Share via

Microsoft Account Takeover – Alias Changed, Account Not Recognised

Imo Furlong 0 Reputation points
2026-05-04T23:18:10.4666667+00:00

My Microsoft account has been compromised and I am currently locked out.

An attacker gained access after a one-time security code was mistakenly shared, we believe on Friday, by my son. The attackers have since changed the primary alias (email address) on my account and I'm locked out. My email is no longer recognised by your system, and I am unable to use the standard account recovery form.

I can now see an unknown Gmail address associated with the account on my device, which I believe belongs to the attacker.

I am the rightful owner of this account and can provide further verification details, including devices used, and account activity etc but whether there is a mechanism for this I don't know.

How do I request a manual review and assistance in recovering my account, as the automated recovery system does not work in cases where the alias has been changed.

Please advise on the next steps or escalate this case to the appropriate team. Thanks for your assistance in stopping online fraud.

Imogen

Microsoft Security | Microsoft Identity Manager
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. kagiyama yutaka 2,430 Reputation points
    2026-05-05T01:38:55.6166667+00:00

    I think once the alias is changed the backend drops ur old ID completely, so the only move left is running the official recovery form with ur original mail/phone from a clean browser+other Wi‑Fi; a recovery attempt that keeps failing means the acct is treated as gone, and the only sane step is securing other services and setting up a new one.

    Was this answer helpful?

    0 comments
  2. Q&A Assist
    2026-05-04T23:18:29.41+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    For a personal Microsoft account where the primary alias has been changed by an attacker and normal sign‑in or recovery is failing, only the official recovery and support flows can be used. There is no separate “manual review” channel outside these.

    Use these steps end to end:

    1. Run through the official hacked‑account guide
      • Follow the guidance in How to recover a hacked or compromised Microsoft account. Start with the sign‑in helper tool:
        • Go to the article and use the Start link: Start.
        • Enter the email address or phone number that was originally used with the account (even if it is no longer recognized) and follow the flow it presents.
    2. Submit the account recovery form (even if alias was changed)
      • If direct sign‑in fails, the helper will route to the account recovery form.
      • Complete the form with as much accurate information as possible about:
        • Previous passwords.
        • Devices and locations used.
        • Microsoft services used with the account.
        • Any other aliases that were ever attached.
      • The review of this form is the primary way Microsoft validates ownership when security info and aliases have been changed.
      • If the form result is “not granted,” submit another request from a different device/network and ensure all details are as complete and accurate as possible, as suggested in the Q&A guidance.
    3. If recovery keeps failing, use the guided support/contact options
      • If the automated recovery still does not restore access, use the official support contact flow described in the Q&A answers:
        • Visit the Microsoft Support contact page (for personal accounts).
        • In the help experience, choose the product as Other Products and category Manage account security.
        • Use Chat with a support agent in your web browser when available.
      • Explain that the account was taken over, the primary alias was changed to an unknown Gmail address, and that the standard recovery form is not succeeding. Support can guide through the available options but cannot bypass the recovery system or guarantee restoration if ownership cannot be verified.
    4. If security info change is pending
      • If at any point a “security info change is still pending” message appears when trying to sign in, use the built‑in links on that page:
        • Cancel this request if the change was initiated by you and you still have access to the old security info.
        • Let us know if the change was not made by you; this routes through the “unauthorized change” flow.
    5. After (and if) access is restored
      • Immediately:
        • Run a full malware/antivirus scan on all PCs and devices used with the account (for Windows 10/11 or 8.1, use Windows Defender as described in the article).
        • Change the password to a strong, unique one.
        • Review connected accounts, forwarding, and automatic replies settings to remove any attacker‑added rules or addresses.
        • Remove any unknown aliases from Manage how you sign in and add secure verification methods (such as Microsoft Authenticator) once back in the Security settings.

    If the recovery form and guided support ultimately cannot verify ownership, the account may be unrecoverable; in that case, Microsoft Support and community moderators cannot override the automated systems.

    References:

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.