What To Do If You’ve Been Hacked
We recently published an article giving some advice on how to bolster your security by using multi factor authentication to supplement the security provided by your password.
But what if it’s too late?
What if you’ve already been hacked? What if you wake up one morning to find that you’ve been locked out of your email account and someone else has taken control? Or perhaps you realize that your smartphone or laptop has been stolen, along with all the sensitive account information it contains.
Don’t panic. As would be the case were a physical asset to be stolen (like a wallet), you need to focus on recovery.
In this article, we want to give you some things you can do to regain control of your accounts and information. The following suggestions are not necessarily an exhaustive list, but will go a long way towards putting yourself back in charge of your online presence.
1. Immediately change the passwords on all your affected accounts. This may mean contacting the service provider (PSMail, Google, Facebook, etc.) to regain access to your account if you’ve been locked out. Once you’re back in, change your old password to a new one and be sure to follow all the common advice about creating difficult passwords: make them long, don’t use dictionary words or numbers that have personal significance to you, don’t reuse the same password on multiple sites, etc. Also, you should change your security questions/answers and use multi factor authentication when available. You can read more about these last two suggestions here.
2. Make sure you contact others who may be affected via the hack of your information. Some hackers will use your contact lists to send spam or to ask for money in your name (“I’m in Mexico and have lost my wallet. Could you loan me…”), so let your Facebook friends, email contacts, etc. know that they should be on the lookout for scams. Also, if it was your email account that was violated, consider what information might have been in those emails. Is there anyone whose financial information or sensitive personal information might now be out in the wild? You should probably let them know.
3. If you still have access to your computer, check for viruses and malware. If you don’t already have an anti-virus product on your computer, get a trusted one and make sure your device is clean. Also, make sure that you’re running the most updated version of your operating system so that you’re machine has all the latest security patches.
4. Make sure the hackers haven’t left themselves a backdoor to reenter your email account at their whim. Sometimes they will change your settings to automatically forward all of your email traffic to themselves, so check your settings and make sure there are no strange forwarding addresses.
5. Consider all the apps that may be linked to the login information that was compromised. Many apps use the same credentials (like your Facebook or Google accounts) to log in and use their services, which means that hackers very well may have access to those accounts as well. It’s a good idea to go through and de-authorize those connections. Then you can re-authorize them as you see fit. This process will prevent a hacker from maintaining access to these apps (and their information) even after you’ve changed passwords on the accounts that were compromised.
6. Finally, be watchful. Monitor other accounts – especially financial accounts like credit cards and banks – for any unusual activity.
Caution and preventative measures can go a long way towards bolstering your security and decreasing the likelihood that you will be hacked. However, despite your caution, it is still possible. So be ready. Quick action at the first signs of a problem can go a long way to mitigating the damage that can be done.