What it means:
Someone who isn’t you gets into your account and can act as you. They might read your messages, change settings, or try to steal money.
How it usually happens:
Phishing: you’re tricked into typing your password on a fake page.
Malware: a virus or stealer grabs your login.
Weak or reused passwords: one leak opens many doors.
Unprotected devices: unlocked phone or shared computer.
Security bugs: rare, but websites can be vulnerable.
Common warning signs:
Login alerts you don’t recognize.
Password or recovery info changed.
Messages sent that you didn’t write.
New charges, orders, or sessions.
MFA prompts popping up when you didn’t sign in.
What attackers do with access:
Reset other passwords using your email.
Send phishing to your contacts.
Make purchases or withdraw money.
Steal saved data (files, photos, backup codes).
Enroll new devices or turn off security.
What to do right now if you suspect it:
Change the password immediately (from a clean device).
Turn on 2-step verification (MFA) if it’s off.
Review recent logins and sign out of other sessions.
Check recovery email/phone; remove anything unfamiliar.
Look for unauthorized actions (messages, payments) and report them.
Run a malware scan and update your device.
If email was hit, change passwords for other accounts that use that email.
How to prevent it:
Use a strong, unique password for every account (a password manager helps).
Keep MFA on and store backup codes safely.
Don’t click unknown links; check the site address before you sign in.
Update your system, browser, and apps.
Avoid public/shared devices for sensitive logins.
Watch for breach notices and change passwords quickly.