PanicStation.org
UK USA
us Technology & digital loss unknown login location • sign-in alert not me • suspicious account activity • someone logged into my account • login from new device • unexpected security email • account takeover signs • strange location on account • unfamiliar ip address login • email account may be hacked • social media account accessed • password reset i did not request • sessions i don’t recognise • hacked account recovery • unauthorised access • two factor authentication • recovery email changed • new device signed in • apps connected i didn’t add

What to do if…
you find account activity showing logins or locations that are not yours

Short answer

Assume compromise: secure your email first, then change the affected account password, sign out of all devices/sessions, and turn on multi-factor authentication (MFA).

Do not do these things

  • Don’t click “security alert” links in emails/texts unless you independently open the real site/app yourself (phishing often follows login alerts).
  • Don’t reuse an old password or a variation of it.
  • Don’t skip your email account — attackers often use it to reset other passwords.
  • Don’t keep browsing while you “watch what happens”; end sessions first.
  • Don’t share verification codes with anyone (including someone claiming to be “support”).
  • Don’t submit reports or personal info on lookalike “crime reporting” sites: if you need to report to IC3, type ic3.gov directly and be cautious of “sponsored” search results.

What to do now

  1. Go to the real site/app (not a link) and check account security

    • If you’re locked out, use the provider’s official recovery process.
    • If you’re in, go to Security / Sign-in activity immediately.

  2. Secure your email account immediately

    • Change the email password.
    • Confirm recovery email/phone are yours.
    • Look for suspicious mailbox rules/forwarding and remove anything you didn’t set.

  3. Sign out everywhere

    • Use “sign out of all devices” / “log out of all sessions”.
    • Remove unknown devices and revoke unknown third-party app access.

  4. Change the password the safe way

    • Make it unique to this account.
    • If you reused that password elsewhere, change those next — prioritize email, banking, shopping, mobile carrier, and work accounts.

  5. Turn on MFA (two-factor authentication)

    • Use an authenticator app or device prompt if available.
    • Store backup codes safely (not only in the potentially compromised email).

  6. Review and undo damage

    • Check for changes to: recovery info, new “trusted devices,” new payment methods, shipping addresses, or messages/posts you didn’t send.
    • If it’s social/messaging, warn contacts only after you’ve secured the account.

  7. If there’s financial loss or account takeover fraud, report it

    • If money was stolen, purchases were made, or an account was taken over for fraud, consider filing a complaint with the FBI’s Internet Crime Complaint Center (IC3) (make sure you’re on the real site).
    • If you see identity theft (new accounts, tax/benefits issues, or personal data being used), start a recovery plan at IdentityTheft.gov.

  8. If a bank/card is involved, treat it as urgent

    • Contact the bank/card issuer through the number on your card or their official app/website.
    • Ask them to stop/cancel suspicious transactions and secure the account.

What can wait

  • You don’t need to figure out exactly how they got in before securing access.
  • You don’t need to delete accounts or wipe devices as your first move.
  • You don’t need to change every password today — focus on email + reused passwords + financially important accounts first.
  • If you suspect identity theft, you can later consider a credit freeze or fraud alert and check your credit reports (do this after you’ve locked down email and key accounts).

Important reassurance

This kind of alert can make you feel instantly unsafe or watched. Most harm happens in the first minutes when people click rushed links or delay locking down accounts. Taking control (email → sessions → password → MFA) is a strong, practical response.

Scope note

This is first-steps guidance to stop immediate harm and regain control. If you keep getting re-compromised, or if identity theft/financial fraud is involved, you may need additional help from the provider’s support, your bank’s fraud department, or formal reporting channels.

Important note

This is general information, not legal or professional advice. If you can’t regain access to key accounts (email, banking, work) or you see active financial loss, contact the provider/bank using verified official channels right away.

Additional Resources
Support us