How to Fix "Office 365 Account Hacked/ Compromised" Issue

Office 365 Account Hacked

Ashish Ratan Singh | Modified: August 20, 2020 | General, Office 365 | 5 Minutes Reading

Office 365 is the most widely used subscribed application of Office 2016. It offers easy access to Office services and applications over the cloud. In addition to Microsoft Office services, the users that are having a business subscription can use its email and social networking services also. Moreover, MS Office 365 is being popular among users for its emailing and several advanced features. After being so popular in the business world, what if Office 365 account compromised, what about the security of the data on the O365 account. Now, the question arises, how to resolve Office 365 mailbox hacked issue. Thus, in this blog, we are going to discuss all possible solution related to this concern.

Consider a Scenario:

Due to some reasons, the member of an organization becomes a victim of some scam. Now, the attacker has obtained the password of that account and start performing some illegal activities such as sending spam emails to other users. It means that their Office 365 account hacked / compromised by some cyber-criminal. Now, that member of an organization wants to fix this issue so that it stop affecting the organization data stored in Office 365 account.

How to Verify Office 365 User Mailbox is Compromised?

There are various reasons through which a user can confirm that the Microsoft O365 account has been compromised or not. All of them are listed below:

  • A user is not able to sign in to Office 365 account through his usual password.
  • There are some changes in profile such as name, postal code, or phone number are updated.
  • The deleted or sent items folders contain hacked-account messages.
  • A new signature was recently added such as prescription drug signature etc.
  • Credentials of the Office 365 account has been changed.
  • Emails in bulk have been sent from your account that contains invalid email addresses.

If any Office 365 user encounters this common problem in their account then, it means Office 365 account has been compromised or hacked by someone and need to fix as soon as possible.

There are some situations in which a user wants to access some of the important data stored in Office 365 mailbox. Now, the account has been hacked so he is not able to access it. Hence, to overcome such type situations, it is always suggested to regular backup of your Office 365 using any third party tool. If a user is having Office account backup on his local machine then, to resolve hacking issue, he can take help of Office 365 support team help and close that account permanently.

Expert’s Recommendation: Many tech experts recommend Office 365 users to backup their cloud data on a regular basis. Users should keep a backup copy of crucial mailbox items such as emails, calendars and contacts on local storage as any mishappening can cause great loss. Users can use a third-party tool like SysTools Office 365 Mailbox Export Tool and download their data in three (PST, EML or MSG) file formats. There are many other advanced set of features as well that makes the complete process effortless.

Download Now Purchase Now

You can visit the following URL to check the working guide of the tool in detail:

How to Resolve Office 365 Account Hacked Issue

In order to resolve the hacking problem in Office 365 account, there are two methods available for use. A user can choose any of them.

Method 1: Remediate Compromised Account Manually

There are various manual redemption methods available that a user can try to fix Office 365 account compromised/ hacked problem. All of them are given below, choose any of them:

  • Update Office 365 Account Password
    By updating the user password, a user not only modifies the password to secure the account, however, it kills all active sessions also.
  •  Delete Delegates from Mailbox
    Delegation is nothing but just giving access to some other user and admin to your calendar and mail. However, it is most easy to use the feature, which is used by the attackers to have access to your mail.
  •  Disable Mail Forwarding to Feature
    A user must disable the rules of mail forwarding to external domains and global mail forwarding rules that mainly generated by an attacker.
  •  Multi-Factor Authentication (MFA) Must be Enabled
    A user must use MFA, which is a method of authentication that requires users to use more than one verification code. It reduces the risk of Office 365 account being hacked by any user.
  • Set Password Expiration Date and Complexity to High
    A user must configure the account with a strong password that has high level of complexity. Moreover, one can also set password expiration policy, which is a best practice. However, it is very important if MFA is not enabled by the user.
  •  Review Audit Log and Enable Mailbox Auditing
    Enabling mailbox auditing will enable users to monitor the activity and also allows one to identify any anomalous activity in your mailbox.
  • Security Education and Awareness
    In today’s world, where cyber crimes are increasing day by day it becomes necessary to educate the users about security threats like ransomware and spear-phishing.

Method 2: Execute RemediateBreachedAccounts.ps1 Script of PowerShell for Hacked Office 365 Account

This PowerShell script will help in resolving the issue of Office 365 account hacked the attack on compromised account and perform all the above stated actions in method 1 automatically using this RemediateBreachedAccounts.ps1 Script.


It is a serious issue if Office 365 mailbox is compromised and security is the major goal for every user, the Office 365 users sometimes face hacking problem of their account due to some phishing attack. Therefore, after understanding the requirement of users to overcome account hacking issue, we have discussed two different methods to fix Office 365 account hacked issue. Based on their knowledge and requirement, one can choose any of them.