Recover from hacked online gaming account

Lots of money moves around in popular online games and they have become a profitable target for cyber criminals. When your online gaming account is compromised it is critical that you act fast.

We want to better understand the impact of you experiencing this issue, can you share your experience by filling in this online form? This will help us better protect future victims.

Hacked online gaming account - Do this first!

  1. Change your password - If you can still log into your account then follow the usual process to reset your password. Make this a strong password that you have never used before.

  2. Turn on two-factor authentication - With the rise in premium currency in games many online accounts are now targeted by hackers. Almost all good gaming accounts now give you the option to turn on two-factor authentication - Steam Guard is a good example of this. Turn this on now. This site will help you understand what it is and tell you how to turn it on.

  3. Change your log in details to other sites that use the same - or similar - username and password - Any other online accounts with the same or similar log in details need to be changed immediately. It is highly likely that a cyber criminal will check other popular sites as soon as they get into your gaming account.

  4. Report the unauthorised access to the gaming provider - Let the provider know your account was hacked and they will follow an evidence preservation procedure at their end. Useful if you need it in a legal case later.

Approaches to dealing with a hacked online gaming account

Follow these steps now you have changed your password and turned on two-factor authentication:

  1. Check your account security settings - Go into your accounts settings and find the security settings area. Check what devices and apps are connected and disconnect any you don’t recognise. Check recent log ins and screenshot the information of unauthorised log ins - most provide time, date, IP address, browser type and device type.

  2. Scan your devices for malware - There are a number of ways the perpetrator may have got your log in details - from a past breach (you can check known breaches here), guessed it, seen you type it in or you may have told them in the past. However, they could also have malicious software on one of your devices that gives them access to what you type into websites. Scan all of the devices you use to access your account with an anti-virus solution and remove any malware.

  3. Check your account activity & settings - Try to gain a picture of what the cyber criminal did when they had access to your account. Check your purchase history, download history and any other in game activity.

  4. Set up a recovery email - If you haven’t already set up a recovery email or phone number go to your settings and do this now. If you get hacked in future and get locked out of your account this will give you a way back in.

  5. Think about the repercussions of someone having access to the data in your account - Review what information is in your account and use it to make changes to limit what the criminal can do with it. For example the content of any private chats may expose personal data about you or others.

  6. Warn others that your account was compromised - If people in your gaming contacts were communicated with by the hacker then let them know it wasn’t you and tell them they should look at their own security. They may have copied your contacts and plan to target them, so letting your contacts know is good practice.

  7. If you are completely locked out - If you have been completely locked out of your account then follow the providers account recovery process. If you have not set up the recovery process before you may need to raise a case with the provider and work to prove that you own the account.

Link to online gaming provider guidance

The following takes you to information and guides provided directly by popular gaming account providers: Steam, EA, Pokemon Go, Epic Games (Fortnite), XBOX One (Microsoft), Playstation Network and Minecraft.

Report the crime

If you are in England, Wales or Northern Ireland you should report all cyber crime to Action Fraud. In Scotland, you can see details of reporting to Police Scotland here.

How do I stop my online gaming accounts being hacked again?

  1. Do not try and sell your gaming accounts - often criminals will offer to buy your account from you. However, more often than not they trick you into giving them access to the account, change the passwords and never pay you any money.

  2. Get good at passwords - Use strong passwords, use different passwords on each site, never share them and change them regularly. Use a password manager app to help you do this. See some good guidance here.

  3. Commit to two-factor authentication - Two-factor is a way to improve your security drastically in one easy step. Use it on every site that offers it. You can get more information here.

  4. Be careful clicking or downloading - Tricking you to share your password by sending you trick emails or texts is a really common way to have your passwords stolen. As is downloading attachments in email that contain malicious software. Be extremely careful when clicking online links or opening/downloading online attachments.

  5. Get secure - Take time to improve your general online security. Use sites like Get Safe Online and Cyber Aware to understand what good security looks like and make changes.

Donate

To help people like you we rely 100% on donations from people like you.

Without donations we cannot keep our service free and provide help to the most vulnerable victims of cyber crime when they need it most. As a not-for-profit organisation, 100% of your donation goes towards keeping The Cyber Helpline up and running - so 100% goes towards helping people like you. Donate now and help us support victims of cyber crime. 

To help people like you we rely 100% on donations from people like you.