I need urgent help! My email was hacked on January 6th, even though I had two-factor authentication set up. The hacker managed to remove my recovery email and change my mobile number, so now I can't recover my account at all. To make things worse, my Wise account is linked to this email, along with all my social media. I've lost access to my YouTube channel, @BACARDIwithME, which has over 12k subscribers, as well as LinkedIn and all my other accounts like Discord, Instagram, and Snapchat. All my clients also contact me through this email, and I've been unable to use it for five days now! I'm really frustrated and need guidance on what to do next.
4 Answers
If your email is from a free service like Gmail or Yahoo, recovery might be tough. However, if you use a paid business email (like [email protected]), you might have better luck getting help from your provider. They usually have better support for recovery cases.
We can’t help you regain access, but I can share info on how they likely got in. They might have stolen your session cookies or intercepted your SMS if you were using it for two-factor authentication. As for your other accounts, secure them immediately with new, strong passwords and non-email methods for 2FA. Consider using a YubiKey for sensitive accounts. If you've downloaded anything suspicious, you should also check your computer for malware before changing any passwords.
I don't know the exact answer either, but I’m curious about how someone could authenticate using your mobile number if you have the device with you. If that’s a possibility, it raises concerns about everyone’s security.
I agree! Sim swapping is a known method that hackers use to gain access. It's alarming how easily this can happen.
Unfortunately, there's not much we can do here since only your email provider can assist with account recovery. Typically, hackers get access through weak passwords or malware. For the future, it’s important to use a strong password manager to create and store your passwords securely and avoid running any files from untrusted sources.

Yeah, it definitely is a risk! Spoofing mobile numbers or using token stealing techniques can let someone bypass 2FA. It's a serious security loophole, especially since SMS is less secure for two-factor authentication.