PanicStation.org
UK USA
us Technology & digital loss unknown app connected to account • unrecognised third party app access • suspicious app permissions • linked app i did not approve • connected apps security alert • oauth consent i did not grant • new app connected to my account • random app has access • account access granted unexpectedly • strange integration on my account • someone linked an app to my account • unexpected login with permissions • account takeover warning • third party access to email • third party access to google account • third party access to microsoft account • sign in with apple app i dont know • connected services i dont recognise • suspicious sign in and app access • app connected after phishing

What to do if…
a third-party app you do not recognise is suddenly connected to your main account

Short answer

Assume your account may be compromised. Revoke the unknown app’s access immediately, then reset the account security (password + MFA) and check for additional changes like new recovery info or forwarding rules.

Do not do these things

  • Don’t click “secure your account” links in an alert email/text — go straight to the real site/app by typing it or using a known bookmark.
  • Don’t ignore the app because “it only has basic access” — some permissions (or “offline access”) are enough to cause serious damage.
  • Don’t keep using the account for password resets or financial logins until you’ve removed the app and secured sign-in.
  • Don’t reuse an old password, or “almost the same” password, across accounts.
  • Don’t wipe all evidence (emails/alerts) before you’ve taken screenshots and checked what changed.

What to do now

  1. Sign in safely (not through the alert).
    Open a fresh browser/app and sign in using a trusted route.

  2. Revoke the unknown app’s permissions.
    In Security / Privacy / Connected apps / Third-party access / App permissions:

    • remove the unfamiliar app/integration
    • remove anything you don’t actively use
    • treat “read email,” “manage account,” “full access,” and “offline access” as urgent

  3. Sign out everywhere and remove unknown devices/sessions.
    Use “sign out of all sessions” and remove devices you don’t recognize.

  4. Change your password right away.
    Use a long, unique password. If this password was reused anywhere else, change those accounts too (start with email, banking, and password manager).

  5. Turn on MFA (multi-factor authentication).
    Enable MFA in account security settings. If available, prefer an authenticator app or security key over SMS.

  6. Check account recovery details and security backdoors.
    Confirm (and remove anything you didn’t add):

    • recovery email(s) / phone number(s)
    • backup codes / trusted devices
    • app passwords, access tokens, API keys (if the service supports them)

  7. If this is your email (or your email is the recovery hub), check forwarding and filters.
    Review forwarding, filters/rules, and delegated access and remove anything unfamiliar. This is a common way attackers keep access and intercept resets.

  8. Scan the device you used to approve the app (if you’re not sure how it happened).
    Update your device and run a reputable malware/antivirus scan (especially on Windows/macOS). If you consistently get surprise approvals, treat your device as potentially compromised.

  9. If there’s identity theft risk or financial impact, use the official reporting path.
    If someone used your account to open accounts, make purchases, or impersonate you, report and follow the guided recovery steps through the federal identity theft site. Also contact your bank/card issuer using the number on your card or official app.

  10. Contact the account provider’s support if you can’t fully remove access.
    If the unknown app keeps reappearing, you can’t sign out other sessions, or settings keep changing, escalate through the provider’s official recovery/support flow.

What can wait

  • You do not need to decide right now whether to delete your account or publicly announce the breach.
  • You do not need to rebuild your entire digital life in one sitting — focus on blocking access and securing sign-in first.
  • You can do deeper cleanup (review all connected apps, rotate more passwords, credit monitoring decisions) after you’ve stabilized access.

Important reassurance

A sudden “connected app” is a common tactic and it’s designed to make you react fast. Removing the app and locking down sign-in usually stops the ongoing access quickly, and then you can handle any fallout step by step.

Scope note

These are immediate first steps to reduce harm. If the account is tied to business systems, payments, or you see signs of wider compromise, you may need provider support and (if applicable) identity theft recovery steps.

Important note

This is general information, not legal, financial, or forensic advice. If active fraud is underway, prioritize contacting your financial institutions and using official reporting channels.

Additional Resources
Support us