Are you getting notifications about weird login attempts, or can’t access your social media accounts all of a sudden? Is your computer slow and unresponsive? If so, it looks like you might have been hacked. It’s not uncommon, and it doesn’t have to be your fault, either.
While you should take the incident seriously, keeping a level head will help you get through it with minimal consequences. Here’s a practical, step-by-step guide on what you should do right away and how to become more resilient in the future.
Disconnect from the internet
Determining the hack’s scope is the first thing on your list. It might have happened because of a data breach, which isn’t something you can control. However, you might have also clicked on a shady link and downloaded malware onto your PC. This can slow it down, cause strange popups to appear, or leak your account info.
Malware can’t send data back to the hacker if your system is offline, so drop the internet connection until you’re sure it’s clean. Run a thorough systems check and use a different device to download anti-malware like Malwarebytes and have it run a scan. Quarantine and remove any threats it finds.
A scan might not uncover all the sneaky changes the malware made, like adding processes to the startup, creating new users, or replacing core files. It’s best to revert to a backup version you made well before all of this started. As a last resort, you can always back up crucial files and create a clean OS install.
Retake and secure your recovery email
Hacks don’t have to target your hardware to be devastating. A single compromised account may affect many others, especially if it’s the one for your account recovery email. That’s the account you’ll want to check and secure first.
Start by making sure you aren’t locked out. If you aren’t, you can change the email’s password and security question, as well as add or change the secondary email you can recover this one from. If not, you’ll need to set up and secure a new email first, since the hackers will immediately get wind of login and password change attempts to other accounts otherwise.
Secure affected accounts
You can now start to tackle individual accounts you suspect of being hacked. If you still have access, first make sure that there are no changes to the recovery methods you control, like emails and phone numbers. Then, have the account log out and forget all devices it’s associated with. The same goes for OAuth tokens (quick sign-ins via Google, Facebook, etc.). This will make it impossible for hackers to keep using the account through session hijacking. You can then log back in, reset the password, and make sure that multi-factor authentication is both on and tied to either the phone you use or the secure email.
Reset passwords
It’s essential not to use old or weak passwords and variations. Cracking one is easy and automatically puts the others at risk. Luckily, you don’t have to come up with or keep remembering strong passwords yourself.
A password manager is a safer and more convenient option. It can instantly generate as many long, one-of-a-kind passwords as you need. The manager also securely stores passwords in an encrypted vault and can fill password fields in automatically. Trustworthy managers also let you sync vaults across devices while having zero knowledge of their contents.
Although you may need a paid plan to unlock every feature, you don’t have to spend a lot. Many password managers run frequent discounts that bring premium features down to a reasonable price. If you’re considering a premium provider, it’s worth checking for deals and feedback like NordPass review before you subscribe.
Monitor for suspicious activity
Getting your accounts back doesn’t mean you’re out of the woods yet. Rather than the accounts themselves, the hackers may have been interested in the personal and financial data associated with them. If that’s the case, they might start charging your credit cards or even sign up for new ones by posing as you with the stolen information.
This is frustrating since there’s no instant fix. You can have the bank freeze your accounts in the short term, but you will have to keep a close eye on credit card statements for a while to spot suspicious charges. It’s also a good idea to sign up for credit reports to spot signs of identity fraud in time.
Prevent future hacks
Bafflingly, a lot of people do NOTHING after being hacked! Not much about your digital lifestyle has to change; you should just adopt a few good cybersecurity habits that aren’t a hassle but make a difference. At a minimum, you’ll want to:
- Make sure all your devices are up to date and enable automatic updates
- Use a VPN whenever you connect to an untrustworthy network like public Wi-Fi
- Delete old and unused accounts
- Change your home router password
- Regularly back up important files
Add a cyberaware and vigilant attitude to the list above, and you’ll be far less likely to run into issues. Some hacks aren’t your fault, but you should still be careful about when and where you share personal information.
Conclusion
Getting hacked is stressful, but it’s usually fixable if you act fast and clean up properly. Once you’ve regained control, lock things down with strong unique passwords, MFA, updates, and regular backups so it’s much harder to happen again.
