Hey everyone, I'm in a bit of a jam. My main Microsoft account got hacked back on December 10, 2025. The hacker somehow bypassed my two-factor authentication and wiped all my security info, even changing the recovery email to theirs. I managed to get my account back and changed my password, plus I requested to restore my original email for security info. However, Microsoft has this 30-day limit for changes, and during that time, the hacker got a notification and stopped the process. It's been a frustrating wait—no one at support can tell me when the lockout ends, and they're worried about the hacker trying to access it again. Now, Microsoft's specialists told me to create a new account and not worry about the hacked one, but I can't access it to verify my identity and get rid of it. Is there any way I can remove that compromised account from my Windows 11 laptop, so I can set up my new account as the main administrator?
5 Answers
If they bypassed your 2FA, it sounds like your recovery email was compromised too. A good idea from here on out is to switch to app-based 2FA or a hardware security key. SMS and email methods are much easier for hackers to exploit.
Glad to hear you were able to remove the old account with a local admin! As for preventing this in the future, keep your security software up to date and regularly check all your accounts for unusual activity. It's good you have 2FA set up—just make sure it’s solely app-based for added security.
There’s a detailed video out there that shows how to create a local Windows account. However, I'm not sure how to get rid of the Microsoft account specifically. Definitely check it out, it might help!
Make sure you back up your files before doing anything drastic! Ideally, take out your hard drive and connect it to another PC, or you could use a live Linux distro to copy your important files. Then install a fresh version of Windows 11 while skipping online account creation to set it up with a local account instead. Just make sure to scan everything with antivirus software afterward.
Honestly, you might need to wipe your laptop unless you already created a local admin account. That’s usually the quickest way to make sure the compromised account is out of the picture.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures