What To Do If You’ve Been Hacked

Being hacked – whether that involves a breached account or malware on your device – is horrible, for so many reasons. Not only does it mean sensitive information could lie in the hands of certain dodgy people, it also feels like an intrusion of your personal digital space. But on top of that the admin involved in sorting the issue can be a headache. And when 10 billion (yes 10 billion) accounts have already been part of a data breach, it’s a very real threat.

Because time is of the essence when it happens it’s important to know the steps to take in order to nip the security issue in the bud. But there’s no emergency number as a first port of call, or even a one-size-fits-all solution.

To cover your bases, we’ve put together a checklist of actions to help limit the damage done. So if you ever suspect a hack, these are the things to think about

Guess the hacker’s goal

Depending on the level of information you have, you might be able to work out what the hacker wants to gain. For example, if a friend has texted you to flag your strange social media posts with a dodgy-looking link, you know the scammer is trying to manipulate your social circle by impersonating you. Once you know their goal, you can work to shut down that hack – in this case, by changing your passwords immediately and deleting posts that you didn’t write. It could also mean you’ll need to call your bank to alert them if your financial information may have been compromised.

Reset your password

Even if the reason for the hack isn’t clear, it’s wise to change your passwords on the site that’s been hacked, as well as any other sites for which you use the same email/password combo. Start with email accounts as these can lock and unlock other accounts. Don’t forget to pick a secure password to avoid another hack and use different passwords for different accounts. The major caveat to doing this almost immediately is that you’ll need to be reasonably confident you’re using a device that hasn’t been compromised through a virus or malware (ie programs that compromise the device’s security). If it feels likely that the device isn’t secure, first you’ll need to…

Perform a security hygiene check on your device

By which we mean run a virus check on your device, assuming you have a good and up-to-date antivirus program (if not, now’s the time to get one). Then, ensure you delete any malware. Finally, update your software so that you’re running on the latest versions, as these will have security fixes for known issues. Once that’s done, you know your device is Fort Knox like and any security changes you make are unlikely to be passed on to spying hackers.

Recover your accounts

If you can’t access a breached account because a hacker has already changed the password (in other words, if they’ve hijacked your account), sites will allow you to take back control after they’ve verified a few details. The way in which this is done varies from site to site – for example, Google asks a few questions and then asks you to review your details, while Microsoft asks you to fill out a form using an alternative email address as a contact point.

Check your activity

Once the immediate threat is dealt with and your device is as secure as it can be, it’s time to look at your other accounts and devices to make sure they’re all safe and sound. It’s a case of logging off and logging on again, and looking for any unusual activity, like new posts on social media sites, new delivery addresses or payments on e-commerce sites, and sent emails or new forwarding rules on email accounts.

Let your social circle know

Finally, it’s worth giving a heads up to your friends and family in case they’re contacted by the identity thief, who, for example, might ask for a few quid to be transferred while pretending to be you. It also serves as a reminder for them to run an anti-virus check, update their software and make their passwords more secure. With any luck, a hack can be neutralised quick enough, but prevention is always better than cure.