9 Things You Need To Do ASAP If You Think You've Been Hacked
Thanks to technology, almost every single thing you do on a daily basis has become easier. You can communicate with anyone around the world with a quick text message or email. You can shop online and have your purchases delivered right to your door, eliminating the need to go to a store in person. You can even quickly pay bills or send someone money with a few clicks or taps of a button.
Of course, with all that power comes great responsibility. To partake in the convenience of technology and use a variety of apps and services, you must be okay with providing a lot of personal information, most of which will be available online in some fashion. As a responsible internet user, you need to enable every available privacy and security measure to keep your accounts safe from nefarious users. What do you do when you inexplicably lose access to one of those accounts, though?
There are different types of hacking, but the most common for everyday users is when someone infiltrates your account by breaking your password. That someone then changes your password, effectively prohibiting you from being able to access your profile. If you are unable to log into any of your online accounts and suspect that you may have been a target of hacking, below are several suggestions of what you ought to do immediately.
Change all your passwords right now
If you're having trouble getting into your primary email address and think it may have been hacked, you must try to change your password and start the account recovery process as soon as possible. The email address you most regularly use is highly likely your main portal for password recovery for your other accounts, so a hacker who can access it may be able to use it to break into your other profiles.
Another thing you should keep an eye on is updating the passwords to accounts with a friends list or user connections, such as Facebook, LinkedIn, and other similar social media platforms. Any hacker who has access to your network can use it as a way to find their next victim. For instance, they could pretend to be you and entice someone to click on a malicious link designed to find a way into their account. As soon as you realize you can't get into your social media account, contact the platform's customer support and ask for assistance to regain entry and update your password immediately. When you regain access, review all the third-party services you've authorized to access your social media data and revoke permissions for those you no longer use.
It's important to note that using a complicated string of characters as your password is highly recommended—the harder it is to guess, the better. Avoid using the same password for multiple accounts, and stop using passwords that were set by default when you first signed up. To help you come up with impenetrable passwords and identify potentially weak ones that may need updating, consider using a password manager like 1Password, Bitwarden, or Dashlane, among many others.
Check your bank accounts and credit cards
If the suspected breach is on an online account that handles or keeps track of your money, you must first ensure that no weird transactions have occurred recently. If you think your credit card or debit card account may have been compromised and you can't log in, immediately notify your respective financial institution so they can stop any further charges from being placed on your account. Note that they may need to cancel your card and issue you a new one for security purposes.
To cover all your bases, comb through money-transfer apps like Venmo and PayPal and shopping apps like Amazon or Target that you normally use in conjunction with the payment option you're currently having trouble with. Review your transfer and order history for these platforms and make sure none of the recent activities are unfamiliar to you. If you find any that you don't remember making yourself, notify that platform's customer service and see if the fraudulent transaction can still be reversed. Update your password for these accounts as well.
Activate a secondary layer of identity verification and use passkeys
These days, having a strong password is not enough. Additional methods to authenticate your identity are recommended, usually through a mobile app, security key hardware, or fingerprint. Check your online accounts to see if two-factor or multi-factor authentication is an option, and if so, enable it whenever possible.
Two-factor authentication often refers to additional identity verification via a mobile device, either through a mobile app or a unique time-sensitive code sent by text message. Meanwhile, multi-factor authentication requires at least two forms of verification, including a facial or fingerprint scan, a secure USB key, a mobile app confirmation, or entry of a code sent via SMS on top of supplying your password.
Another thing you can explore is the use of passkeys. Instead of typing in a password, you can get into apps and websites through a face scan, fingerprint scan, passcode, or lock screen pattern. If an app or website supports passkeys, it's highly recommended that you upgrade your passwords to one as it's a more secure option. Because unique passkeys are generated through your device and stored locally, they cannot be guessed like a password can, making it harder for hackers to make you a potential target for phishing attacks.
Review all devices with account access
Most online accounts keep track of the most recent smartphones, tablets, and computers used to log in. This makes it easier for you to access your profile across all your gadgets. Having said that, a good habit is to verify that only devices you currently own and use are still associated with your account. This is especially important if you sold your old mobile phone, tablet, or computer or lost one of them and could never retrieve it.
Check your account settings to see if there is a menu that lists all associated devices. Suppose you find one you no longer use; remove it from the list or revoke its permission to access your account data.
Another thing you should do is check your account history. Usually, website transactions or app activities are logged in detail, including the type of device used, the location, and the time the account was accessed. Make sure that only your most recent devices and location are on the activity log.
Scan your computer and mobile devices for any malware
One way to tell your computer could be infected with malware is if you're experiencing a sudden lag in overall functionality, among many other things. Although there are plenty of potential reasons for this, sudden performance sluggishness is usually a sign of needing maintenance on your machine. As part of your upkeep, you should run a virus scan. There are free anti-virus programs you can try, as well as premium ones that offer more features for a subscription fee. Microsoft Defender is also a solid place to start if you have a Windows computer.
Any of these services should be able to detect or flag any potential problems with your computer and automatically remove any suspicious programs installed on your device. If you're more technically savvy, you can check out your computer's installed programs — if you notice any that was recently installed but was not there before, consider manually uninstalling it.
There are also anti-virus apps for Android phones that protect against malware and potential hacking. In general, iPhones don't really need third-party protection against viruses unless the device is jailbroken and contains apps not sourced through the App Store. In any case, regardless of your phone's operating system, it may be worth going through your apps and uninstalling any that you don't use that much — especially if you've encountered a disproportionate amount of pop-ups or suspicious-looking ads while using them. In addition, always keep your mobile phone OS up to date so that you have the most beefed-up version of whatever privacy and security features are offered.
Let your loved ones know using irrefutable means
Once you've been locked out of your account due to hacking, a domino effect of potential victims within your circle could be imminent. To avoid others from getting targeted by bad actors using your account to trick them into doing something ill-advised online, make sure you inform them that you may have been hacked. Let them know not to click any links that they may receive from "you" and that you do not need financial assistance no matter what your online profile claims.
If it can be managed, try to inform those closest to you, ideally through a phone call, video call, or in person, so they can verify that you are warning them. If this isn't possible for your wider network — like on social media, for example — consider posting a brief friends-only video of yourself explaining what happened to your account. Text messages, emails, and text posts can easily be faked, so seeing actual footage of you may be a more effective way of informing them to disregard any recent messages they may have received from your page.
Other habits you ought to consider to make it harder for hackers
Your password is the first line of defense to protect your online account. It's highly recommended that you routinely update it using a password manager every 6-12 months. A password manager makes it easier to generate a completely randomized string of characters. You can customize it to include lowercase and uppercase letters, numerals, and other symbols, depending on what the website or app requires. You can also pick a higher password length to make it even harder to crack.
In general, it's never a good idea to click on ads that appear in apps or websites, especially if they offer deals that sound too good to be true. All-expense-paid vacations are never really accessible through a random mobile game, just as any offer to make a quick buck that requires close-to-zero effort from the user is usually a scam. When in doubt, don't click on any ad. Do a quick Google search on any app or company name mentioned in the pop-up and check the ad claim's legitimacy. Similarly, do not click on a suspicious link even when it was sent to you by someone you know. Verify with the person — again, ideally through a phone call, video call, or in person — if they did indeed message you.
Finally, consider using a virtual private network (VPN) to encrypt your internet use and shield pertinent data like your personal information, web activity, and IP address, all of which hackers can use to attack your online accounts. We've rounded up the best VPNs you can use if you're looking for one to try.