Compromised Account: Security info changed by hacker, need manual verification and recovery

I wish I had better news, but when a Microsoft account is hacked, if the hackers change the associated data like the Email, then that account is usually no longer recoverable, this forum is just a user to user account and no-one here has any account access and account recovery is an automated process, try using the process they provide on this link to recover a hacked account, if this process is not successful, sadly, that account cannot be recovered.

https://support.microsoft.com/en-us/account-billing/how-to-recover-a-hacked-or-compromised-microsoft-account-24ca907d-bcdf-a44b-4656-47f0cd89c245

For a hacked personal Microsoft/Outlook.com account where the attacker changed the security info and verification codes now go to them, recovery is only handled through Microsoft’s automated flows and standard support channels. Direct manual verification by sending documents is not available for consumer Microsoft accounts.

Use these steps and options from the documented guidance and Q&A:

1. Run through the official “hacked account” process
   • Follow the guidance in How to recover a hacked or compromised Microsoft account:
     • First, clear all devices of malware (full antivirus scan, ensure Windows Defender or other AV is up to date) before changing any passwords.
     • Then change the account password if sign-in is still possible, or use the password reset flow if not.
     • After regaining access, review mailbox settings such as connected accounts, forwarding, and automatic replies to remove anything the attacker added.
   • Article link (for steps and flows): How to recover a hacked or compromised Microsoft account.
2. Use the sign‑in helper / recovery entry point
   • Start from the official sign‑in helper at this link: https://go.microsoft.com/fwlink/?linkid=2196140
   • This tool asks for the email/phone and then routes to the correct self‑help or recovery path (including the account recovery form when needed).
3. If security info was changed and you see a “security info change pending” message
   • If the account shows a message like “Your security info change is still pending” or “You can’t access this site right now,” that means all previous security info was removed and replaced, and a 30‑day security info change period is in effect.
   • On that pending screen, use whichever of these links appears:
     • Cancel this request – only if the change was initiated by you and you still have access to the old security proofs.
     • Let us know – use this if the change was not made by you; this triggers the “unauthorized change” flow from that same pending window.
   • If you can reach Manage how you sign in, remove any attacker‑added aliases once you regain access.
4. Complete the Microsoft account recovery form as thoroughly as possible
   • If normal sign‑in and pending‑change flows do not work, the Microsoft account recovery form is the only way to prove ownership for a locked/compromised personal account.
   • Guidance is in Help with the Microsoft account recovery form. Key points from the documentation and Q&A:
     • Use a familiar device and location you have used with this account before.
     • Provide as much accurate information as possible (old passwords, subject lines of emails you sent, contacts, etc.).
     • If the form result says the account could not be verified, it is allowed to retry up to two times per day.
     • After submitting, results are sent to the working email address entered at the start of the form within 24 hours.
     • If verification succeeds, instructions to sign back in are sent to that working email.
   • If the form repeatedly fails, the Q&A guidance states that the account may be unrecoverable if the attacker has fully replaced the security info and the automated checks cannot verify ownership.
5. Understand limits on manual intervention and document submission
   • Per Help with the Microsoft account recovery form, support agents:
     • Are not allowed to send password reset links.
     • Cannot access or change account details or override the automated recovery decision.
   • The Q&A answers explicitly state that if the security info has been replaced by the hacker and the recovery form fails, there is no other working method to recover the account, and Microsoft Support cannot manually reset security info or accept external documents as proof.
6. Contact Microsoft Support for guidance (not for manual override)
   • If there are technical issues with the recovery form or to get guidance on the process, use the official support contact flow described in the Q&A:
     • Go to the Contact - Microsoft Support page.
     • In the search box, type a brief description such as “Account Recovery”.
     • Select Get Help, then scroll down and choose Contact Support.
     • Under Products & Services, choose Other Products; under Categories, choose Manage account security.
     • Select Chat with a support agent in your web browser (if available in the region and during business hours).
   • Support can explain options and help with process issues, but cannot bypass the automated ownership verification or manually accept your documents to reset security info.
7. If recovery succeeds
   • Immediately:
     • Change the password again from a clean device.
     • Remove any unknown aliases from Manage how you sign in.
     • Review and remove any malicious rules in connected accounts, forwarding, and automatic replies.
     • Add strong, trusted security info (e.g., new email, phone, Microsoft Authenticator) following How to help keep your Microsoft account safe and secure.

If the account recovery form and built‑in “security info change pending” options do not verify ownership, the documented guidance and Q&A indicate that the account cannot be recovered and there is no escalation path where documents can be manually reviewed to reset security info for a personal Microsoft/Outlook.com account.

References:

• How to recover a hacked or compromised Microsoft account
• Help with the Microsoft account recovery form
• I can't sign in to my Microsoft account
• My account got hacked. - Microsoft Q&A
• My personal hotmail account hacked by hacker with authentication app enabled. - Microsoft Q&A
• How do I send an email to Microsoft about my account being hacked and taken over by <removed> ? - Microsoft Q&A
• Need help with hacked microsoft account - Microsoft Q&A
• My account got hacked - Microsoft Q&A