PanicStation.org
UK USA
uk Technology & digital loss unknown app connected to account • unrecognised third party app access • suspicious app permissions • linked app i did not approve • connected apps security alert • oauth consent i did not grant • new app connected to my account • random app has access • account access granted unexpectedly • strange integration on my account • someone linked an app to my account • unexpected sign in with access • account takeover warning • third party access to email • third party access to google account • third party access to microsoft account • sign in with apple app i dont know • connected services i dont recognise • suspicious login and app access • app connected after phishing

What to do if…
a third-party app you do not recognise is suddenly connected to your main account

Short answer

Treat this as a possible account takeover. Immediately revoke the app’s access, then secure the account (password + 2-step verification) and check for other changes the attacker may have made.

Do not do these things

  • Don’t click “review”, “confirm”, or “secure your account” links in the alert email or pop-up — go to your account settings by typing the site address yourself.
  • Don’t assume “nothing happened” just because you can still log in — connected apps can keep access even if you change some settings.
  • Don’t keep using the account for sensitive tasks (banking, password resets) until you’ve removed the app and secured access.
  • Don’t reuse an old password or “small variation” of one you’ve used before.
  • Don’t delete all emails/notifications yet — keep them until you’ve stabilised access and understand what changed.

What to do now

  1. Get to a calmer, safer pause and use a trusted path in.
    Close the alert message. Open a new browser window and sign in by typing the service’s website/app directly (not via links in messages).

  2. Revoke the unknown app’s access right away.
    In your account’s Security / Privacy / Connected apps / Third-party access / Apps with access area:

    • remove the unfamiliar app/integration
    • remove any additional apps you no longer use
    • if you can see permissions/scopes, treat “read mail”, “offline access”, “manage account”, “full access” as urgent

  3. Force a sign-out everywhere (sessions/devices).
    Look for “Sign out of all devices” / “Log out of all sessions” / “Manage devices” and sign out anything you don’t recognise.

  4. Change your password (and stop reuse).
    Change the password for this account and any other account that used the same or a similar password. Use a long, unique password.

  5. Turn on 2-step verification (2SV) / 2FA / MFA.
    Enable it immediately if it’s available. Prefer an authenticator app or security key if you have one available; avoid relying only on SMS if you have other options.

  6. Check your recovery settings and contact details.
    In Security settings, confirm:

    • recovery email address(es)
    • phone number(s)
    • any “backup codes” or “trusted devices” lists
      Remove anything you didn’t add.

  7. Check your email account for forwarding rules/filters (if this is your email, or if your email is the “main” recovery route).
    Look for Rules / Filters / Forwarding / Delegates / Mailbox access and remove anything you don’t recognise. Attackers commonly add rules so they keep receiving your messages (including password resets).

  8. Look for evidence of what the app did.
    In recent activity / security log / “apps” history, check for:

    • logins from places/devices you don’t recognise
    • newly created API keys, tokens, or app passwords
    • changes to your profile, payment methods, or settings
      Screenshot key pages if you may need to show support later.

  9. If you suspect phishing, report the message using the UK reporting routes.

    • Emails: forward suspicious emails to report@phishing.gov.uk (don’t click links first). If your email app won’t let you forward it, take a screenshot and email that instead.
    • Texts: forward suspicious text messages to 7726 (it’s free).
      If the message claims to be from a specific organisation (for example HMRC), you can also use that organisation’s reporting route, but you don’t need to do that right now to protect your account.

  10. If money was lost or accounts were used for fraud, escalate promptly.

  • Contact your bank/card provider using the number on your card/app (not a message link).
  • In the UK, report cyber crime/fraud to Action Fraud (online reporting).
  • If you believe there’s immediate danger, use 999; if it’s urgent but not an emergency, 101.

What can wait

  • You do not need to decide right now whether to delete your account, start a public warning post, or confront anyone.
  • You do not need to do a full device “clean install” unless you have strong signs of malware — stabilise the account access first.
  • You can review every connected app slowly later; for now, remove what’s unknown and lock the account down.

Important reassurance

This happens to careful people, especially after one convincing login prompt or “permissions” screen. Taking the app off and securing sign-in usually stops the access quickly, and you can then work through any knock-on effects with much less pressure.

Scope note

These are first steps to stabilise access and reduce harm. If the account is business-critical, tied to payments, or you can’t regain control, you may need provider support and (if losses occurred) formal reporting.

Important note

This is general information, not legal, financial, or forensic advice. If you believe you’re at immediate risk of harm or active fraud is in progress, prioritise urgent help through the appropriate emergency or banking channels.

Additional Resources
Support us