Close Menu

How to tell if your online accounts have been hacked

TechBrunchBy 15 Mins Read


More and more hackers are targeting regular people with the goal of breaking into their bank accounts, stealing their crypto, or simply stalking them. These types of attacks are still relatively rare, so there’s no need for alarm. But it’s important to know what you can do to protect yourself if you suspect someone accessed your email, social media account, chat apps, or any other major service and platform.

A few years ago, I wrote a guide to help people protect themselves, and understand that most of the companies you have an account with already offer you tools to take control of your accounts’ security, even before you contact them for help, which in some cases you still should do. 

Here we break down what you can do on several different online services, including Gmail (and more broadly a Google account), Facebook, Apple ID, and more. And come back often because this is a regularly updated resource, both in terms of making sure the instructions for each individual service or platform are up to date, as well as to add new ones. 

Just like in the previous guide, there’s an important caveat. You should know that these methods don’t guarantee that you haven’t been compromised. 

If you still aren’t sure, you should contact a professional, especially if you are a journalist, a dissident or activist, or otherwise someone who has a higher risk of being targeted, such as a person in an abusive relationship. In those cases, the non-profit Access Now has a digital security helpline that will connect you to one of their experts.

Another caveat: If you haven’t already, you should enable multi-factor authentication on all your accounts, or at least the most important ones (email, banking, social media). This directory of websites that use MFA (or 2FA) is a great resource that teaches you how to enable multi-factor authentication on more than 1,000 websites. (Note that you don’t have to use the multi-factor app promoted on that site, there are plenty of other alternatives.) 

Increasingly some online services offer the use of a physical security key or a passkey stored in your password manager, which is one of the highest safeguards to prevent account intrusions that rely on password-stealing malware or phishing.

Explore below, or skip directly to the section of your choice.

Gmail lists all the places your account is active

The first thing you should do if you suspect someone has broken into your Gmail account (and by extension all the other Google services linked to it) is to scroll all the way down in your inbox until you see “Last account activity” in the bottom right corner.

Click on “Details.” You will then see a pop-up window that looks like this: 

A list of recent account activity on Google's account page, including IP addresses and browser types.Image Credits:TechCrunch

These are all the places where your Google account is active. If you don’t recognize one of them, for example if it comes from a different location, like a country you haven’t visited recently or have never been, then click on “Security Checkup.” Here you can see on which devices your Google account is active.   

Google's Security Checkup Page, including a view that shows "where you're signed in."Image Credits:TechCrunch

If you scroll down, you can also see “Recent security activity.”

a screenshot of recent security activity on Google's Security Checkup PageImage Credits:TechCrunch

Check this list to see if there are any devices that you don’t recognize. If in any of these places above you see something suspicious, click on “See unfamiliar activity?” and change your password:

a dialog window that says "Let's secure your account," which lets the user change their password.Image Credits:TechCrunch

After you change your password, as Google explains here, you will be signed out of every device in every location, except on the “devices you use to verify that it’s you when you sign in,” and some devices with third-party apps that you’ve granted account access to. If you want to sign out there too, go to this Google Support page and click on the link to “View the apps and services with third-party access.”

a screenshot showing a Google help page describing common questions about account access.Image Credits:TechCrunch

Finally, we also suggest considering turning on Google’s Advanced Protection on your account. This enhanced security protection makes phishing your password and hacking into your Google account even harder. The drawback is that you need to purchase security keys, hardware devices that serve as a second-factor. But we think this method is important and a must-use for people who are at a higher risk. 

Also, remember that your email account is likely linked to all your other important accounts, so getting into it could turn out to be the first step into hacking into other accounts. That’s why securing your email account is more important than virtually any other account.

Outlook and Microsoft logins are in the account settings

If you are concerned about hackers having accessed your Microsoft Outlook account, you can check “when and where you’ve signed in,” as Microsoft puts it in the account settings.

To go to that page, go to your Microsoft Account, click on Security on the left-hand menu, and then under “Sign-in activity” go to “View my activity.” 

a sign-in activity checker window for MIcrosoft accounts.Image Credits:TechCrunch

At this point, you should see a page that shows recent logins, which platform and device was used to log in, the type of browser and the IP address.  

a screenshot showing recent activity, including device, platform and approximate location of the userImage Credits:TechCrunch

If something looks off, click on “Learn how to make your account more secure,” where you can change your password, check “how to recover a hacked or compromised account” and more.  

Microsoft also has a support portal with information on the Recent activity page.

As we noted above, your email account is the cornerstone of your online security, given that it’s likely that most of your important accounts — think social media, bank and healthcare provider, etc. — are linked to it. It’s a popular target for hackers who want to then compromise other accounts. 

Keep your LinkedIn account locked down

LinkedIn has a support page detailing the steps you can follow to check if your account is logged into a device or location on the web, iOS and Android that you don’t recognize. 

LinkedIn has a specific page on its website where you can check the places where you are logged in.

a screenshot showing active sessions of all logged-in LinkedIn accounts, including a button that says "end these sessions" to log everyone out.Image Credits:TechCrunch

If you don’t recognize one of those sessions, click on “End” to log out of that particular session, and enter your password when prompted. If you click on “End these sessions,” you will be logged out of all the devices other than the device that you are using. 

On iOS and Android, the process is the same. In the LinkedIn app, tap on your profile picture on the top, tap on “Settings,” then “Sign in & Security,” then “Where you’re signed in.” At that point you will see a page that is essentially identical to the one you can see on the web. 

LinkedIn also has a security feature that requires you to confirm on your app if someone tries to log into another device. 

a push notiifcation on an iPhone requesting attention to a LinkedIn sign-in requestImage Credits:TechCrunch

If you tap on the sign-in request notification, you will see a page that asks you to confirm that it was you who just attempted to login. There you can confirm the log in, or block the attempt. 

a screenshot of a LinkedIn sign-in request, asking if it's "yes, it's me" or "no, it's not me"Image Credits:TechCrunch

Yahoo offers email tools to help

Like other email providers, Yahoo (which owns TechCrunch) also offers a tool to check your account and sign-in activity with the goal of allowing you to see any unusual activity that could be a sign of compromise. 

To access this tool, go to your Yahoo My Account Overview or click on the icon with your initial next to the email icon on the top right corner, and click on “Manage your account.” 

a screenshot showing recent activity, including device, platform and approximate location of the userImage Credits:TechCrunch

Once there, click on “Review recent activity.” On this page you will be able to see recent activity on your account, including password changes, phone numbers added and which devices are connected to your account, as well as their corresponding IP addresses. 

a recent activity window for Yahoo account users, which includes a log of recent account actions, such as password changes.Image Credits:TechCrunch

another screenshot showing Yahoo account activity, including browser version, location and sign-in historyImage Credits:TechCrunch

Given that it is likely that you have linked your email address to sensitive websites like your bank, your social media accounts and healthcare portals, among others, you should make an extra effort to secure it. 

Ensure your Apple Account is safe

Apple allows you to check which devices your Apple Account (formerly Apple ID) is logged in directly through the iPhone and Mac system settings, as the company explains here. 

On an iPhone or iPad, go to “Settings,” tap your name, and scroll down to see all the devices that you are signed in on. 

a screenshot on an iPhone showing all the logged in devices on an Apple account. Image Credits:Apple

On a Mac, click on the Apple logo on the top left corner, then “System Settings,” then click on your name, and you will also see a list of devices, just like on an iPhone or iPad. 

A screenshot on a Mac showing all the logged in devices on an Apple account. Image Credits:Apple

If you click on any device, Apple says, you will be able to “view that device’s information, such as the device model, serial number” and operating system version.

On Windows, you can use Apple’s iCloud app to check which devices are logged into your account. Open the app, and click on “Manage Apple Account” There you can view the devices and get more information on them.

A screenshot on a browser view showing all the logged in devices on an Apple account. Image Credits:Apple

Finally, you can also get this information through the web, going to your Apple ID account page, then clicking on “Devices” in the left-hand menu. 

How to check Facebook and Instagram security

The social networking giant offers a feature that lets you see where your account is logged in. Head to Facebook’s “Password and Security” settings and click on “Where you’re logged in.” 

a screenshot of a logged-in Facebook account Account login activity showing recently and all signed in devices attached to that account.Image Credits:TechCrunch

In the same interface you can also see where you are logged in with your Instagram account, provided it’s linked to your Facebook account. If the accounts are not linked, or you just don’t have a Facebook account, go to Instagram’s “Account Center” to manage your Instagram account and click on Password and Security, and then “Where you’re logged in.” 

Here you can choose to log out from specific devices, perhaps because you don’t recognize them, or because they are old devices you don’t use anymore. 

Just like Google, Facebook offers an Advanced Protection feature as well as for Instagram, which essentially makes it harder for malicious hackers to log onto your account. “We’ll apply stricter rules at login to reduce the chances of unauthorized access to your account,” the company explains. “If we see anything unusual about a login to your account, we’ll ask you to complete extra steps to confirm it’s really you.” 

If you are a journalist, a politician or otherwise someone who is more likely at risk to be targeted by hackers, you may want to switch on this feature. 

It’s easy to see whether your WhatsApp is safe

In the past, it was only possible to use WhatsApp on one mobile device only. Now, Meta has added functionalities for WhatsApp users to use the app on computers, and also directly via browser. 

Checking where you logged in with your WhatsApp account is simple. Open the WhatsApp app on your mobile phone. On iPhones and iPads, tap on the Settings icon in the bottom right corner, then tap on “Linked devices.” 

There, you will be able to see a list of devices, and by clicking on one of them you can log them out. 

a screenshot showing all the linked devices attached to this WhatsApp accountImage Credits:TechCrunch

another screenshot showing the linked devices attached to this WhatsApp accountImage Credits:TechCrunch

On Android, tap on the three dots in the top-right corner of the WhatsApp app, then tap “Linked devices” and you will see a page that’s very similar to what you would see on Apple devices.

Signal also lets you check for anomalies

Like WhatsApp, Signal now lets you use the app via dedicated Desktop apps for macOS, Windows, as well as Linux. 

a screenshot on an iPhone showing all the linked devices attached to this Signal accountImage Credits:TechCrunch

From this screen of Linked Devices, you can tap on “Edit” and remove the devices, which means your account will be logged out and unlinked from those devices. 

X (Twitter) lets you see what sessions are open

To see where you are logged into X (formerly Twitter), go to X Settings, then click on “More” on the left-hand menu, click on “Settings and privacy,” then “Security and account access” and finally “Apps and sessions.”

From this menu, you can see which apps you have connected to your X account, what sessions are open (such as where you are logged in) and the access history of your account. 

You can revoke access to all other devices and locations by hitting the “Log out of all other sessions” button.

a screenshot showing all the logged in sessions on an X account from the web interfaceImage Credits:TechCrunch

a screenshot showing all the account access history on an X account from the web interface

Securing your Snap account

Snap has a feature that allows you to check where you are logged in. A Snapchat support page details the steps you can follow to check. You can use both the app on iOS and Android, or Snapchat’s website. 

On iOS and Android, open the app, tap on your profile icon, then the settings (gear) icon, then tap on “Session Management.” At that point you will be able to see a list of sessions your account is logged into. It looks like this:

a screenshot user session management in Snapchat's iOS app, showing all the places where users are logged inImage Credits:TechCrunch

On the web, go to Snapchat Accounts, then click on “Session Management.” There you will see a list of logged-in sessions that looks essentially the same as the image above. Both on the web and in the app, you can log out of sessions that seem suspicious or you don’t recognize. 

Snapchat also has a security feature that alerts you on your phone when someone is logging into your account, whether it’s you or a would-be intruder. 

a screenshot showing sign-in request notification on a Snap account set up on an iPhone.Image Credits:TechCrunch

TechCrunch tested this sign-in flow on different devices. The notification above may not display if you log back into a device you had already logged into. But if Snapchat thinks a login is “suspicious” — perhaps because the person logging in is using a different device or IP address — the app will show whoever is attempting to log in a new screen asking them to verify the phone number associated with the account, showing only the last four digits.

If the person attempting the login then taps “Continue,” the account owner will receive a text message on their phone number with a code, which prevents the other person from logging in. 

However, you will only get this alert after the person has entered your correct password. That’s all the more reason to make sure you use a long and unique password, which makes passwords harder to guess, and enable multi-factor authentication with an authenticator app, rather than your phone number. 

Discord lets you see which apps and devices have access to your account

Discord went from being a somewhat niche chat app for video game players to a key platform used by major crypto organizations and companies, as well as by pretty much anyone who wants a nimble and highly customizable group chat about any topic or community you can imagine. Given how popular Discord is, its users can be prime targets for hackers. 

To check where your account is logged in, and see if there’s anything suspicious there, click on the gear icon next to your Discord username on the bottom left part of the app, which opens User Settings. 

a screenshot showing Lorenzo's username in Discord, with a cog button for settingsImage Credits:TechCrunch

Then click on Devices, which will be displayed on the left-hand menu, under User Settings. This will open a screen listing all the devices where your Discord account is logged in. 

a screenshot showing the Devices tab settings in Discord, which reads: "Here are all the devices that are currently logged in with your Discord."Image Credits:TechCrunch

If you don’t recognize one of these devices, click on the X icon, or Log Out All Known Devices if you don’t recognize one or any of them. 

If you have multi-factor authentication enabled for Discord (and you should!), you will be prompted to enter the code created by your preferred multi-factor authentication app. 

Once you do that, the device will be removed and your account will be logged out from there.

You may also want to check Authorized App, just above Devices in the left-hand menu. This shows all the apps that you linked to your Discord account, as well as what level of access they have to your account, such as accessing your Discord username, avatar, and others. There’s nothing wrong with having authorized apps, but perhaps there’s an app here you don’t recognize, or you don’t need anymore. If that’s the case, click on Deauthorize.

a screenshot from Discord's authorized apps settings window, which reads: "Here's all the apps that are doing super cool things to make your Discord experience super cooler."Image Credits:TechCrunch / Getty Images

Since you are here, also check Connections, just below Devices in the left-hand menu. This shows what other accounts, such as from services like BlueSky, Reddit, or Spotify, are linked to your Discord account. 

the Connections settings tab in Discord, which lets you connect your account to other services and offerings.Image Credits:TechCrunch

Then you can click the X next to your external app account to disconnect it, if you want. 

Telegram lets you see all active sessions

Telegram is one of the most popular chat apps in the world, and is used in very sensitive contexts like the war in Ukraine. But even if you are just someone using it to chat with friends, you should check where you’re logged in. 

To do that, click on Settings, then on Active Sessions on the left-hand menu.

a screenshot of Telegram's settings menu on its desktop app, which includes details on all Telegram active sessions associated with that account.Image Credits:TechCrunch

If you are concerned about anything here, click on “Terminate all other sessions,” which will let you stay logged in where you are, but logs you out everywhere else. Otherwise, if you want to remove just one session, click on it, and then click on Terminate Session.  

a screenshot from Telegram on iPhone, which has settings to enable secret chats and incoming calls.Image Credits:TechCrunxch

Telegram also offers you the option to automatically log you out and terminate old sessions after a certain amount of time of your choosing, such as after one week, one month, three months, or the default of six months. 

First published on July 14, 2024, and updated to include Discord and Telegram.





Source link

Share.

Related Posts

Leave A Reply