How to Check If Your Email Has Been Hacked (Step-by-Step)
How to Check If Your Email Has Been Hacked (Step-by-Step)

Key Takeaways
- Run your address through Have I Been Pwned to see if it surfaced in any known data breaches and what was exposed.
- Check your Gmail activity log or Outlook sign-in history for unfamiliar logins, locations, IP addresses, or access types.
- Review your Sent folder, Trash, forwarding rules, and connected apps for messages or changes you never made.
- Watch for warning signs like unrequested password-reset emails, contacts receiving spam from you, or missing messages.
- If you confirm a breach, change your password immediately, enable two-factor authentication, and audit every connected account.
Something feels off. Maybe you got a password-reset email you never requested. Maybe a colleague mentioned replying to a message you never sent. Or maybe you just can’t log in at all.
If you’re asking yourself “is my email hacked?”—don’t panic, but don’t wait, either. The faster you confirm a breach and act, the less damage an attacker can do. According to IBM’s 2024 Cost of a Data Breach Report, compromised credentials remain the most common initial attack vector, and the average breach takes 292 days to identify and contain. You don’t want to be on that timeline.
This guide walks you through exactly how to check if your email is hacked, step by step, using free tools and built-in features you already have access to. We’ll also cover the warning signs to watch for and what to do the moment you find evidence of a compromise.
Key Takeaways — TL;DR
- Use Have I Been Pwned to see if your email appeared in known data breaches.
- Check your Gmail activity log or Outlook sign-in history for unfamiliar logins.
- Review your Sent folder, email forwarding rules, and connected apps for unauthorized changes.
- Warning signs include password-reset emails you didn’t request, contacts receiving spam from your address, and missing emails.
- If you confirm a breach, change your password immediately, enable two-factor authentication, and review all connected accounts.
Step 1: Check Have I Been Pwned
The fastest way to answer “has my email been compromised?” is to run it through Have I Been Pwned (HIBP), a free service created by security researcher Troy Hunt.
How to use it:
- Go to haveibeenpwned.com.
- Enter your email address in the search bar.
- Click “pwned?”
The tool searches billions of records from known data breaches. If your email appears, you’ll see a list of breaches it was involved in—along with what data was exposed (passwords, phone numbers, IP addresses, etc.).
What to do with the results:
- If your email appears in breaches: Check the dates. If any breach is recent—or if you haven’t changed your password since the breach date—assume your credentials may be in the hands of attackers.
- If your password was exposed: Change it immediately on the breached service and on every other service where you used that same password. Yes, every single one.
- If no breaches appear: Good news, but don’t stop here. HIBP only covers known breaches. Your email could still be compromised through phishing, malware, or a breach that hasn’t been publicly disclosed yet.
As of 2024, Have I Been Pwned contains over 13 billion breached accounts. The odds that your email appears in at least one breach are high—studies suggest roughly 80% of tested email addresses show up in at least one data set.
Step 2: Check Your Gmail Activity Log
If you use Gmail (personal or Google Workspace), Google tracks every login session. This is one of the most reliable ways to perform an email hacked check.
How to check:
- Open Gmail on a desktop browser.
- Scroll to the bottom-right corner of the inbox.
- Click “Details” next to “Last account activity.”
- A window will open showing recent sessions—including access type (browser, mobile, POP3), IP address, and date/time.
What to look for:
- Unfamiliar IP addresses. If you see logins from a country or city you’ve never been to, that’s a red flag.
- Access types you don’t use. If you’ve never set up POP3 or IMAP access but see sessions using those protocols, someone may have configured external access to siphon your email.
- Concurrent sessions. Multiple active sessions you don’t recognize could mean someone is logged in right now.
You can also visit myaccount.google.com/security and review the “Your devices” and “Recent security activity” sections for a broader view of your Google account activity.
Step 3: Check Outlook / Microsoft 365 Sign-In History
For Outlook.com and Microsoft 365 accounts, Microsoft provides a detailed sign-in log.
How to check:
- Go to account.live.com/Activity (or navigate to My Microsoft Account → Security → Sign-in activity).
- Review the list of sign-in attempts, including date, time, location, IP address, platform, and browser.
- Each entry is marked as “Successful” or “Unsuccessful.”
What to look for:
- Successful sign-ins from unknown locations or devices. This is the strongest indicator that someone else has access.
- A cluster of unsuccessful attempts. Multiple failed logins from the same IP may indicate a brute-force attack in progress.
- Sign-ins using “app passwords.” If you see app-specific passwords you didn’t create, an attacker may have generated them to bypass two-factor authentication.
Microsoft also flags logins it considers unusual. If you see any entries labeled “Unusual activity,” investigate immediately.
Step 4: Review Your Sent Folder and Trash
This step is simple but often overlooked. Attackers who gain access to your email frequently use it to send phishing messages, spam, or fraudulent requests to your contacts.
What to check:
- Sent folder: Look for emails you didn’t write. Pay special attention to messages sent to large groups, messages with attachments you don’t recognize, or replies to threads you weren’t part of.
- Trash / Deleted Items: Hackers often delete the evidence. Check for deleted emails you didn’t delete—especially sent messages that were moved to trash to cover tracks.
- Drafts folder: Some attackers use draft emails as a covert communication channel, saving messages without sending them so an accomplice can read them.
If you find messages you didn’t send, your account is compromised. Act immediately—skip ahead to the “What to Do If Your Email Is Hacked” section below.
Step 5: Check Email Forwarding Rules
This is one of the sneakiest tactics attackers use. By setting up a forwarding rule, a hacker can silently receive a copy of every email you get—even after you change your password. If you skip this step, changing your credentials alone won’t stop the breach.
Gmail:
- Click the gear icon → “See all settings.”
- Go to the “Forwarding and POP/IMAP” tab.
- Check whether any forwarding addresses are listed that you didn’t add.
- Also go to “Filters and Blocked Addresses” and look for filters that auto-forward, auto-delete, or auto-archive messages.
Outlook / Microsoft 365:
- Go to Settings → Mail → Forwarding.
- Check if forwarding is enabled and where mail is being sent.
- Also check Rules (Settings → Mail → Rules) for rules that redirect, move, or delete messages.
If you find unauthorized forwarding rules, delete them immediately and change your password right after.
Step 6: Review Connected Apps and Third-Party Access
Over time, you may have granted various apps and services permission to access your email. Attackers can exploit these connections—or add their own—to maintain access even if you change your password.
Gmail:
- Go to myaccount.google.com/permissions.
- Review the list of apps with access to your Google account.
- Remove anything you don’t recognize or no longer use.
Outlook / Microsoft:
- Go to account.live.com/consent/Manage.
- Review and revoke access for any unfamiliar applications.
Be especially cautious about apps with full mailbox access or send-on-behalf permissions. These can read, send, and delete your email without you seeing any sign of it in your normal login activity.
Warning Signs Your Email May Be Hacked
Not sure whether you need to run through these steps? Here are the most common red flags that indicate your email may have been compromised:
- Password-reset emails you didn’t request — for your email account or other services linked to it.
- You can’t log in — your password no longer works, and you didn’t change it.
- Contacts tell you they received strange emails from you — phishing links, requests for money, or spam.
- Emails are disappearing — messages are being read, deleted, or moved without your involvement.
- New rules, filters, or forwarding addresses you didn’t create.
- Unfamiliar devices or sessions in your account’s security dashboard.
- Account recovery options changed — a new phone number or backup email you don’t recognize.
- Notifications about sign-ins from new locations.
If you recognize even one of these, don’t wait. Run through the steps above now. For a deeper dive into these indicators, check out our related post on 7 Signs Your Email Has Been Hacked.
What to Do Immediately If Your Email Is Hacked
If any of the steps above confirmed unauthorized access, take these actions in order:
- Change your password immediately. Use a strong, unique password—at least 16 characters with a mix of letters, numbers, and symbols. Don’t reuse a password from another service.
- Enable two-factor authentication (2FA). Use an authenticator app (like Google Authenticator or Microsoft Authenticator) rather than SMS whenever possible.
- Remove unauthorized forwarding rules and filters. As covered in Step 5.
- Revoke access for unfamiliar connected apps. As covered in Step 6.
- Check and update your recovery options. Make sure your backup email and phone number haven’t been changed to the attacker’s.
- Scan your devices for malware. If your credentials were stolen by a keylogger or infostealer, changing your password won’t help until the malware is removed.
- Notify your contacts. Let them know your account was compromised so they don’t fall for phishing messages sent from your address.
- Review other accounts using the same password. Change credentials on every service where you reused the compromised password.
For a comprehensive guide on recovering from a compromised business email, see our post on What to Do If Your Business Email Is Compromised.
How to Protect Your Email Going Forward
Once you’ve secured your account, these practices will help prevent future compromises:
- Use a password manager to generate and store unique passwords for every account.
- Keep 2FA enabled on all critical accounts—email, banking, social media, and cloud storage.
- Be cautious with links and attachments in emails, even from known contacts.
- Keep your software updated — browser, operating system, and email clients.
- Periodically review your sign-in activity, forwarding rules, and connected apps (set a quarterly reminder).
- Register for breach notifications at Have I Been Pwned so you’ll be alerted when your email appears in a future breach.
If you run a business website and you’re worried that a compromised email could put your site and customer data at risk, we can help. Our web design & maintenance services include ongoing security monitoring to catch threats before they escalate.
For a complete overview of how to lock down both your email and website, visit our Complete Website & Email Security Guide.
Frequently Asked Questions
How do I know if my email has been hacked?
The fastest way to check is to visit Have I Been Pwned and search your email address. Then review your email provider’s sign-in activity log for unfamiliar logins. Also check your sent folder, forwarding rules, and connected apps for anything you didn’t set up. If you find any unauthorized activity, your email has been compromised.
Can someone hack my email without me knowing?
Yes. Sophisticated attackers can set up silent email forwarding rules, access your account through connected third-party apps, or read your messages without marking them as read. That’s why it’s important to periodically review your account activity—even if nothing seems wrong on the surface.
Is my email hacked if I received a password-reset email I didn’t request?
Not necessarily—it could be someone mistyping their email address. But it can also mean an attacker is trying to gain access to one of your accounts. If you receive multiple password-reset emails, or they’re for your actual email account, treat it as a serious warning sign and check your account security immediately.
How often should I check if my email has been compromised?
We recommend checking at minimum once per quarter. Sign up for free breach alerts at Have I Been Pwned so you’re notified automatically. Also review your sign-in activity and forwarding rules any time you notice unusual behavior—like contacts saying they received strange messages from you.
Don’t Leave Your Security to Chance
If you’ve gone through these steps and found something suspicious—or if you’re just not sure whether your email and website are truly secure—we’re here to help.
At eSEOspace, we help small businesses lock down their online presence so they can focus on growth instead of worrying about the next breach. Request a free security audit to find out where your vulnerabilities are, or contact eSEOspace to talk through your security needs with our team.
Worried your site is compromised? Get a free security audit from eSEOspace today.
Related: learn more about our Website Security services and our SEO services.
Frequently Asked Questions
How can I tell if my email has been hacked?
What is Have I Been Pwned and is it safe to use?
How do I check my Gmail login activity?
What should I do if I confirm my email was hacked?
Does not appearing on Have I Been Pwned mean my email is safe?
Put this into action with eSEOspace
We help businesses grow with maintenance & support that actually performs. Explore the services behind this guide:
Book a free strategy call →Get a FREE GEO/AEO/SEO Audit
We'll analyze your site's SEO, GEO, AEO & CRO — completely free — and show you exactly how to get found across Google and AI answers.
Don't have a site yet? Get in touch →
On this page
- Key Takeaways
- Key Takeaways — TL;DR
- Step 1: Check Have I Been Pwned
- Step 2: Check Your Gmail Activity Log
- Step 3: Check Outlook / Microsoft 365 Sign-In History
- Step 4: Review Your Sent Folder and Trash
- Step 5: Check Email Forwarding Rules
- Step 6: Review Connected Apps and Third-Party Access
- Warning Signs Your Email May Be Hacked
- What to Do Immediately If Your Email Is Hacked
- How to Protect Your Email Going Forward
- Frequently Asked Questions
- Don’t Leave Your Security to Chance
- FAQ






