PanicStation.org
UK USA
uk Technology & digital loss data export is ready email • unexpected data export link • account data download notice • i did not request data export • suspicious account export email • possible account takeover • someone accessed my account • export download email scam • phishing data export message • privacy export notification • account security alert email • unexpected download ready notice • account activity i dont recognise • compromised login suspicion • attacker requesting export • social media data export email • google data export ready email • microsoft data export ready email • app data export notification • email looks official but unsure

What to do if…
you receive a “data export is ready” email for an account you did not request

Short answer

Treat it as either a phishing attempt or a sign someone has access to your account. Do not click the email’s links—go directly to the service in your browser/app, secure the account, and cancel/revoke any export you didn’t request if the service allows it.

Do not do these things

  • Don’t click “download export” (or “review export”) links in the email, even if the branding looks perfect.
  • Don’t reply to the email or use any phone numbers/“support” links inside it.
  • Don’t assume it’s harmless because “it’s only a copy” — exports can include sensitive private data.
  • Don’t rush into deleting the account right now (that can make recovery harder and may not stop an attacker who’s already logged in).

What to do now

  1. Pause and switch channels (30 seconds).
    Open a new browser tab (or the official app) and type the service’s address yourself / use a trusted bookmark. Don’t use the email to navigate.

  2. Check whether the export is real (inside the account).
    Look for a “Data export / Download your data / Privacy / Security” area and see if there is an export shown as “requested / preparing / ready”.

    • If you cannot find any export activity inside the account, treat the email as phishing and skip to steps 7–8.
    • If you do find an export you didn’t request, assume account access is compromised and continue.

  3. If you can’t sign in, go straight to the provider’s official recovery path.
    Use the service’s own help/support pages to recover access (don’t use links in the email). Once you’re back in, continue with the steps below.

  4. Secure the account immediately (sessions + password + 2-step verification).
    In the account’s security settings, do the closest equivalent of these (order may vary by service):

    • Sign out of all devices / end all sessions (kicks out other logged-in sessions).
    • Change your password to a new, unique one (not a variation of an old password).
    • Turn on 2-step verification / 2FA (prefer an authenticator app if you have the option).

  5. Remove any “back doors” that keep an attacker in.
    Still inside security settings, check for:

    • New email addresses/phone numbers you don’t recognise (remove them).
    • Forwarding rules / auto-replies (especially on email accounts).
    • Connected apps / third-party access / “authorised devices” you don’t recognise (revoke them).
    • Recovery options (make sure they’re yours).

  6. Cancel/revoke the export if the service allows it, and record what you see.
    If there’s an option like “Cancel export” or “Delete download”, use it.
    Take screenshots of the export status page and any “recent activity / logins” page (time, location, device) in case you need support later.

  7. If this might be your email account, lock down email next.
    Your email is the reset key for many services. Immediately:

    • Change your email password, sign out everywhere, enable 2FA.
    • Check forwarding and filters/rules for anything you didn’t create.

  8. Report the message safely (UK).

    • If it looks like a scam email, forward it to report@phishing.gov.uk (don’t click anything first).
    • If you think you’ve been hacked and there’s fraud or financial loss, consider reporting via Report Fraud (Action Fraud).

  9. If this is a work or school account, escalate internally now.
    Contact your IT/helpdesk/security team using your organisation’s normal channel (not anything in the email). Ask them to check sign-ins, revoke sessions, and confirm whether an export was initiated.

What can wait

  • You do not need to decide right now whether to delete the account, confront anyone, or “do a full device overhaul.”
  • You can wait to review every privacy setting and old connected app once you’ve stopped access (sessions ended + password changed + 2FA on).
  • If there’s no sign of misuse after you secure the account, deeper forensics can wait.

Important reassurance

It’s common to feel a spike of panic when you see “export ready” because it sounds final. In many cases it’s either a phishing lure or an automated attacker trying to grab data quickly. Going directly to the service and locking the account down is the fastest way to regain control.

Scope note

These are first steps to stabilise the situation and prevent irreversible loss. If you confirm an export really was created, you may later want specialist help (work IT/security, the platform’s account recovery, or fraud support), but you don’t need to solve everything in the next hour.

Important note

This is general information, not legal or professional advice. Different services label exports and security controls differently, so use the closest equivalent settings available. If you can’t confirm what happened, prioritise “don’t click”, secure the account via official channels, and report the message.

Additional Resources
Support us