Hackers have my details?
What should I do if I've been hacked?
Being hacked can have serious consequences, in other instances it can be just annoying and time consuming.
Use a VPN. For the best security, you should avoid doing online banking when connected to a network you don't control. Using a VPN (Virtual Private Network) encrypts your traffic so no one can read it.
If you believe you have been hacked, or a website you are registered on has been hacked the most important thing you should do straight away is change your passwords. Don’t wait, do it as soon as possible, and make sure it is a strong password. Also make sure your security question is changed too. We would also advise you to check your shipping or home address is correct and hasn’t been changed.
Never use the same password for your bank that you use on other websites. Make it unique
Reset Your Passwords
All banks carry online security information on their websites, including information about known frauds. If you suspect anything suspicious, contact your bank or financial institution immediately.
Your accounts, and any details associated with them are what hackers are after. If you can log into your account and change the password that is a great start. If resetting your password does not work, or your e-mail associated with the account no longer works on the site look for an account recovery option. If all options fail to reset the account, you must contact the company to have them recover it for you.
When changing passwords remember the considerations listed below:
- Never use passwords you have used before, especially on other sites.
- Passwords should not only have letters, you should always include numbers, spaces and other characters to make it as difficult as possible to hack.
- Never use passwords that relate to you, like birthdays, names, favourite football club etc.
- Your passwords should never be easy to guess. Passwords like QWERTY, 1234, password, etc. are far too easy to guess.
Note: If you are using the same password for more than one website or account you need to make sure you change them as soon as possible. Once your usernames and passwords have been hacked they are stored or posted on other websites and shared, meaning more hackers will attempt to use them.
Editor Note: Consider using a password manager - a program that stores all your passwords so you only have to log in once - but make sure you are satisfied with the security strength of the password manager software.
Check your computer and other devices
In cases where one of your accounts have been hacked, but the company hosting the account has not mentioned a security breach, it is possible that your computer or other device has been the source of the attack. Do remember though, some companies do not go public with security breach details as fast as they should, or they may not have noticed themselves.
Make sure to scan your computer for any spyware and malware that may be stealing your account details or logging your keystrokes for login and other personal details. If you do not have any security software already installed, install some.
Tip: If malware is found on your computer you may want to reset your account passwords again, as infections may have logged your new password.
Verify Account details
When you are changing your passwords, make sure to check everything else, including your contact or shipping address.
If the account authorizes any third-party programs or apps (e.g. Facebook and Twitter) make sure no third-party apps have rights to your accounts that you haven't given permission. Best advice is to delete any app you are unfamiliar with or do not remember installing.
Let your other contacts know about the hack
If your e-mail account or any account with contacts is hacked, let your contacts know about the hack. Hackers often gain access to other accounts by using affiliated accounts since people are not as suspicious of e-mails coming from someone they know.
Verify Past Posts
If your social network (e.g. Google+, Twitter, or Facebook) has been hacked make sure there are no posts or messages that have been made on your behalf. Social network accounts are hacked to help spread spam, malware, and advertisements on your behalf, don’t think it won’t happen to you, it could.
New Accounts Setup
If a hacker gains access to your e-mail, they often use your e-mail address as a way to setup new accounts. Check your inbox, sent items, and trash for any new account notifications using your e-mail address. If new accounts have been created, you can try logging into those accounts by using the reset password feature and then delete the account.
Hackers are gaining access to a number of high profile companies and websites. Listed below are some of them.
In September 2016 Yahoo released a statement saying "state-sponsored" hackers stole the data of about 500 million users in what could be the largest publicly disclosed cyber-breach in history.
In July 2015 real-world account details of millions of people using the Ashley Madison site were leaked. They had all been using a site intended for married people who wanted to find somebody to cheat on their spouse with.
In October 2015 the UK phone and broadband provider TalkTalk suffered an attack. Customers' bank account information and credit and debit card details accessed. The total number of customers who had data stolen is believed to be 157,000, and some customers have lost significant amounts of money as a result of the hack. It was reported that 4 people were arrested for the attack, all of them under 21.
It was discovered in May 2016 that an additional 100 million LinkedIn email databases and hashed passwords were available online, presumably from the 2012 hack.
Between May and July 2017 Equifax reported that hackers had accessed credit card numbers and other information for about 210,000 consumers. They also estimated that about 143 million US customers may have had information compromised in the cyber security breach. The report did not get into the main media until beginning of september 2017.
Australian security expert Troy Hunt has created a very useful website called haveibeenpwned.com that helps you find out if your account (email address or username) has been compromised. It cross checks with over 1,448,768,722 accounts from over 144 compromised websites that have been reported.