-only codes if you can switch to stronger options later (some services still offer SMS, but it’s often not the best choice).
  • Don’t assume it’s “only this one account” until you’ve checked the email account and any saved payment methods.
  • Don’t delete the alert message yet — you may need the timestamp and wording when you contact support.

What to do now

  1. Get to a safer “clean” start point (2 minutes).
    Use a device you trust. If possible, update the device, then open a browser and type the service’s address manually (or use the official app).

  2. Secure your email account immediately (because it unlocks everything else).

    • Change your email password to a new, unique one.
    • Turn on 2-step verification for email.
    • In email settings: review security / recent activity, forwarding, and filter rules; remove anything you didn’t set.
    • Sign out of other sessions/devices from the email account’s security page.

  3. Lock down the affected account (even if you can still log in).
    In the account’s Security / Login / Privacy area:

    • Change the password (new, unique).
    • Sign out of all devices/sessions (often “log out of all devices”).
    • Remove unknown devices, browsers, or active sessions.
    • Revoke access for unfamiliar connected apps or “Sign in with…” connections.

  4. Rebuild your recovery details so you’re the only recovery route.

    • Replace the recovery email/phone with ones you control.
    • Check for alternate emails, backup codes, trusted devices, or a recovery key; reset/reissue them if you didn’t create them.
    • If the service supports it, switch to an authenticator app or passkeys and remove recovery options you don’t want.

  5. Find what changed (without guessing).
    Look for pages like Profile, Personal details, Account info, Addresses, Security, Payment, Documents/verification, or Settings → Account. Specifically check:

    • Name, date of birth, address(es)
    • Username/handle
    • Recovery email/phone
    • Two-step verification method
    • Any “contact preferences” email address
    • Any new linked accounts

  6. If you cannot access the account or you can’t view the altered details, use the provider’s official recovery flow and ask for a lock.
    Use the provider’s “recover hacked/compromised account” help pages. In your message include:

    • Approximate time of the alert
    • That you received a notice about identity details changed but cannot see what
    • Any suspicious logins/devices you can see
      Ask them to lock the account, revert recent profile changes, and confirm which fields were altered.

  7. If payment methods or money are involved, act as if your card/bank details might be next.

    • Remove stored cards/payment methods from the account (if safe to do so).
    • Check your bank/card app for pending transactions and set alerts.
    • If you see unauthorised transactions, contact your bank/card provider using the number on your card or in-app support.

  8. If you want to report it (or you’ve lost money/data), use the UK national fraud reporting route.

    • If you live in England, Wales or Northern Ireland, report cyber crime and fraud via Report Fraud (online or by phone).
    • If you live in Scotland, fraud is typically reported to Police Scotland via 101.

  9. If the company won’t correct inaccurate personal details, use your data rights path.
    Ask the organisation to rectify (correct) inaccurate personal data and to confirm what they hold. If you can’t resolve it with them, you can escalate as a data protection complaint to the ICO.

What can wait

  • You do not need to figure out how it happened right now.
  • You do not need to change every password you’ve ever used — focus on email + this account + anything sharing the same password.
  • You do not need to decide today whether to close the account permanently (stabilise first; decide later).

Important reassurance

These alerts are designed to alarm you — but the situation is usually stabilisable if you secure the email “root account”, sign out all sessions, and replace recovery details. Moving carefully (official app/site only, one account at a time) is faster than panic-clicking.

Scope note

This is first steps only for the first hour or two. If the account is financial, work-related, or connected to official identity checks, you may need the provider’s specialist support and (if losses occur) formal reporting.

Important note

This guide provides general information and practical first steps, not legal or professional advice. Processes and labels vary by service; use the provider’s official recovery pages and support channels for account-specific instructions.

Additional Resources
Support us