'%3e%3cpath%20d='M0,0%20v30%20h60%20v-30%20z'%20fill='%23012169'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23fff'%20stroke-width='6'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23C8102E'%20stroke-width='4'%20clip-path='url(%23s)'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23fff'%20stroke-width='10'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23C8102E'%20stroke-width='6'/%3e%3c/g%3e%3c/svg%3e)
UK
%20--%3e%3cuse%20href='%23s'%20x='0'%20y='0'/%3e%3cuse%20href='%23s'%20x='494'%20y='0'/%3e%3cuse%20href='%23s'%20x='988'%20y='0'/%3e%3cuse%20href='%23s'%20x='1482'%20y='0'/%3e%3cuse%20href='%23s'%20x='1976'%20y='0'/%3e%3cuse%20href='%23s'%20x='2470'%20y='0'/%3e%3cuse%20href='%23s'%20x='247'%20y='210'/%3e%3cuse%20href='%23s'%20x='741'%20y='210'/%3e%3cuse%20href='%23s'%20x='1235'%20y='210'/%3e%3cuse%20href='%23s'%20x='1729'%20y='210'/%3e%3cuse%20href='%23s'%20x='2223'%20y='210'/%3e%3cuse%20href='%23s'%20x='2717'%20y='210'/%3e%3cuse%20href='%23s'%20x='0'%20y='420'/%3e%3cuse%20href='%23s'%20x='494'%20y='420'/%3e%3cuse%20href='%23s'%20x='988'%20y='420'/%3e%3cuse%20href='%23s'%20x='1482'%20y='420'/%3e%3cuse%20href='%23s'%20x='1976'%20y='420'/%3e%3cuse%20href='%23s'%20x='2470'%20y='420'/%3e%3cuse%20href='%23s'%20x='247'%20y='630'/%3e%3cuse%20href='%23s'%20x='741'%20y='630'/%3e%3cuse%20href='%23s'%20x='1235'%20y='630'/%3e%3cuse%20href='%23s'%20x='1729'%20y='630'/%3e%3cuse%20href='%23s'%20x='2223'%20y='630'/%3e%3cuse%20href='%23s'%20x='2717'%20y='630'/%3e%3cuse%20href='%23s'%20x='0'%20y='840'/%3e%3cuse%20href='%23s'%20x='494'%20y='840'/%3e%3cuse%20href='%23s'%20x='988'%20y='840'/%3e%3cuse%20href='%23s'%20x='1482'%20y='840'/%3e%3cuse%20href='%23s'%20x='1976'%20y='840'/%3e%3cuse%20href='%23s'%20x='2470'%20y='840'/%3e%3cuse%20href='%23s'%20x='247'%20y='1050'/%3e%3cuse%20href='%23s'%20x='741'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1050'/%3e%3cuse%20href='%23s'%20x='0'%20y='1260'/%3e%3cuse%20href='%23s'%20x='494'%20y='1260'/%3e%3cuse%20href='%23s'%20x='988'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1260'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1260'/%3e%3cuse%20href='%23s'%20x='247'%20y='1470'/%3e%3cuse%20href='%23s'%20x='741'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1470'/%3e%3cuse%20href='%23s'%20x='0'%20y='1680'/%3e%3cuse%20href='%23s'%20x='494'%20y='1680'/%3e%3cuse%20href='%23s'%20x='988'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1680'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1680'/%3e%3c/g%3e%3c/svg%3e)
USA
What to do if…
a key online account says your identity details were changed and you cannot tell what was altered
Short answer
Assume account takeover: secure your email first, then secure the affected account by changing the password, signing out everywhere, and replacing recovery options so only you can reset it.
Do not do these things
- Don’t use links in the alert message unless you reached the service by typing the address yourself or using the official app (alerts can be phishing).
- Don’t keep trying passwords over and over — repeated attempts can lock you out while someone else stays signed in.
- Don’t leave the account “as-is” while you investigate — the safest move is to end sessions and reset recovery options first.
- Don’t ignore saved payment methods or shopping accounts — attackers often pivot to stored cards or gift cards.
- Don’t delete the alert message yet — keep it for timestamps and wording when you contact support.
What to do now
-
Start from a trusted device and go direct to the real service.
If possible, update the device, then open a browser and type the site address yourself (or use the official app). Avoid clicking through from email/text. -
Lock down your email account first (it’s the master key).
- Change your email password to a new, unique one.
- Turn on two-factor authentication (2FA).
- Review email security settings for forwarding, filters/rules, and signed-in devices; remove anything you didn’t set.
- Sign out of other sessions/devices from the email security page.
-
Secure the affected account (even if you still have access).
In Security / Login / Privacy settings:- Change the password (new, unique).
- Sign out of all devices / end all active sessions.
- Remove unknown devices and revoke unfamiliar third-party app access.
-
Rebuild recovery methods so only you can recover it.
- Replace recovery email/phone with ones you control.
- Reset/reissue backup codes or recovery keys if offered (especially if you didn’t create them).
- If possible, switch to an authenticator app or passkeys and remove recovery options you don’t want.
-
Check what was changed (systematically).
Look at Profile/Account info, Personal details, Addresses, Security, and Payment pages. Specifically verify:- Name, address, date of birth (if present)
- Username/handle
- Recovery email/phone
- 2FA method
- Any newly linked accounts or “Sign in with…” connections
-
If you can’t see the details or can’t regain access, use the provider’s official recovery flow and request a lock.
Use the service’s “hacked/compromised account” recovery pages. Tell support:- You received an alert that identity details changed but can’t tell what
- The approximate time of the alert
- Any suspicious devices or logins you can see
Ask them to lock the account, reverse recent profile changes, and confirm exactly which identity fields were changed.
-
If money or stored payment methods are involved, take parallel action.
- Remove saved cards/payment methods from the account if you can.
- Check your bank/card transactions and enable alerts.
- If you see unauthorized transactions, contact your bank/card issuer using the number on your card or in your banking app.
-
If you suspect identity theft beyond this one account, start the official recovery plan.
Go to IdentityTheft.gov to report it and get a recovery plan you can save and follow. Depending on your situation, you may also choose a fraud alert or a credit freeze (a freeze often requires contacting each credit bureau). -
If you want to file a cybercrime report (especially if money was lost), use the FBI’s internet crime reporting portal.
Keep your alert message(s), dates/times, and any transaction details so you can enter them accurately.
What can wait
- You don’t need to determine exactly how the compromise happened right now.
- You don’t need to reset every password today — focus on email + this account + any account that reused the same password.
- You don’t need to decide whether to permanently delete the account right now — stabilize access first.
Important reassurance
Alerts like this feel urgent because they are. But most account takeovers can be contained quickly by securing email, ending all active sessions, and taking control of recovery options. It’s normal to feel shaky — follow the steps in order and avoid risky clicks.
Scope note
This is first steps only meant for the first hour or two. If the account involves banking, government services, or identity verification, you may need the provider’s specialist security team and additional identity-theft steps.
Important note
This guide provides general information and practical first steps, not legal advice. Labels and recovery options vary by company; rely on the provider’s official support and recovery pages for the exact process.