Things To Do Once You Have Been Hacked
Ask Yourself Why?
Step back, and ask yourself a more basic question: What was the reason for the breach? If it was your bank account, the answer may be obvious. In other cases, such as e-mail, it can be for a host of reasons — from using it to send spam, to requesting money from your contacts, to getting password resets on other services. An attacker may even be trying to gain access to your business. Knowing why you were targeted can also sometimes help you understand how you were breached.
Reset Your Passwords
Immediately change the password on the affected service, and any others that use the same or similar password. And, really, don’t reuse passwords. You should be changing your passwords periodically anyway as a part of routine maintenance. But if you’ve just been hacked, it’s now more urgent. This is especially true if you reuse passwords, or use schemes that result in similar passwords (like 123Facebook, 123Linkedin, 123Google).
Update and Scan
There’s a possibility that the attacker got in via your machine. Almost all malware is installed by victims themselves, if unknowingly. And if something nasty is on your computer, you need to get it off before you start a recovery process. Make sure you are running the most recent version of your operating system. Download a solid anti-virus product and run a scan for malware and viruses that may have been the source of the attack. This is the most basic thing you can do, so do it now. And moreover, use a brand-name commercial program that you pay for.
Take Back Your Account
Most of the major online services have tools in place to help you get your account back after it has been taken over by someone else. Typically, you’re going to need to be able to answer some questions about your account. Typically you can find your way back in by searching for its name plus “account recovery.”
Check for Backdoors
Smart hackers won’t just get into your account, they’ll also set up tools to make sure they can get back in once you’ve gotten them out. Once you have your accounts back, you should immediately make sure there isn’t a back door somewhere designed to let an attacker back in. Check your e-mail rules and filters to make sure nothing is getting forwarded to another account without your knowledge. See if the answers to your security questions were changed, or if those questions themselves have changed.
Follow the Money
If there is an element of commerce involved in the affected account, thoroughly review any activity on that account. Verify that no new shipping addresses have been set up on your account, no new payment methods have been added, or new accounts linked. This is especially true of sites that let you make one-click purchases, or issue payment cards.
De-Authorize All Those Apps
This is one of those non-obvious but important steps. One of the first things you should probably do if you’ve had an account compromise is de-authorize all the associated apps that use that account for login or for its social graph. If a hacker has used it to authorize another device or service, and remains logged in there, simply changing your password won’t get them out. The best bet is to pull the plug on everything you’ve given access to. It may be a pain to go back through and re-authorize them, but it’s less so than leaving a malicious individual lurking in your account.
It happened to you, so it may happen to others around you. Don’t be secretive. Report It.