Skip to content

Trending tags

What steps should you take when your email has been pwned?

Luciano Mondragon

28.09.22 5 min. read

4 steps to take if your email has been pwned

If your email has been pwned your personal information is in danger. This article guides you on what to do next. (PLUS! 5 tips on how to avoid getting pwned in the first place.)

What does being pwned mean?

Being pwned means that someone has taken control of your email address, or a user profile that has been created with it. And hacking an account is possibly the first step of identity theft, with online accounts often containing sensitive personal information, such as your credit card number, phone number, home address, and full name.

Identity theft can cause financial damage, intense personal stress, and a plethora of legal problems. And if your email account and password end up in the wrong hands, criminals can access your personal details and purchase goods in your name. Things can get even worse, though. Because if you have reused the same password and email on other accounts, criminals can access these profiles as well, increasing the risk of identity theft exponentially.

How does your email get pwned?

Your login credentials can be stolen in a – and there’s a significant data breach almost every week. So, it’s a good idea to regularly check if your information has been stolen in a data breach with F-Secure’s free Identity Theft Checker. But it doesn’t stop at data breaches. As your accounts can also be hacked through malware attacks, or through phishing scams.

But there’s no need to panic. If your account has been pwned, here are four things you can do to mitigate the risk:

1. Make sure your antivirus and operating system are up to date

Viruses and spyware can steal personal information and login credentials. Having up-to-date antivirus and operating systems on your devices is important in protecting your accounts from being pwned. The majority of core software that we use is regularly updated by vendors to prevent hackers from utilizing flaws and vulnerabilities. And so turn on automatic updates, which can save you from a lot of trouble if you do not yet have them enabled.

2. Scan your device for malware

If there is malware on your device, changing your account password isn’t enough. That’s because the attacker can steal your newly created password using malware. So, before you change any passwords, run a virus scan. If the scan detects an infection, deal with it first. If you already changed passwords, change them again. Because they might have already been compromised.

3. Now, change your passwords

Changing your password is the most important thing to do if your account has been pwned. If you have reused your password on other accounts, you should change passwords for those accounts as well.

Criminals will try to access accounts with payment details and other valuable data. But if the attacker has already changed your password to in a hacked account, don’t panic. You may still be able to restore your account through the “forgot your password” function.

4. Check your email settings

If your email account has been pwned, criminals can set it to automatically forward your messages to the attacker and to send malware, phishing scams, or spam. So check your settings and see if you find anything alarming.

You might also want to send an email to your contacts or post on social media that your email has been pwned, to warn against opening any attachments sent by you. This can save your contacts from being infected by malware.

How can you protect your email from being pwned?

Dealing with a compromised email address is possible, but the best course of action is to never let it happen in the first place. And you can cut that risk significantly by following these simple steps:

1. Pay attention to the sender addresses of emails and SMS messages; don’t fall for phishing or smishing

2. Be cautious when you open files, links, or install programs. Your bank or authorities don’t ask you to authenticate information online. Most likely you didn’t win a lottery prize either, and the “hot singles in your area” would probably use other methods to contact you

3. Enabling two-factor authentication is essential in protecting your online accounts. That’s why many banks and service providers use it. Follow their example when possible

4. Set your email address under 24/7 breach monitoring, and you’ll get alerts when a data breach including your personal information has occurred. This gives you time to change the password before anyone can get into your account

5. And finally, always use unique passwords.

You can create unique passwords for free with F-Secure Strong Password Generator. Get a password manager, and you can then save all these passwords securely. This way they are always with you, and you can copy paste or autofill them when needed. It’s easier, safer, and faster.

F-Secure Total – Full online protection

F-Secure Total online security package helps you protect your online accounts. It blocks viruses and phishing sites, makes your browsing secure and private with a VPN, and includes a password manager. It also alerts you of new data breaches that threaten your security.

You can try Total for free, with no credit card required. 



Luciano Mondragon

28.09.22 5 min. read


Related posts


Newsletter modal

Thank you for your interest towards F-Secure newsletter. You will shortly get an email to confirm the subscription.

Gated Content modal

Congratulations – You can now access the content by clicking the button below.