Stripe Account Hacked? How To Recover Before It’s too Late
Has your Stripe account recently been hacked? You’re not alone — It’s an increasingly common problem to deal with, and it can leave you feeling overwhelmed. Don’t panic!
Recovering your hacked Stripe account is possible – but only if you act fast and follow the right steps.
This guide will take you through the steps necessary to recover your hacked Stripe account from hackers and how to protect your Stripe account in the future so this never happens again.
You will also find step-by-step instructions on how to recover your Stripe account even if the hackers have changed the email address/phone number and have gotten your Stripe account locked/disabled/banned or even deleted.
Stripe Account Hacked: How To Recover
Cybercriminals are constantly evolving their tactics making it a matter of time until one of your online accounts is compromised. It could be due to a weak or common password, malware, a phishing attack, or even the use of a public Wi-Fi network. But all is not lost, and there are steps you can take to recover your hacked accounts!
Let’s dive into the best strategy for recovering your hacked Stripe account!
1. Secure Your Email Account ASAP!!!
Before you even bother recovering your hacked Stripe account, I highly recommend you focus on your email account. If someone gets full access to it, it will be much harder or even impossible to retrieve your accounts and the damage might be more than your Stripe account.
This is crucial since your email is typically linked to all your online accounts, including Stripe.
Follow these steps to secure your email address:
- Change your email password immediately, using a strong and unique password. Use NordPass to encrypt your password(just in case there are any keyloggers on your device).
- Check recovery emails and make sure only your recovery email is there.
- Hackers a lot of times will add a new email address to your account so they can later gain access again.
- Check recovery phone numbers and make sure there is no phone number that you don’t recognize.
- Hackers a lot of times will add a new phone number to your account so they can later gain access again.
- Check for any suspicious activity in your sent and deleted items folders.
- Enable two-factor authentication (2FA) on your email account for added security.
2. Recover your Stripe Account
There are two scenarios on what has happened to your Stripe account: one that the hacker only changed your password and another that changed both your password and email address/phone number/contact information.
Below you can find step-by-step instructions on how to recover your hacked Stripe account as well as how to recover your Stripe account if the hacker has changed your password as well as contact information like your email address and mobile phone number linked to the account.
Recover your Stripe Account if a hacker changed your password:
If you discover that your password no longer works, follow the steps to set a new one as prompted by the login page on the Stripe website.
- Navigate to the official Stripe login page.
- Click on the “Forgot Password/Need help?” option under the password field.
- Enter your email address.
- Stripe will send you an email with instructions on how to reset your password.
Ideally, the login link will be sent to your email or phone number, allowing you to use a security code to regain access and change your password.
This is the best-case scenario, as you can resolve the issue quickly without even contacting Stripe support.
However, it’s still a good idea to inform Stripe customer support about the hacking to make sure that nothing sketchy went on while the hacker had access to your account.
Recover your Stripe Account if the hacker changed both your password and email address/phone number:
If you’re unable to log in and don’t receive a password reset link after requesting one via the “Forgot Password/Need help?” button, a hacker may have changed your email and/or phone number.
In such cases, you’ll need to get in touch with the Stripe support team as soon as possible. They will ask you to verify your identity and ask you for some personal information to verify that you are the real owner of the account.
I highly recommend that you use the same device you usually use on Stripe and the same network. So they can verify that you are the person that normally uses this account. It will help speed up the whole process and they won’t ask many questions.
Locate the Stripe “Help” or “Contact Us” page at the bottom of their website and click on it.
Now you can either fill out the form or directly send them an email.
- Make sure the first drop-down menu of the contact form is set to “Account issues”
- Fill out the rest of the contact form with the necessary information concerning your case.
- Be sure the email address you enter is one you have access to.
- Clearly explain what exactly is going on with your account and provide as many details as possible to make the whole process easier and faster.
- Click “Submit/Send”.
- Wait for a reply.
- It can take anywhere between a few hours to a few days.
Recovering your hacked Stripe Account: Tips & Tricks to speed up the process.
There are a few things you can do to ensure the fastest and smoothest recovery of your hacked Stripe account and avoid any back and forth with their support team.
- Use the same device and network you normally use when you fill in the account recovery form.
- Be as detailed and clear as possible in your message. They are not doing you a favor, so avoid the fluff and get straight to the point with all the key information that might help.
- Include screenshots if needed. (Use an image host to upload them and include the link)
- Contact Stripe support on their social media accounts and let them know that you need help urgently.(Twitter/Facebook/IG)
- Create a Reddit or Twitter thread and tag Stripe asking for a resolution.
3. Malware? Scan or even reset your devices.
If you are unsure of how exactly you got your Stripe account hacked and there is even the slightest possibility of having malware on any of your devices or network, I highly recommend you scan all the devices in your network or even consider resetting your devices to factory settings to ensure complete removal of any potential malware/viruses/keyloggers, etc.
It’s important to ensure that your devices are malware-free because if there are, all your devices and accounts might be at risk.
- Run a comprehensive antivirus scan on all devices using antivirus software.
- It’s pretty straightforward, just download MalwareBytes.
- Install it on all your devices.
- Run the App and click on “Scan Now“.
- Wait for the scan to finish, and choose “Quarantine All Threats” when it’s done.
If any malware is detected, follow the antivirus software’s recommended steps to remove it.
If not, keep an eye on the next few days to see if you notice anything out of the ordinary going on.
4. Change All Your Passwords
Apart from updating your Stripe account password, I advise you to update the passwords from every single online account that you care about and possibly use a different password for each of the accounts.
I know it sounds like a lot to do. You can get NordPass which can help you create, organize, and encrypt all your passwords so you don’t have to worry or remember them each time you want to log in.
Preferably create 12-16 characters passwords including numbers, Uppercase, lowercase, and symbols. NordPass can randomly generate them for you so just click on “Generate Strong Password“.
Update the passwords for all your online accounts and then please follow STEP 5 of this guide to protect your Stripe account as well as any other account that you have in order to stay safe online.
How to change all your online accounts passwords and keep everything organized in one place:
- Download NordPass and install it on any or all of your devices. (Even on one device will do the trick for the moment)
- Now, on the homepage of the app, you can choose to either add all your passwords one by one or import them from your browser and then change them.
- Next, go to the “Password Generator” feature and start generating new unique and strong passwords for each and one of your accounts and change them.
That’s it, from now on NordPass will take care of the rest. It will automatically fill in the passwords for you when you try to log in on any websites/apps, and it will also let you know if your password was found in any data breaches and send you notifications to update them asap.
5. Secure your Stripe Account
You most likely haven’t received a reply back from Stripe support about your hacked account. No worries though, you will get your account back, they take some time to reply.
While you are waiting for your account to be reinstated and back in your hands, the best thing you can do is to secure all your other accounts so you don’t get hacked ever again.
Because the truth is that, this time it was your Stripe account, next time it might be something more important to you, or even a more personal attack where you lose access to your email address permanently as well as all your online accounts.
I highly recommend that everyone follow our guide on securing and protecting your Stripe account and bookmarking it so you can read it from time to time. It’s a 10-minute read and a few tools that can save you a lot of headaches, money, and even more serious issues.
If you feel like you don’t need to read the whole guide, then here is a sum up on how to secure and protect your Stripe Account as well as any other online accounts:
- Create a strong and unique password.
- Change passwords frequently.
- Use a free password manager to store everything.
- Enable 2FA or MFA.
- Install a premium AdBlocker.
- Use Antivirus software.
- Use a VPN to encrypt your data. (Usefully especially on public WiFi)
- Don’t install sketchy software.
- Double-Check Everything on Emails.
- Learn the basics of internet security.
- Educate your family and friends.
- Delete unused old accounts.
- Lock Down your phone/laptop.
- Encrypt your Phone and Laptop.
- Use a YubiKey.
As I said above you can find detailed instructions on each of these suggestions in our guide about protecting Stripe accounts from hackers.
How to tell if your Stripe has been hacked
Stripe is an attractive target for hackers looking to gain unauthorized access to users’ accounts. Knowing the signs of a hacked Stripe account and the steps to take to secure it can be crucial in protecting your personal information.
Below, we will analyze how to tell if your Stripe account has been hacked.
- Unexpected Password Changes:
- One of the most obvious signs of a hacked Stripe account is when you can’t log in with your known password. If you haven’t changed your password recently and are sure you’re entering it correctly, there’s a chance that someone else may have gained unauthorized access to your account and changed the password.
- Unusual Activity:
- Emails, messages, or activities you don’t recognize.
- Unauthorized purchases or transactions.
- Changes to your personal information, profile picture, or account settings.
- Notifications of Unrecognized Logins:
- Stripe sends notifications when your account is accessed from a new device or location. If you receive such alerts but don’t recall logging in from the specified device or location, it may indicate unauthorized access.
- Password Reset Emails:
- Receiving unexpected password reset emails could be a sign that someone is trying to gain access to your Stripe account.
- Unfamiliar Security Questions or Backup Emails:
- If you find that your security questions have been changed or an unknown backup email has been added to your account, it could be an indication that someone is attempting to lock you out or gain more control over your account.
- Unexplained Account Deletion or Deactivation:
- If your Stripe account is suddenly deleted, deactivated, locked, or even banned without you doing anything, it could be a sign that someone has gained unauthorized access and is trying to cover their tracks.
- Unexpected Credit Card Charges or Bank Transactions:
- Monitor your credit card and bank statements for any unauthorized charges or transactions. If you notice anything suspicious, it could be an indication that your account has been compromised and is being used for fraudulent activities.
- And more, but these are the biggest red flags that indicate that your Stripe account may have been hacked.
Hacked Stripe Account: Frequently Asked Questions
What if someone hacked my Stripe account and changed my email and password?
If your email and password have been changed by a hacker you can still try to recover your account using just your phone number. If you had no mobile phone linked to your Stripe account, then follow the steps of our guide.
What happens if your Stripe account is hacked?
Most likely, hackers will change your password once they have gotten control of your Stripe account and then try to take control of your other accounts using the same email and password combination.
Can you recover a hacked account on Stripe?
Yes, if you are the legitimate owner of the Stripe account you will be able to recover your hacked account by following our guide.
What is the first thing you do when you get your Stripe account hacked?
The first two things you should do if you suspect that your Stripe account might be hacked is to secure your email account by changing the password and adding 2FA verifications, and then change the password of your Stripe account.
How long does Stripe account recovery take?
Based on our experience, the average recovery process takes around from a few hours to 1 week.
Statistics about hacked online accounts
|Total data breaches reported in the US (2020)||1,001||Statista|
|Individuals affected by data breaches in the US (2020)||155.8 million||Statista|
|Percentage of data breaches involving hacking (2021)||45%||Verizon|
|Percentage of data breaches involving malware (2021)||17%||Verizon|
|Percentage of data breaches involving social engineering (2021)||22%||Verizon|
|Data breaches targeting financial organizations (2020)||37%||Varonis|
|Data breaches targeting healthcare organizations (2020)||19%||Varonis|
|Data breaches targeting public sector entities (2020)||14%||Varonis|
|Average cost of a data breach (2020)||$3.86 million||Ponemon Institute|
|Hacking-related breaches involving weak or stolen credentials||80%||Verizon|
|Individuals affected by email account cyber attacks (2019)||23 million||Statista|
|Most targeted email service providers (2019)||Yahoo, Gmail, and Hotmail||Statista|