MY Microsoft account is hacked. The hacker set up 2FA to a mail that he created.

I wish I had better news, but when a Microsoft account is hacked, if the hackers change the associated Email or if 2FA is enabled on the account, then that account is usually no longer recoverable, this forum is just a user to user account and no-one here has any account access, try using the process they provide on this link to recover a hacked account, if this process is not successful, sadly, that account cannot be recovered.

https://support.microsoft.com/en-us/account-billing/how-to-recover-a-hacked-or-compromised-microsoft-account-24ca907d-bcdf-a44b-4656-47f0cd89c245

Follow these steps to contain the hack and attempt recovery.

1. Secure devices before more sign-in attempts

• Run a full antivirus/malware scan on every device used to sign in to this Microsoft account (PC, phone, tablet).
• On Windows 10/11 or 8.1, use Windows Defender:
  1. Select Start.
  2. Type Windows Defender in Search, or select Windows Defender.
  3. Turn on protection and run a full scan.
• Do this before changing any passwords to ensure no malware keeps stealing credentials.

2. Use Microsoft’s hacked-account recovery flow

• Go to the official hacked/compromised account flow: use the sign-in helper described in How to recover a hacked or compromised Microsoft account. It will ask for the account email/phone and guide through:
  • Self-help recovery steps, or
  • Options to contact an agent if available.
• If normal sign-in fails because of the attacker’s 2FA, use the I think someone else is using my Microsoft account option when choosing Forgot my password during sign-in, as described under unusual activity handling.

3. Complete the account recovery form thoroughly

• If prompted to fill the account recovery form, provide as much accurate information as possible (old passwords, contacts, subject lines, etc.). This automated process is the only way to override attacker‑controlled security info for consumer accounts.
• If the form is rejected, it can be retried with better details; if it repeatedly fails, the account may not be recoverable.

4. Review recent activity and mark attacker sign-ins

• When access is regained, sign in to the Security basics page.
• Select Review activity to open the Recent activity page.
• For any sign-ins or actions that are not recognized:
  • If they appear under Unusual activity, expand and select This wasn’t me.
  • If under Recent activity, expand and select Secure your account.
• This helps Microsoft lock down the account and guide through additional security steps.

5. Reset password and remove attacker’s 2FA and aliases Once back in the account:

• Change the password immediately from the Security basics page (Change password). Use a strong, unique password.
• Check and correct security settings:
  • Remove any unknown alternate email addresses or phone numbers from security info.
  • Remove any attacker-added sign-in aliases via Manage how you sign in (if accessible), so they cannot keep using their email to access the account.
• Reconfigure 2FA to trusted methods only (e.g., own phone, Microsoft Authenticator) and ensure no unrecognized devices or apps are listed.

6. If sign-in is blocked or security info change is pending

• If a message appears like “security info change is still pending” or access is blocked because the attacker replaced all security info, follow the guidance in the pending window:
  • Use Let us know if the change was not made by the account owner to trigger the unauthorized-change flow.
  • If the change was initiated by the owner and the old proofs are still accessible, use Cancel this request.
• Be aware that when all previous security info is removed and replaced, a 30‑day pending period can apply before changes take effect.

7. Handle the spam and protect contacts

• Do not approve any sign-in prompts or codes that are not initiated personally.
• From another email account, notify important contacts that the Microsoft account was compromised and that they should ignore suspicious messages from it.
• Consider using a separate, trusted email address for critical services going forward, as suggested in the guidance on leaked email addresses (e.g., one private address for close contacts and another for online accounts).

8. If recovery keeps failing

• Use the hacked-account helper again as described in How to recover a hacked or compromised Microsoft account and follow any offered path to contact support (such as chat) to report that the account is compromised and that 2FA is controlled by an attacker.
• If the automated recovery and support options cannot verify ownership, the account may not be recoverable; in that case, focus on damage control and securing other accounts that used this email.

References:

• How to recover a hacked or compromised Microsoft account
• What happens if there's an unusual sign-in to your account
• What to do if your email address is leaked
• My personal hotmail account hacked by hacker with authentication app enabled. - Microsoft Q&A
• My account got hacked. - Microsoft Q&A
• Hacker set up continuous draft ransomware email - Microsoft Q&A
• Need help with hacked microsoft account - Microsoft Q&A
• hello my email was (Moderator note: PII removed)@icloud.com and now its (Moderator note: PII removed)@jerkoffmail.com can please someone help me and the team change it my username in xbox is (Moderator note: PII removed) please help me team and change it - Microsoft Q&A