Child's Account Compromised

Take immediate steps to secure the account and devices, then use the official Microsoft recovery process.

1. Secure your child’s devices

• On every PC, phone, or tablet your child uses, run a full antivirus/malware scan.
• On Windows 10/11, use Windows Defender:
  • Select Start.
  • Search for Windows Defender or open it from the link in the guidance.
  • Ensure protection is turned on and run a full scan.
• Do this before changing any passwords.

2. Recover and secure your child’s Microsoft account

• Use the official “hacked or compromised account” flow: How to recover a hacked or compromised Microsoft account.
• Follow the steps:
  1. After malware scans are complete, change the account password to a strong, unique one. If sign-in is not possible, use the reset your password option from the same article.
  2. Review account security info (alternate email, phone) and update them so only trusted details are present.

3. Check for malicious changes in the account If the account uses Outlook.com/Microsoft 365 email:

• Sign in to the mailbox and review:
  • Inbox rules for suspicious rules (for example, forwarding mail to unknown addresses or moving mail to Junk/Notes/RSS).
  • Forwarding settings and automatic replies to ensure nothing is sending mail elsewhere or auto-replying with malicious content.
• Remove any rules or settings that were not created by the family.

4. Revoke attacker access (for Microsoft 365 mail-enabled accounts) If the child’s account is part of a Microsoft 365 tenant and you are an admin:

• Reset the password (and, if synced from on-premises Active Directory, reset it there and then reset it again as recommended).
• Revoke active sign-in sessions using Microsoft Graph PowerShell as described in the compromised-account guidance.
• Update any app passwords associated with the account.
• Enable and enforce multifactor authentication (MFA) for the account to prevent future compromise.

5. Use Microsoft Family and parental consent controls

• Ensure the adult/guardian account that manages the family is secure as well. If that adult account cannot be accessed, recover it using the guidance in the parental-consent article; otherwise, the child may lose access.
• Once the adult account is secure, review the child’s account in the Microsoft family dashboard (purchases, sign-in history, and linked devices) and adjust settings as needed.

6. Protect against unauthorized purchases

• On Windows 10/11 and Xbox, review Microsoft Store purchase settings for the child’s account:
  • Turn on features that require adult approval for purchases.
  • Monitor the child’s purchase history regularly.
• If there are signs someone else used the account for purchases, follow the guidance in the Store article and contact support as appropriate.

7. Monitor and inform

• Watch for further suspicious activity: unexpected password reset emails, sign-in alerts, or unusual messages sent from the child’s account.
• Inform family members and close contacts that the child’s account was compromised and advise them to ignore suspicious messages or links that may have been sent from it.

References:

• How to recover a hacked or compromised Microsoft account
• Respond to a compromised cloud email account
• Prevent unauthorized purchases from Microsoft Store
• How to provide additional consent for children's accounts
• my microsoft account has been compromised - Microsoft Q&A
• My account got hacked - Microsoft Q&A
• Need help with hacked microsoft account - Microsoft Q&A
• My personal hotmail account hacked by hacker with authentication app enabled. - Microsoft Q&A