There are literally hundreds of millions of email addresses and account details stolen by hackers each year, sometimes in a single massive breach, such as the Equifax attack from a few years ago (when the personal data of 143 million US citizens was stolen, more than half the adult population), but sometimes directly from your own computer. Being the victim of a hack sounds scary to most people, but while you should take it seriously, there is often no need to panic. If you think you have been hacked, just follow the instructions here to get you online life back on track.
Hacked? How Will You Know?
You may hear about a big data breach in the news, or from friends and colleagues, and if the company hacked is one you have accounts with, it is worth following all of the steps below just in case. Often, the first you will know about being hacked is a call from your credit card company or bank about unusual activity, or from friends/relatives suddenly receiving strange requests for money from you.
Many of the large email providers, such as Gmail, will alert you if there is a new login to your account from an unrecognised location or device. Or you may simply find that you have been logged out of an account and your password is no longer working.
The most important thing is not how you discover how you have been hacked, although we urge you to keep a close eye on all your online activity, but how you act immediately after you find out.
You can check if your email address has potentially been involved in a data breach by entering it in to the Have I Been Pwned website.
What To Do Next
Even if you think only one account has been targeted, you should still move to protect ALL of your important accounts. This is especially true if you main email account has been breached, or if you use the same email and password for all of your online accounts.
Change Your Passwords
The very first thing you need to do is change all of your passwords, especially for your email account, banking accounts, credit card accounts, PayPal, etc. Many online accounts now offer 2-step verification, which adds an extra layer of security by sending you a passcode each time you try to log in. If this is available, set it up as soon as possible.
If your email account password has been changed by the hacker, you will need to contact the provider and prove you are the rightful owner of that account. For Gmail, there are instructions for recovering a hacked account here. The other main email providers should offer similar advice.
Check your bank and Credit Card Statements
Check both your bank account and credit card statement for any unusual activity (online and immediately if possible, but if not contact your bank/credit card company and ask for a statement). It is also worth informing both your bank and credit card company what has happened, so that they can be aware and alert for any unusual activity in the near future.
Having to get new cards issued may be a hassle, but it is less hassle than trying to sort out the mess left when a hacker starts buying things using your card details.
Recover Your Accounts
Major companies such as Google, Facebook, Twitter and Microsoft are well aware of the possibility of accounts being hacked, and most offer processes to get the account back to normal. Indeed, the company may well be the first to realise an account has been hijacked and shut it down for you. Head over to the homepage of the website in question and check the knowledge base/help desk for advice on what to do next.
Just remember that if you get an email from Facebook, Twitter, etc., telling you that your account has been breached, make sure that it is legitimate and not someone phishing for your login information. You can read more about spotting scam emails here.
Examine All Your Accounts Carefully
This includes banking, email, online shopping accounts, especially if you use the same password for multiple logins. Check your email inbox and sent mail box for things you haven’t signed up to or sent. Think about how you recover a forgotten password on almost any website: You request a password reset to your email address. If someone has got hold of access to your emails, they could do the same.
Look for any unusual activity at all, and if you spot some, contact the website or company to let them know your account may have been breached. Often, they can help you sort it out the fastest way.
If your email account has been taken over, and the password changed, you will need a way to prove that you are the rightful owner. This is why it is important to have two separate email addresses, as you can usually use a second email address as the alternate contact for the main address.
Scan Your Device For Viruses/Malware
If your computer has been infected with a virus or malware, this could be where the hacker got your details, so none of the steps above are any use if the underlying source of the breach is still sitting on your device waiting to send all of your updated information to the hacker. Run a complete virus scan, using reputable scanning software from the likes of Norton, Kaspersky, Panda or McAfee.
If using Windows 10, then the Windows Defender tool offers an Offline Scan, which can find even particularly well-hidden malware on your computer. This scan will take at least 15 minutes to complete, but is the most in-depth scan offered by the free anti-virus software.
Contact Friends, Family and Colleagues
If you think that your email or social media account has been hacked, contact friends, family and colleagues top let them know. There have been many cases where a family member or friend has received an email supposedly from a stranded person, asking for help (in the form of money) so that they can get home. Making people aware, means they will be less likely to fall for this sort of scam.