Contain the Damage

OK, now that you know the scope of the damage and have a prioritized list of which accounts can easily be hacked it is time to do damage control.

PLEASE NOTE: this section deals only with accounts that you do no longer have access to!

Strange as it may sound, the first thing you have to do is to forget about the hacked account. This may or may not be recoverable, but it is, for now, lost. I suggest focusing on saving the accounts that have not been hacked – YET. Like I said, the truth is that once someone has hacked one of your accounts and especially if this is an e-mail account, then their next line of business is to try to figure out which other services you use and try to hack these.

Even if it is not your primary e-mail account that was hacked, it is a good idea to change the password associated with that account first, regardless if you use that password elsewhere. The reason for this is that it may be hacked, you just don’t know it. So changing the password will lock out  the hackers and allow you to send reset-password requests from other service providers to your now secure e-mail address.

Setting up a new e-mail account (IF NEEDED)

So, if it is your e-mail account that was hacked, start by setting up a new email account. Make sure your new e-mail address resembles your real name since chances are you will have to beg and plead on your knees trying to get access to your old account.

Below is a list of free e-mail providers and the links go to their e-mail account creation pages:

Changing the Passwords

Now, try logging in on each account on your list based on the prioritization and security exposure.

If you are able to log in to your account – change the password & write down the changed password and the service provider’s name on a piece of paper.

Now, in contrast to all security experts my advice is that you do write down your passwords. The reason for this is that if you write it down then you can have more advanced passwords and not worry about forgetting them. More importantly, if you store the paper with the passwords in the safety of your home inside a book on the bookshelf, for instance, in reality, the chances of anyone finding it are very very slim! So my advice – come up with more complicated passwords, write them down and hide the paper in a book on a shelf. Guide on coming up with secure passwords.

If your e-mail was hacked – try to change the e-mail account associated to the service you just logged into to the new e-mail account. This can usually be done in the settings. Consult the help section of the service provider or simply contact their user support to ask for instructions.

Many services use some form of validation questions to reset the password associated to your account. In theory, only you should know the answers to these questions. In practice, if you use easily guessable questions and answers, anyone can guess these – just ask Sarah Palin!

If you used the same verification questions and/or answers on your hacked account, change these too.

Remember, the answers you provide for these questions do not actually have to be the right answer. As a matter of fact, since hackers usually use these services to reset your password, the answers should NOT reflect the easily guessable truth. For example, the birth-place of your mother could just as easily be “Merced3s Benz California” as “New York”. Obviously, you have to remember the answer you provided but that is why we have our paper with our passwords on it.

 

Next we will look at fixing the damage to the hacked accounts by trying to re-gaining access to these