The direct answer
Act from a device you trust. Try the service’s official recovery process, change the password and sign out other sessions. Then secure the email account and phone number used for recovery, because they may provide access to everything else. [1]
First, regain control
Go directly to the provider’s official site or app. Review recovery email addresses, phone numbers, forwarding rules, connected apps and active sessions. Remove anything you do not recognise. Turn on multi-factor authentication using an authenticator or security key where available. [1]
Limit the spread
Change any reused password, starting with email, banking, cloud storage and social accounts. Warn contacts if the account sent messages. If payment information or identity documents were exposed, contact the relevant bank or issuer and monitor transactions. [2]
Record and report
Keep screenshots, security alerts and times. Use the platform’s reporting route. Report suspected crime to An Garda Síochána. If the incident involves work data, follow the organisation’s incident process immediately. Organisations may have separate legal duties for personal-data breaches. [3]
What to do now
- Use official account recovery.
- Remove unknown sessions and recovery details.
- Secure email and every reused password.
- Record evidence and make the relevant reports.
Primary sources
Claims and service details were checked against these official sources on 2026-07-11. Follow the source for the latest operational detail.
- National Cyber Security Centre: Cyber security advice Accessed 2026-07-11
- Data Protection Commission: Personal data breach guidance Accessed 2026-07-11
- An Garda Síochána: Online and cyber crime Accessed 2026-07-11
Keep reading
Editorial note
Publisher: Around.ie Editorial. This page provides general information, not individual professional advice. Material changes trigger an earlier review. Corrections create a new reviewed version.