Hacked? A Calm Recovery Plan for Your Game Account
Short answer: don't panic, and don't start with the game account. Secure the email attached to it first, because whoever controls your inbox can reset everything else. Once your email is locked down, run the official recovery flow for the platform, kick out unknown sessions and linked apps, then harden everything so it can't happen twice. Here's the order to do it in.
Take a breath. Almost every hijacked account is recoverable. Platforms deal with this constantly and have processes built for it. Moving in the right order is what gets you back fastest.
Step 1 — Secure your email first
Your email is the master key to every account tied to it. If the attacker reached your game account through your inbox, fixing the game account alone is pointless — they'll just reset it again. So start here:
- Try to log in to your email. If your password still works, change it immediately to a new, unique one. Generate a strong password and save it in a manager.
- If you're locked out, use your email provider's account-recovery process right away.
- Turn on two-factor authentication for the email account — an authenticator app or hardware key, not SMS if you can avoid it.
- Check the email's security settings for unfamiliar recovery phone numbers, forwarding rules, or alternate addresses the attacker may have added, and remove them.
Only once your inbox is genuinely yours again should you move to the game account.
Step 2 — Reclaim the game account
If you can still log in, change the password now and enable 2FA. If you're already locked out — the attacker changed the email and password — use the platform's official recovery flow. Always start from the platform's real website or app, never a link someone sent you.
Steam
Use Steam's "I can't sign in" help flow. Steam Support can restore access using proof of ownership such as purchase history, CD keys, and billing details. Once back in, deauthorise other devices, revoke the Steam Guard mobile authenticator if it was hijacked, and re-secure it.
Epic Games / Fortnite
Reset your password from Epic's site, then contact Epic Player Support if the email was changed. Have your original email, console sign-in details, and any purchase receipts ready. Re-enable two-factor authentication afterward.
Riot Games (League / Valorant)
Use Riot's account-recovery page. If the email was swapped, Riot Support can verify ownership through past payment details and account history. Turn on Riot's two-factor login once you're back.
Xbox / Microsoft account
Xbox sign-in is a Microsoft account, so recover it through Microsoft's account-recovery form. This may ask security questions, send a code to a backup contact method, or have you complete the detailed recovery form. Then review linked devices and security info.
PlayStation Network (PSN)
Use Sony's "Forgot your password" flow, or contact PlayStation Support if the sign-in ID (email) was changed. Have your account's date of birth, sign-in details, and any purchase records on hand. Re-enable 2-step verification afterward.
Proving ownership: whichever platform you're dealing with, gather these before you start — purchase receipts, the original email address, partial payment-card numbers, CD keys, and the rough account creation date. They're what support teams use to confirm you're the real owner.
Step 3 — Evict the attacker completely
Getting back in isn't enough; you have to make sure they're out and can't drift back in:
- Sign out all sessions / devices. Most platforms have a "log out everywhere" option — use it.
- Review authorised apps and connections. Remove anything you don't recognise, especially third-party apps linked to Discord, Steam, or your platform account.
- Check linked accounts and payment methods. Remove unfamiliar linked logins and confirm no new payment method was added.
- Look for changed profile details — recovery email, phone number, security questions — and reset them to yours.
Step 4 — Deal with the fallout
- Contact support about fraudulent purchases. If the attacker spent money or traded away items, report it; platforms can sometimes reverse charges or restore items.
- Warn your friends. Hijacked accounts are used to scam friends with "check out this game" or "lend me money" messages. A quick heads-up stops the chain.
- Change the password anywhere you reused it. If this password was on other accounts, those are now at risk too. This is exactly why unique passwords per platform matter.
Step 5 — Make sure it never happens again
Recovery is the painful way to learn the lesson, so lock things down properly now:
- Unique, long password on the account and your email. Generate them here — nothing leaves your browser.
- Two-factor authentication on everything, email first.
- A password manager so unique passwords are effortless to keep.
- Healthy suspicion of "free" offers and login links — the scams that started this. See Why Gamers Get Hacked.
You got the account back. Now make it the last time you ever have to.
Frequently asked questions
What should I do first if my game account is hacked?
Secure the email address tied to the account first. If the attacker controls your inbox, they can reset every other password, so reclaiming and locking down your email comes before anything else.
Can I recover an account if the hacker changed the email and password?
Usually yes. Every major platform has an account-recovery process for exactly this situation. Use the official support flow and provide proof of ownership such as purchase receipts, the original email, or billing details.
How do I prove I own a hijacked game account?
Gather purchase receipts, the original email address, partial payment-card details, CD keys, and the approximate creation date. Support teams use these to verify you are the rightful owner.
How do I stop it from happening again?
Set a unique, long password on the account and your email, turn on two-factor authentication everywhere, and remove any unfamiliar linked apps or devices. A password manager makes unique passwords effortless.