How to tell if your online accounts have been hacked

More and more hackers are targeting regular people with the goal of stealing their crypto, perhaps getting into their bank accounts or simply stalking them. These types of attacks are still relatively rare, so there’s no need for alarm. But it’s important to know what you can do to protect yourself if you suspect someone got into your email or social media account.

A few years ago, I wrote a guide to help people protect themselves, and understand that most of the companies you have an account with already offer you tools to take control of your accounts’ security, even before you contact them for help, which in some cases you still should do.

Here we break down what you can do on several different online services.

Just like in the previous guide, there’s an important caveat. You should know that these methods don’t guarantee that you haven’t been compromised. If you still aren’t sure, you should contact a professional, especially if you are a journalist, a dissident or activist, or otherwise someone who has a higher risk of being targeted. In those cases, the nonprofit Access Now has a digital security helpline that will connect you to one of their experts.

Another caveat, if you don’t do this already, you should enable multi-factor authentication on all your accounts, or at least the most important ones (email, banking, social media). This directory is a great resource that teaches you how to enable multi-factor authentication on more than 1,000 websites. (Note that you don’t have to use the multi-factor app promoted on that site, there are plenty of other alternatives.)

Increasingly some online services offer the use of a physical security key or a passkey stored in your password manager, which is one of the highest safeguards to prevent account intrusions that rely on password-stealing malware or phishing.

Gmail lists all the places your account is active

The first thing you should do if you suspect someone has broken into your Gmail account (and by extension all the other Google services linked to it) is to scroll all the way down in your inbox until you see “Last account activity” in the bottom right corner.

Click on “Details.” You will then see a pop-up window that looks like this:

A list of recent account activity on Google's account page, including IP addresses and browser types.
A list of recent account activity on Google's account page.

These are all the places where your Google account is active. If you don’t recognize one of them, for example if it comes from a different location, like a country you haven’t visited recently or have never been, then click on “Security Checkup.” Here you can see on which devices your Google account is active.

Google's Security Checkup Page, including a view that shows "where you're signed in."
Google's Security Checkup Page, including a view that shows "where you're signed in."

If you scroll down, you can also see “Recent security activity.”

a screenshot of recent security activity on Google's Security Checkup Page
Recent security activity on Google's Security Checkup Page.

Check this list to see if there are any devices that you don’t recognize. If in any of these places above you see something suspicious, click on “See unfamiliar activity?” and change your password:

a dialog window that says "Let's secure your account," which lets the user change their password.
Changing your Google account password.

After you change your password, as Google explains here, you will be signed out of every device in every location, except on the “devices you use to verify that it's you when you sign in,” and some devices with third-party apps that you've granted account access to. If you want to sign out there too, go to this Google Support page and click on the link to “View the apps and services with third-party access.”

a screenshot showing a Google help page describing common questions about account access.
Removing third-party access to your Google account.

Finally, we also suggest considering turning on Google's Advanced Protection on your account. This enhanced security protection makes phishing your password and hacking into your Google account even harder. The drawback is that you need to purchase security keys, hardware devices that serve as a second-factor. But we think this method is important and a must-use for people who are at a higher risk.

Also, remember that your email account is likely linked to all your other important accounts, so getting into it could turn out to be the first step into hacking into other accounts. That’s why securing your email account is more important than virtually any other account.

Outlook and Microsoft logins are in the account settings

If you are concerned about hackers having accessed your Microsoft Outlook account, you can check “when and where you’ve signed in,” as Microsoft puts it in the account settings.

To go to that page, go to your Microsoft Account, click on Security on the left-hand menu, and then under “Sign-in activity" go to “View my activity.”

a sign-in activity checker window for MIcrosoft accounts.
Checking recent sign-in activity on your Microsoft account.

At this point, you should see a page that shows recent logins, which platform and device was used to log in, the type of browser and the IP address.

a screenshot showing recent activity, including device, platform and approximate location of the user
Checking recent activity on your Microsoft account.

If something looks off, click on “Learn how to make your account more secure,” where you can change your password, check "how to recover a hacked or compromised account" and more.

Microsoft also has a support portal with information on the Recent activity page.

As we noted above, your email account is the cornerstone of your online security, given that it’s likely that most of your important accounts — think social media, bank and healthcare provider, etc. — are linked to it. It’s a popular target for hackers who want to then compromise other accounts.

Keep your LinkedIn account locked down

LinkedIn has a support page detailing the steps you can follow to check if your account is logged into a device or location on the web, iOS and Android that you don’t recognize.

LinkedIn has a specific page on its website where you can check the places where you are logged in.

a screenshot showing active sessions of all logged-in LinkedIn accounts, including a button that says "end these sessions" to log everyone out.
A screenshot showing all the places where your LinkedIn account is logged in around the web.

If you don’t recognize one of those sessions, click on “End” to log out of that particular session, and enter your password when prompted. If you click on “End these sessions,” you will be logged out of all the devices other than the device that you are using.

On iOS and Android, the process is the same. In the LinkedIn app, tap on your profile picture on the top, tap on “Settings,” then “Sign in & Security,” then “Where you’re signed in.” At that point you will see a page that is essentially identical to the one you can see on the web.

LinkedIn also has a security feature that requires you to confirm on your app if someone tries to log into another device.

a push notiifcation on an iPhone requesting attention to a LinkedIn sign-in request
A sign-in request notification on a LinkedIn account set up on an iPhone.

If you tap on the sign-in request notification, you will see a page that asks you to confirm that it was you who just attempted to login. There you can confirm the log in, or block the attempt.

A LinkedIn message detailing a sign-in request from another device.
A LinkedIn message detailing a sign-in request from another device.

Yahoo offers email tools to help

Like other email providers, Yahoo (which owns TechCrunch) also offers a tool to check your account and sign-in activity with the goal of allowing you to see any unusual activity that could be a sign of compromise.

To access this tool, go to your Yahoo My Account Overview or click on the icon with your initial next to the email icon on the top right corner, and click on “Manage your account.”

a screenshot showing recent activity, including device, platform and approximate location of the user
Accessing your Yahoo account information.

Once there, click on “Review recent activity.” On this page you will be able to see recent activity on your account, including password changes, phone numbers added and which devices are connected to your account, as well as their corresponding IP addresses.

a recent activity window for Yahoo account users, which includes a log of recent account actions, such as password changes.
Checking recent account activity on your Yahoo account.
another screenshot showing Yahoo account activity, including browser version, location and sign-in history
Checking recent account activity on your Yahoo account.

Given that it is likely that you have linked your email address to sensitive websites like your bank, your social media accounts and healthcare portals, among others, you should make an extra effort to secure it.

Ensure your Apple ID is safe

Apple allows you to check which devices your Apple ID is logged in directly through the iPhone and Mac system settings, as the company explains here.

On an iPhone or iPad, go to "Settings," tap your name, and scroll down to see all the devices that you are signed in on.

a screenshot on an iPhone showing all the logged in devices on an Apple account.
A screenshot on an iPhone showing all the logged-in devices on an Apple account.

On a Mac, click on the Apple logo on the top left corner, then "System Settings," then click on your name, and you will also see a list of devices, just like on an iPhone or iPad.

A screenshot on a Mac showing all the logged in devices on an Apple account.
A screenshot on a Mac showing all the logged-in devices on an Apple account.

If you click on any device, Apple says, you will be able to “view that device's information, such as the device model, serial number" and operating system version.

On Windows, you can use Apple's iCloud app to check which devices are logged into your account. Open the app, and click on "Manage Apple ID." There you can view the devices and get more information on them.

Finally, you can also get this information through the web, going to your Apple ID account page, then clicking on "Devices" in the left hand menu.

A screenshot on a browser view showing all the logged in devices on an Apple account.
A screenshot on a browser view showing all the logged-in devices on an Apple account.

How to check Facebook and Instagram security

The social networking giant offers a feature that lets you see where your account is logged in. Head to Facebook’s "Password and Security" settings and click on “Where you’re logged in.”

a screenshot of a logged-in Facebook account Account login activity showing recently and all signed in devices attached to that account.
Account login activity for a Facebook account.

In the same interface you can also see where you are logged in with your Instagram account, provided it’s linked to your Facebook account. If the accounts are not linked, or you just don’t have a Facebook account, go to Instagram's “Account Center” to manage your Instagram account and click on Password and Security, and then “Where you’re logged in.”

Here you can choose to log out from specific devices, perhaps because you don’t recognize them, or because they are old devices you don’t use anymore.

Just like Google, Facebook offers an Advanced Protection feature as well as for Instagram, which essentially makes it harder for malicious hackers to log onto your account. “We’ll apply stricter rules at login to reduce the chances of unauthorized access to your account,” the company explains. “If we see anything unusual about a login to your account, we’ll ask you to complete extra steps to confirm it’s really you.”

If you are a journalist, a politician or otherwise someone who is more likely at risk to be targeted by hackers, you may want to switch on this feature.

It's easy to see whether your WhatsApp is safe

In the past, it was only possible to use WhatsApp on one mobile device only. Now, Meta has added functionalities for WhatsApp users to use the app on computers, and also directly via browser.

Checking where you logged in with your WhatsApp account is simple. Open the WhatsApp app on your mobile phone. On iPhones and iPads, tap on the Settings icon in the bottom right corner, then tap on “Linked devices.”

There, you will be able to see a list of devices, and by clicking on one of them you can log them out.

a screenshot showing all the linked devices attached to this WhatsApp account
Checking linked devices on a WhatsApp account.
another screenshot showing the linked devices attached to this WhatsApp account
Checking linked devices on a WhatsApp account.

On Android, tap on the three dots in the top-right corner of the WhatsApp app, then tap "Linked devices" and you will see a page that’s very similar to what you would see on Apple devices.

Signal also lets you check for anomalies

Like WhatsApp, Signal now lets you use the app via dedicated Desktop apps for macOS, Windows, as well as Linux.

a screenshot on an iPhone showing all the linked devices attached to this Signal account
Looking for linked devices attached to a Signal account.

From this screen of Linked Devices, you can tap on “Edit” and remove the devices, which means your account will be logged out and unlinked from those devices.

X (Twitter) lets you see what sessions are open

To see where you are logged into X (formerly Twitter), go to X Settings, then click on “More” on the left-hand menu, click on “Settings and privacy,” then “Security and account access” and finally “Apps and sessions.”

From this menu, you can see which apps you have connected to your X account, what sessions are open (such as where you are logged in) and the access history of your account.

You can revoke access to all other devices and locations by hitting the "Log out of all other sessions" button.

a screenshot showing all the logged in sessions on an X account from the web interface
Looking at the logged-in sessions on an X account.
a screenshot showing all the account access history on an X account from the web interface
Looking at the account access history on an X account.

Securing your Snap account

Snap has a feature that allows you to check where you are logged in. A Snapchat support page details the steps you can follow to check. You can use both the app on iOS and Android, or Snapchat's website.

On iOS and Android, open the app, tap on your profile icon, then the settings (gear) icon, then tap on “Session Management.” At that point you will be able to see a list of sessions your account is logged into. It looks like this:

a screenshot user session management in Snapchat's iOS app, showing all the places where users are logged in
Snap's session management feature found in the iOS app.

On the web, go to Snapchat Accounts, then click on “Session Management.” There you will see a list of logged-in sessions that looks essentially the same as the image above. Both on the web and in the app, you can log out of sessions that seem suspicious or you don’t recognize.

Snapchat also has a security feature that alerts you on your phone when someone is logging into your account, whether it’s you or a would-be intruder.

a screenshot showing sign-in request notification on a Snap account set up on an iPhone.
A sign-in request notification on a Snap account set up on an iPhone.

TechCrunch tested this sign-in flow on different devices. The notification above may not display if you log back into a device you had already logged into. But if Snapchat thinks a login is “suspicious” — perhaps because the person logging in is using a different device or IP address — the app will show whoever is attempting to log in a new screen asking them to verify the phone number associated with the account, showing only the last four digits.

If the person attempting the login then taps “Continue,” the account owner will receive a text message on their phone number with a code, which prevents the other person from logging in.

However, you will only get this alert after the person has entered your correct password. That's all the more reason to make sure you use a long and unique password, which makes passwords harder to guess, and enable multi-factor authentication with an authenticator app, rather than your phone number.

First published on July 14, 2024 and updated on August 26, 2024 to include Snap and LinkedIn.

Advertisement