PanicStation.org
UK USA
uk Technology & digital loss unknown login location • sign-in alert not me • suspicious account activity • someone logged into my account • login from new device • unexpected security email • account takeover signs • strange location on account • unfamiliar ip address login • email account may be hacked • social media account accessed • password reset i did not request • sessions i don’t recognise • hacked account recovery • unauthorised access • two-step verification setup • recovery email changed • new device signed in • apps connected i didn’t add

What to do if…
you find account activity showing logins or locations that are not yours

Short answer

Treat this as a real compromise until proven otherwise: secure your email first, then change the affected account password, sign out of all devices/sessions, and turn on 2-step verification.

Do not do these things

  • Don’t click “security alert” links from texts/emails to “fix it” unless you independently open the service/app yourself (phishing often follows).
  • Don’t reuse an old password or a “slightly changed” version of it.
  • Don’t ignore your email account — attackers often use it to reset other passwords.
  • Don’t keep “staying logged in everywhere” while you investigate; end sessions first.
  • Don’t assume the location is “just wrong” if it’s paired with new devices, password reset emails, or changed settings.

What to do now

  1. Open the service/app directly (not from a link) and take back control

    • If you can’t log in, use the provider’s official account recovery flow.
    • If you can log in, go straight to Security / Sign-in activity.

  2. Secure your email account immediately (even if the alert wasn’t about email)

    • Change your email password.
    • Check for mail forwarding and filters/rules you didn’t create (attackers use these to silently copy emails and password resets).
    • Confirm recovery email/phone details are yours.

  3. Kick out other sessions

    • Use “sign out of all devices” / “log out of all sessions”.
    • Remove any unknown devices and revoke access for unknown apps connected to the account.

  4. Change the password properly

    • Make it unique to this account (not used anywhere else).
    • If you reused that password on other sites, change those next — start with: email, banking, shopping, mobile network, and any work accounts.

  5. Turn on 2-step verification (2SV)

    • Prefer an authenticator app or device-based prompt if offered.
    • Save backup codes somewhere safe (not in the compromised inbox).

  6. Check what was changed and undo it

    • Look for changes to: recovery email/phone, new admin roles, new “trusted devices”, new payment methods, new addresses, new rules, or messages sent.
    • If it’s a messaging/social account, warn contacts only after you’ve secured it (to avoid sending from a compromised account).

  7. If money or purchases are involved, act like fraud

    • Contact your bank/card provider using the number on your card or their official app/website.
    • Ask them to cancel/stop suspicious transactions and secure the account.

  8. Report it if it’s a cyber crime or fraud

    • If you’re in England, Wales, or Northern Ireland, report via Report Fraud (Action Fraud).
    • If you’re in Scotland, report to Police Scotland (call 101 for non-emergency).

What can wait

  • You don’t need to prove how they got in right now.
  • You don’t need to delete your account, wipe devices, or publicly explain anything until you’ve regained control.
  • You don’t need to change every password on the internet tonight — focus on email + any reused passwords + financially important accounts first.
  • If you suspect your personal details are being used to open accounts or apply for credit, you can later check your credit file and consider CIFAS Protective Registration (but don’t let this distract from locking down email and key accounts first).

Important reassurance

Seeing an unfamiliar login/location is genuinely unsettling, and it’s common to freeze or start clicking everything. A calm “lock it down first” sequence (email → sessions → password → 2SV) is usually enough to stop the immediate damage and buy you breathing room.

Scope note

This is first-steps guidance to regain control and reduce harm. If you later discover identity theft, financial loss, or repeated re-compromise, you may need more specialist support (provider support, bank fraud teams, workplace IT, or police reporting).

Important note

This is general information, not legal or professional advice. If you feel at risk of immediate financial loss, or you can’t regain access to key accounts (email, banking, work), prioritise contacting the provider/bank through their official channels.

Additional Resources
Support us