7 Reasons Your Account Got Hacked (& How to Fix it)

by | May 5, 2022 | Small Business

Today, May 5th, is world password day so it seemed like a good time to talk about one of the most common issues with internet security: Accounts getting hacked. Here’s 10 common reasons why your account got hacked, and how you can fix it or prevent it in the future.

Most of the time, hacks aren’t really hacks. They’re usually a result of phishing scams, password leaks, forgetting to log out, or unsecure passwords that area easy to guess.

The 7 Most Common Reasons Your Account Got Hacked

These are some of the most common ways I see people’s accounts get accessed without their permission so you can take preventative measures or, possibly, recover your account.

Password Leaks

This happens more often than people realize. Every time you login to a website with an email address or username and password, you’re trusting that data to the website. Sometimes they get hacked and the data ends up online. Big ones have included Sony’s Playstation Network.

A great resource to check if your information has been leaked is the website “Have I been Pwned?“. It will list every security breech your email or phone number has been involved in.

If it happens to you:

Change your password on that account and every single other account that uses that password.


Don’t use the same password for everything. That way if your information gets leaked, it’s only going to affect one website and they can’t access anything else. This is especially true for your email and bank accounts.

Easy to Guess Password

I hate to break it to you but “Mykidsname123” isn’t a very secure password. Neither is something can contains your DOB, name, username, interests, or pets. A lot of information can be found about someone online, especially with social media, making it easy for hackers to guess common passwords.

The most common passwords found leaked on the dark web in 2021 were:

  1. 123456
  2. 123456789
  3. 12345
  4. qwerty
  5. password
  6. 12345678
  7. 111111
  8. 123123
  9. 1234567890
  10. 1234567

Source: NordPass, Wikipedia

If it happens to you:

If you haven’t been hacked and have an easy password, change it ASAP. But, if your account has already been comprimised the only thing you can do is contact the company’s support and move forward with more secure passwords.


A strong password should contain a combination of numbers, letters, and ideally symbols. To be extra safe, a password generator can create something that’s almost impossible to hack. Another way to prevent someone getting into your account is to enable 2 factor authentication so you have to confirm via a phone or email code.

Brute Force Attack

Unlike easy to guess passwords, brute force attacks use robots to try a list of passwords in an attempt to just guess yours. The more simple the password is, the easier it is for this process to get it and get into your account.

If it happens to you:

The same tips as having your password guessed apply here. Make sure you change your password to something more secure.


Follow the tips in the guessed password section to create a strong password. If you’ve created a website or blog, make sure you have a limit login plugin enabled that will automatically lock out hackers afer a couple failed password attempts.

Phishing Scam

Phishing is the act of a hacker getting information out of you, usually without you realizing it. The most common way you see this is with spoofed emails asking you to login to your account. Sometimes they can look quite real and even tech-savvy people can fall for them.

If it happens to you:

If you realize you put your password someone wrong when it’s too late, go and change it immediately. Hopefully you can do that before someone else accesses your account. If you’ve already been hacked, though, you’ll have to speak with the company to try and recover your account.


Be very cautious when logging in through a link that’s sent to you. In fact, try and avoid logging into any website from a link. Instead, go right to their website and login that way.

Another good tell is if your phone or computer doesn’t remember the password and it usually does.


These aren’t quite as common anymore thanks to better antivirus software and more phone use, but it still happens. A keylogger is a virus that tracks everything you do on your computer, including what keys are input on the keyboard.

It can then use that information to find out your passwords and other personal information.

If it happens to you:

Remove all viruses from your computer either yourself or with a technican’s help. Then make sure you change all passwords on everything, even accounts taht haven’t been comprimised. It might be a good idea to think back about all the places you submitted information over the past several months.

Other things, like your credit card information or SIN/social security number could also be comprimised.


Be virus-wary when using the computer. Don’t download files you don’t trust and avoid running 3rd party software, like VPNs, unless you’re positive you trust the source. Make sure you have an antivirus running too.

Left Your Account Logged In

This happens more often than people realize. If you forget to log out of your account from a public place the next person may be able to access your information. While some services, like your email, may not allow password changes without knowing your current password, other accounts may not have that security feature.

Another common mistake is clicking “remember me” on a shared device. There are ways to see a saved password on a computer, and from there someone with bad intentions can hack that account.

If it happens to you:

If someone has changed your password on an account that you left logged in, the first step is to try and reset the password and update it. Most accounts can do that with your email address or phone number, so hopefully that will get you logged in.

Otherwise you’ll have contact support to try and get your account back.


Always log out of public computers and never check “remember me”. If available, log in only on “private” or “icognito” browsers that don’t store information.

It Wasn’t Actually Hacked

It’s not uncommon for people to think that their account is hacked when it actually hasn’t been. A common scam on Facebook, for example, is bots or scammers copying your information and creating a new profile to mimic you. This, of course, isn’t actually a hack – it’s just fraud.

Saying you’ve been hacked is also a common phising scheme to try and get you to input your username and password. You might get a fake message saying that someone has hacked into your account and you need to login to confirm.

If it happens to you:

This will depend on what the actual scam is. For Facebook fake profiles, report them and ask others to do the same. If you fall for a phishing scam, immediately login to the proper website or app and change your password. If it’s too late, contact the company for next steps.


It’s not common for companies to reach out and ask you to login when there’s suspicious activity. Usuaully they will send a message asking to confirm it was you who logged in. If you see this, and didn’t attempt to login, always report it .

Finally, watch for messages that don’t come in a usual way. Your bank won’t suddenly text you with a login link, for example.