I've Been Hacked! What you need to do fast.
Target. Home Depot. The IRS. The Social Security Administration. Fitbit. LinkedIn. Time-Warner Cable. Twitter.
What do they all have in common? They've all been hacked on a major scale.
The list of companies and organizations getting hacked is diverse and long, accounting for millions upon millions of email addresses and more, stolen from customer/client databases that, as it turns out, weren't as secure as hoped.
And if you have an account with a company that's been hacked and is in the news, there's a good chance the hackers may have stolen your username and password.
And they're very happy to have it.
If a company you do business with has been hacked (their computer network has been "breached"), you need to think seriously about taking immediate measures to protect yourself. Sure, you could wait to see if there's evidence that you've been hacked. But remember—it could take weeks or months for the news to come out, and in the meantime, your accounts could be at risk.
You can't simply keep your fingers crossed and hope for the best—you must take control of the situation. And if indeed you have been hacked, you must take fast, decisive action.
Here are the most important steps that Internet Security and IT experts advise you take, if you've been hacked or suspect that an organization you do business with has been attacked:
1. Change your passwords. Make them tricky and hard to guess.
Hackers love stealing email addresses and passwords, together or individually, because they know that most people are predictable and will use the same password for different accounts. If they get only the email address, they count on people using simple passwords that are easy to crack (1234, etc.). That's why you need to change the password you used for the company that's been hacked... along with your other passwords. (Does that sound like a hassle? Well, if you don't use the same passwords for different accounts, it won't be.) By changing passwords, you might avoid having your account hacked.
2. Take a close look at the "hacked" account.
If you heard there'd been a prowler in your neighborhood, you'd be sure to double-check that all the doors in your house were locked. It would also be a good idea to check if the prowler hasn't already come in your home and taken a few things without your being aware of it! Similarly, if you hear of a major hack, take a close look at your account activity with that company, and others. If you use the same username and passwords, you could find that hackers have already gotten into other accounts. You may have to do account recovery or repair in several areas.
3. Get your account back to normal status.
Major companies such as Facebook, Twitter, and Microsoft have experience responding to hackers' attacks, which means they have a process for helping you get your account back to normal if it has been compromised.
If there HAS been a problem, they'll notify you by email and tell you what to do. Just BE SURE of two things:
- There has been a documented attack.
- The persons reaching out to you via email are indeed with the company! Verify that everything is legitimate before proceeding.
4. Tell friends and family you've been hacked.
You're not looking for sympathy here or sharing bad news—you're alerting people you communicate with that your email account has been hacked and that the hacker may send strange messages in your name, looking for more victims. Your message to friends should simply be, "Keep your eyes open and your guard up if you see suspicious emails from me!"
5. Keep an eye on your financial or credit accounts.
It happens all the time. Hackers get just enough information to hack into a credit or debit card account to make fraudulent purchases (usually online) where they can get away with it. Hopefully, your bank has systems in place to track suspicious activity. You can do your part by opening up your at-risk accounts and checking your account activity yourself. You'll know better than anyone if a purchase was yours or authorized by you or not.
6. Scan your computer for viruses and malware.
If you believe hackers have somehow gotten into your email account, you need to find out if they've gotten into your computer with malware (dangerous software that can take over your computer). You'll want to run a security scan of your computer using a leading antivirus program and malware detector, which can help you find and eliminate any programs lurking on your hard drive, waiting to do more damage.
7. Reinstall your operating system and backup data.
If you suffered a legitimate hack on your system, you may want to consider reinstalling your operating system, wiping your hard drive clean and retrieving your backup files. Unless you're technically savvy and comfortable with the idea, you may want to get help from an IT professional—someone you trust. Because the last thing you want is to transfer damaged files from an infected PC or hard drive to a new one.
Back to normal. Maybe.
Those are the steps you'll need to take if you suspect or know that your computer or personal information has been compromised. Hopefully, you've been able to avoid that drama so far.
To continue staying safe, it's important to break old habits that put you at risk and develop new practices, many of them simple steps. You can keep hackers out of your life by making it harder for them to find a way in and shoring up your defenses when you hear that they're hard at work.