First things first; don’t panic.
Even though you may not want to accept this, millions of people are hacked every year. For the majority, the damage is minimal and the effects short-lived.
By following these tips, you can significantly lessen the impact should you get caught up in the next big data breach:
If a large site you are registered with has been hacked, chances are the company concerned will have a well-drilled incident response plan which will involve communicating with customers, either by email or through the website itself.
Make sure you keep abreast of any new communication put out by the company and act accordingly.
Do be aware, however, that some hackers may attempt to send phishing emails after a breach – just because a message says it comes from company X, it isn’t necessarily true.
You should immediately change your password on the site in question.
If you are one of the many people who use the same password across a number of online accounts, make sure you change your password for all accounts and, this time, pick a different one for each site you visit. You can use our password strength checker to see how good your passwords are.
Check the integrity of other accounts
Visit Troy Hunt’s excellent haveibeenpwned.com and enter your email address.
The site will return a list of any other data breaches that may be associated with that email account, giving you the opportunity to take corrective action there, too.
What if it’s your email account that has been hacked?
Having your own email account hacked is a scary thought, given the sensitive information it may contain, as well as the potential to use it for spamming friends and family members.
If it happens to you, regaining control of the account should be priority number one, using the forgotten password link on the provider’s website if necessary.
Once in, change the password for the email account and definitely go around all your other accounts and do the same – links to all of them probably appear in your messages and could tempt a hacker to go after them too.
Next, check your sent messages to see if an attacker has left obvious signs of abuse, spam or attempts to socially engineer your contacts into giving up their own credentials. Whatever you find, it may be wise to alert all your contacts anyway so they can be proactive in protecting their own accounts.
Lastly, remember you’ll need to update the password associated with your email account in other places, i.e. desktop email client, message app on your phone, email account on your tablet, etc.
Prepare for next time
Yes, there probably will be a next time as there barely seems to be a month go by without another huge breach hitting the news. Not only that, many people are also hacked on an individual basis, often because of poor security practices.
Lessen the chances of that being you by:
- Not visiting questionable sites
- Not opening email attachments in messages from strangers
- Disabling macros
- Making use of two factor authentication wherever it is available
- Having security software installed on your system
- Installing operating system and other software patches as soon as they become available
- Only ever using secured Wi-Fi connections
- Choose strong, hard to guess passwords. A password manager can help generate and remember complex passwords.