Following our expert recommendations to determine if your information has been exposed can be instrumental in protecting yourself against fraud or other financial harm, but what if you’ve already been hacked? ArmorPoint Security Analyst Ven Auva’a outlines the steps you should take to remediate the situation.


I think my account been hacked! Now what?

Taking these steps when your information has been exposed can be instrumental in protecting yourself against fraud or other financial harm, but what if you’ve already been hacked? Have you received legitimate alerts from a social media account about suspicious logins from devices you aren’t using? Or have you noticed messages in your outbox that you don’t remember sending? These are signs that your account has been hacked and there are steps you should take to remediate the situation.

Change your password and double-check your settings.

Of course, the first thing you should do if you suspect someone else is signing in to your accounts is to change your password! Once you’ve done that, look through your account and security settings for anything out of place. The first thing a hacker or cyber attacker often does when they gain access to your account is establish a way to regain access to your account — this means adding in their own recovery phone number or email address and/or changing your account recovery questions!

When you revisit your security settings, be sure to double-check the recovery email addresses and phone numbers very closely. For email accounts, you should also check your mail-forwarding settings; make sure the intruder didn’t set up any unwanted forwarding rules for your sent or received mail!

But what if you’ve already been locked out of the account?

If your account has definitely been hacked and you’ve been completely locked out, there are still ways for you to regain control. Each provider or platform will have different processes for dealing with hacked accounts, but the one thing that they have in common is that they will deal with them. You will likely need to provide additional verification or submit further documentation, but it will be worth it to get your accounts back.

It’s not a good idea to leave any old accounts hanging around at all. If you have any old/unused email or social media accounts, consider removing or deleting them as a general precaution.

Ven Auva’a
Security Analyst
ArmorPoint

The one thing you definitely don’t want to do is nothing. Even if you were planning on getting a new email address anyway, it is not a good idea to just leave an old account under the control of a hacker! On that note, even if your account hasn’t been hacked, it’s not a good idea to leave any old accounts hanging around at all. If you have any old/unused email or social media accounts, consider removing or deleting them as a general precaution.

Tell your family, friends, and other connections that your account has been hacked!

It’s important that you inform the people in your networks that your account has been compromised, in case your account intruder sent messages to others in your network in order to gain access to their accounts. Be sure to provide as much information as possible, such as how long you think the intruder had access to your account; this can help others judge whether or not a message they received from you is legitimate.

Review your account activity.

For social media accounts, look through your recent posts, comments, and other activities; hackers will often take over social media accounts and share malicious sites to spread their reach to more users. Similarly, for email accounts, look through your recent sent messages to see if the intruder sent any messages to your contacts. Don’t forget to check the Deleted Items folder as well; hackers will try to hide their tracks by deleting their sent messages, but often don’t go the extra step of emptying the Deleted Items folder.

If you recognize that an intruder has contacted any of your contacts, it’s important that you reach out and notify them! Don’t copy any of the links or content from the fraudulent messages, but share with them that you recently experienced an Account Takeover and that you have now regained control of your account. Note the dates and subjects of any messages the intruder sent and recommend that they review their accounts for any suspicious activity as well.

Monitor your financial accounts.

If an intruder has already made their way into one of your email or social media accounts, then it’s pretty likely that they’ve gotten into one of your financial accounts as well – especially if you reuse the same password across different accounts. Even if they don’t necessarily get into one of your financial accounts, they may get into one of your shopping accounts; if you shop online regularly and store payment information at your favorite vendors, intruders may be able to make purchases using that stored payment information.

For these reasons and more, you should keep a close eye on your financial account transactions following an account hack; remember: the sooner you notify your bank after you notice fraudulent transactions, the less likely it is that you will be liable for those charges.

Scan your computer and other devices for malware.

The intruder may not have stopped at infiltrating your inbox! By monitoring your social media or email interactions, intruders are able to insert themselves into your digital conversations; hackers often use this technique to trick businesses into sending fraudulent wire transfers or to trick users into installing malware onto their devices. If you know someone else has been logging into your accounts, it’s a good idea to also scan your devices for malware just in case they’ve managed to sneak something malicious onto your system.

PCMag put together this list of their top picks for free consumer antivirus protection in 2020 and TechRadar put together these 2020 lists for iPhone security and Android security.

Restore your backups or reinstall your operating system.

In the worst cases of computer virus infection or hacker intrusion, you may need to restore your computer or other devices from their backups or even reinstall the operating system completely. This is definitely a step to take only if you are absolutely certain your device has been compromised, and should really only be completed by those who feel comfortable dealing with backup restoration (or by those who feel comfortable with losing their data!). If you feel your tech skills may not be up to the task, you can enlist the help of professional IT services and they can help you get back to a state of digital normalcy.

And that’s it! Those are some of the steps you should take after you find out your information has been exposed or one of your accounts has been hacked. Keep in mind this is by no means a complete list of actions one should take following a breach or a hack. In actuality, most of these behaviors are simply habits that everyone should work into their regular daily browsing in order to practice good digital hygiene. It may seem like a lot at first, but once you get into the habit of keeping these secure behaviors within your frame of mind you’ll find yourself doing these things without even thinking about them.


Ven Auva’a, a security analyst at ArmorPoint, is an experienced cybersecurity professional who has a passion for security analysis, threat investigation, and security awareness education.  Connect with him on LinkedIn.