PanicStation.org
UK USA
uk Technology & digital loss security questions changed • security questions reset • account recovery altered • account settings changed • password reset not me • suspicious login alerts • unauthorized account changes • account takeover • email account compromised • recovery email changed • recovery phone changed • two factor turned off • login from new device • unknown devices signed in • reset links you didnt request • cant access my account • locked out of account • hacked account help • scammer changed my details

What to do if…
your account security questions are changed or reset and you did not do it

Short answer

Treat this as an account takeover attempt: secure your email first, then immediately use the account provider’s recovery flow to regain control and undo security-setting changes.

Do not do these things

  • Don’t keep logging in repeatedly from multiple devices “to see if it works” — it can lock you out or confuse recovery checks.
  • Don’t click password-reset links or “security alert” links from messages you weren’t expecting; go directly to the provider’s official site/app instead.
  • Don’t reuse an old password “just to get back in quickly”.
  • Don’t share one-time codes, backup codes, or security-question answers with anyone (including someone claiming to be support).
  • Don’t assume it’s “only one account” — if your email is affected, other accounts can be at risk too.

What to do now

  1. Pause and switch to a safer device and connection. If you can, use a different (trusted) device than the one you normally use, and avoid public Wi-Fi while recovering accounts.
  2. Secure your email account immediately (this is the key).
    • Sign in to your email via the official site/app.
    • Change the email password to a strong, unique one.
    • Turn on multi-factor authentication (MFA) if available.
    • Check for forwarding, filters/rules, or auto-delete/archiving you didn’t create, and remove them.
    • Check for any delegated access/mailbox access, connected apps, or app passwords you don’t recognise, and remove/revoke them where possible.
    • Review recent sign-ins / security activity and sign out of other sessions if the provider offers it.
  3. Start the affected account’s official recovery process.
    • Go to the provider’s help/recovery page from their official site (not from an email link).
    • Complete their recovery checks and request a review of security settings changes (security questions, recovery email/phone, trusted devices).
  4. Once you’re back in, lock the account down in a single pass.
    • Change the password (unique; long) and sign out of other devices/sessions (often called “log out of all devices”).
    • Re-enable MFA and update recovery options (recovery email/phone).
    • Replace security questions/answers with answers that are hard to guess and not based on real personal facts. Store them safely (e.g., in a password manager or written in a secure place you control).
  5. Check whether your phone number is at risk (SIM swap).
    • If you suddenly lost signal, received “SIM change” messages, or SMS codes stopped arriving, contact your mobile provider and ask them to secure the account and check for unauthorised SIM swaps.
    • If you use SMS for codes, consider switching to an authenticator app or security key where the provider supports it.
  6. Triage the “blast radius” (the next most-likely accounts).
    • Prioritise: banking/payment apps, your main social accounts, Apple ID/Google account/Microsoft account, and any accounts that can reset others.
    • Change passwords anywhere you reused the same one, and enable MFA.
  7. If money, purchases, or fraud is involved, act fast.
    • Contact your bank/card provider(s) using the number on your card or their official app.
    • For cyber crime or fraud in England, Wales, or Northern Ireland, report via Report Fraud. If you live in Scotland or it happened there, contact Police Scotland (101). Use 999 only if there’s immediate danger.

What can wait

  • You do not need to work out how it happened right now (phishing vs breach vs malware).
  • You do not need to delete all your accounts or wipe devices immediately.
  • You do not need to confront anyone you suspect.
  • You can leave “nice-to-have” security upgrades (new password manager, new email address) until after you’ve regained control.

Important reassurance

This is a common pattern in account takeovers, and it’s not a sign you “failed” — attackers often rely on stolen credentials and automated attempts. Focusing on email-first recovery and quickly re-locking settings is the most effective way to stop the damage.

Scope note

These are first steps to stabilise and regain control. Later steps (like device malware checks, long-term monitoring, or identity-protection measures) can come after you’ve secured access.

Important note

This guide is general information, not legal, financial, or technical-forensics advice. If you believe you’re at immediate risk or significant fraud is underway, contact your bank/provider and the appropriate reporting service urgently.

Additional Resources
Support us