How do I know if any of my online accounts have been compromised?
Check each account's recent activity log, look for unrecognised login locations, and use breach-checking tools to see if your credentials appeared in a known data breach.
Last reviewed: 10 June 2026
Explanation
Most major platforms — Google, Apple, Facebook, banking apps — provide an 'account activity' or 'recent logins' section that shows every device and location that has accessed your account. This is your first port of call. A login from a country you've never visited, or from a device type you don't own, is a strong indicator of compromise. Review this regularly rather than only when you suspect a problem.
Breach notification services such as haveibeenpwned.com let you enter your email address and see whether it appears in any publicly reported data breaches, along with what data was exposed. If your email appears alongside a password, that specific password should be changed everywhere you use it immediately.
Silent indicators are trickier: some attackers access accounts without making changes so as not to trigger alerts. Watch for emails in your sent folder you don't remember writing, contacts who report receiving odd messages from you, changes to your account recovery settings (backup email, phone number), and new device authorisations in your security settings.
Make account security reviews a monthly habit rather than a crisis response. Enable login notifications on every account that offers them — these send an immediate alert to your existing device whenever a new login occurs, giving you real-time visibility.
Common red flags
- Login activity shows a device or location you don't recognise
- You receive a security alert email about a new device login
- Your account settings show a recovery email or phone number you didn't set
- Contacts report receiving messages from your account that you didn't send
- You're unexpectedly locked out — someone may have changed your password
- Your email appears in a data breach notification service
What to do now
- Review the account activity / recent logins page for each key account
- Enable login notifications on all accounts that support them
- Check your recovery email and phone number settings and remove any you don't recognise
- Review connected apps and revoke access to any that are unfamiliar
- Change passwords on any account where you see suspicious activity
- Use haveibeenpwned.com to check whether your email is in a known breach
- Enable two-factor authentication everywhere it is offered
Frequently asked questions
How often should I check my account activity?
Monthly is a reasonable baseline. For banking accounts, weekly is better. Enable push notifications for logins so you get real-time alerts without manual checks.
I found an unrecognised login — what should I do first?
Sign out all other sessions (most platforms offer a 'sign out everywhere' button), then immediately change your password and enable or review your two-factor authentication method.