Up until now we have covered site-specific login guides and login related security tips here on the site. You find a selection of popular posts in the sidebar, for instance our Security 101 guide or how you verify that you are on the right website.
What we have not talked about yet is what you need to do when your online account got hacked. This does not necessarily have been your fault, as servers and databases can get hacked as well. Depending on how the passwords were protected and the password that you have used on the site, it may as simply as copying and pasting the password for the attacker, or near impossible to get hold of it.
There are things that you need to do in such an event, and these things need to be prioritized so that you start with the most pressing and important matter before you continue with tasks that do not need to be prioritized.
Resetting / Changing the account password
The very first thing that you need to do is regain control of your account. For web services, you should check if it is possible to log in to the service that your account was hacked on. If it is, change your password right away, and make sure you select a secure password. You should also change your security question and the answers to be on the safe side.
If you suspect that a virus, keylogger or other malware has been used as part of the attack you should start with the virus scan in the section below.
If you cannot sign in anymore, you should request a password reset. If the attacker has not yet changed the email address of the account – if possible at all – you will receive an email with instructions to reset the account password.
If the email address has been changed, contact site support and use Urgent: in the subject of the message. Most sites have forms that hacked users can use to expedite the process.
One example: If your Facebook account has been hacked by someone, visit the password changing page on the site. You need to log in to access the page, and type in your current password and the desired new password.
If you can’t log in anymore, use the forgot your password link to request a new password. Check out additional Facebook log in issues here.
Scan the computer system
It is important to verify that your computer has not been used in the attack. Someone could have planted a virus or other malware on the computer to steal your login credentials this way. If that is the case, changing your account password won’t be of help as the virus has not been removed yet.
Here is a selection of free antivirus software that you can use to scan your system for malware:
Use a minimum of two of the scanners provided here to make sure you catch any malware that may be on it.
If you have used the same passwords on multiple accounts, you should now visit each individual website to change the password there as well. I strongly suggest to select a different password for each service to improve protection and avoid situations like the one your are in right now.
Password managers can help you remember all those passwords, so that you can select secure passwords without having to worry about forgetting them right away. I do not think there are many out there that can remember twenty or more passwords that look like this one: G5vy_t!gIop43<2d2″Df3g
Good password managers not only remember all but one password for you, they also come with options to generate them for you.
I personally would go through all accounts by importance for you. You should obviously start with accounts that are linked to finance and shopping. If you have the choice between changing the password of your Twitter account or your bank account, you should obviously start with the bank account.
If you have found malware on your system, you should go the extra mile and change passwords of all your accounts just to be on the safe side of things.
Even if you have taken care of all the things above, you should make sure you monitor your accounts and related things carefully for irregularities. If you can, ask your friends to keep an eye on your account as well.
You should also pay close attention to shopping and financial sites, e.g. Amazon or PayPal to make sure that no one is taking advantage of you on those sites.
Getting hacked is one of the worst things that can happen online, as it requires you to spend time fixing the issue. And while you can mitigate some of the risks by selecting secure passwords and the like, there is no option at all to mitigate the risks on the server side.