What it means:
Someone who isn’t you gets into your account and can act as you. They might read your messages, change settings, or try to steal money.

How it usually happens:

• Phishing: you’re tricked into typing your password on a fake page.

• Malware: a virus or stealer grabs your login.

• Weak or reused passwords: one leak opens many doors.

• Unprotected devices: unlocked phone or shared computer.

• Security bugs: rare, but websites can be vulnerable.

Common warning signs:

• Login alerts you don’t recognize.

• Password or recovery info changed.

• Messages sent that you didn’t write.

• New charges, orders, or sessions.

• MFA prompts popping up when you didn’t sign in.

What attackers do with access:

• Reset other passwords using your email.

• Send phishing to your contacts.

• Make purchases or withdraw money.

• Steal saved data (files, photos, backup codes).

• Enroll new devices or turn off security.

What to do right now if you suspect it:

1. Change the password immediately (from a clean device).

2. Turn on 2-step verification (MFA) if it’s off.

3. Review recent logins and sign out of other sessions.

4. Check recovery email/phone; remove anything unfamiliar.

5. Look for unauthorized actions (messages, payments) and report them.

6. Run a malware scan and update your device.

7. If email was hit, change passwords for other accounts that use that email.

How to prevent it:

• Use a strong, unique password for every account (a password manager helps).

• Keep MFA on and store backup codes safely.

• Don’t click unknown links; check the site address before you sign in.

• Update your system, browser, and apps.

• Avoid public/shared devices for sensitive logins.

• Watch for breach notices and change passwords quickly.