What should I do if I've been hacked?
If you believe you have been hacked or a company that is hosting your account has been hacked the most important thing you should do is change your passwords.
Reset your passwords
Your account and account details are what most hackers want. If you cannot log into your account, try resetting your password. If resetting your password does not work, or the e-mail associated with the account no longer works look for an account recovery option. If all options fail to reset the account, you must contact the company to have them intervene.
When changing your password keep the considerations below in mind:
- A password should never be easy to guess. Passwords like 1234, password, etc. are easy to guess.
- Don't use passwords that you've used in the past.
- Passwords should have letters, numbers, spaces, and other characters.
Note: If you are using the same password for other accounts (which is not advised) you need to change your other account passwords to a different password. Once a hacker determines your username and password that information is stored and often shared and can be used to compromise other accounts.
Tip: If you have a difficult time remembering all your passwords use a password manager to store them safely.
Tip: If two factor authentication is available for the service you're changing the password with we also highly recommend enabling it as well.
Check your machine
If the company your accounts are hosted by did not notice or mention a security breach, it's possible you or your machine have been the source of the attack. Make sure to scan your computer for any spyware and malware that may be stealing your account details or logging your keystrokes.
Tip: If malware is found on your computer you may want to reset your account passwords again, as infections may have logged your new password.
Verify account details
After all of your passwords have been changed if your accounts have any shipping information make sure the shipping information is still your address.
If the account authorizes any third-party programs or apps (e.g., Facebook and Twitter) make sure no third-party apps have rights to your accounts that you haven't given permission. Best advice is to delete any app you are unfamiliar with or do not remember installing.
Let your other contacts know about the hack
If your e-mail account or any account with contacts is hacked, let your contacts know about the hack. Hackers often gain access to other accounts by using affiliated accounts since people are not as suspicious of e-mails coming from someone they know.
Verify past posts
If your social network (e.g., Google+, Twitter, or Facebook) has been hacked make sure there are no posts or messages that have been made on your behalf. Social network accounts are hacked to help spread spam, malware, and advertisements on your behalf.
New accounts setup
If a hacker gains access to your e-mail, they often use your e-mail address as a way to setup new accounts. Check your inbox, sent items, and trash for any new account notifications using your e-mail address. If new accounts have been created, you can try logging into those accounts by using the reset password feature and then delete the account.