Support article
My password has been stolen: what to do
Urgent steps to follow if one of your passwords has been stolen: check for malware, change credentials, protect your email and hosting, and enable 2FA.
Introduction
If you suspect that one of your passwords has been stolen, you need to act quickly. A compromised password can allow access to your email, WordPress, FTP, hosting panel or client area.
The goal is to recover control, close unauthorized access and prevent the same problem from happening again.
Signs that your password may have been stolen
There may be a compromised password if:
- You receive login alerts you do not recognize.
- There are emails sent that you did not send.
- Your website changes without explanation.
- New administrator users appear.
- You can no longer log in with your usual password.
- You receive spam reports from your domain.
- Your browser shows strange extensions or redirects.
Steps to recover control
1. Check your device for malware
Before changing passwords, scan the computer or phone you use to log in.
Look for:
- Viruses.
- Trojans.
- Keyloggers.
- Suspicious extensions.
- Programs installed without permission.
If you change the password from an infected device, it could be stolen again.
2. Change all your important passwords
Change the password for:
- Your main email account.
- Your client area.
- cPanel or DirectAdmin.
- FTP.
- WordPress, Prestashop or any other CMS.
- Databases if they may have been exposed.
- Accounts related to payments or domains.
Use unique and strong passwords.
3. Make sure the new password is being used
Also update the programs where the password is saved:
- Outlook, Thunderbird or email apps.
- FTP clients.
- Password managers.
- Website integrations.
- Mobile apps.
If an application keeps using the old password, it may cause blocks or errors.
4. Enable two-factor authentication
Enable 2FA on every service where it is available. This greatly reduces the risk if a password leaks again.
5. Review users and access
Check:
- WordPress administrator users.
- FTP accounts that were created.
- Email accounts.
- Email forwarding rules.
- Recently modified files.
- Open sessions.
Remove any user or access you do not recognize.
What to do if it affects your hosting
If you believe someone accessed your hosting:
- Change the panel password.
- Change FTP passwords.
- Review recent files.
- Scan the website if it uses WordPress.
- Open a support ticket.
- Request a review or a restore if the website was altered.
Useful tips
- Do not reuse passwords.
- Use a password manager.
- Do not share passwords by email.
- Do not store passwords in plain text files.
- Change passwords when you stop working with providers or collaborators.
- Keep your device updated.
- Avoid logging in from public devices.
Common problems
I changed the password but I still see strange activity
There may still be open sessions, malware on the device or extra users created by the attacker.
I cannot access my email
Try to recover the account from the hosting panel or contact support.
My website was modified
Change passwords, review users and ask for help restoring a clean copy if one exists.
Frequently asked questions
Should I change all my passwords
Change at least all the passwords related to the affected account. If you reused the same password, change the others as well.
What is a keylogger
It is a malicious program that records what you type, including passwords.
Does 2FA prevent all theft
Not all of it, but it greatly reduces the risk of unauthorized access.
Can miHosting see my password
You should not send your password to support. If you need help, support can guide you without asking for it.
Conclusion
If one of your passwords has been stolen, first clean your device and then change every affected password. Review access, enable 2FA and contact support if the incident affects your hosting or email.