What to do if your accounts have been compromised
Data breaches are rampant nowadays and have also put ordinary users like you and me at risk. Like the recently reported breach, compromised email addresses and passwords that are possibly used for work, social media accounts, and financial services, are left open to be used by cybercriminals. So if your accounts have been compromised, or “pwned”, what are the necessary steps that you should take? We hope this article can help you with that.
What is a data breach?
A data breach, by definition, “is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.” Data like your email addresses and passwords should not be exposed or released to the public or to any entity that can’t be trusted.
One big example is the recent data breach that exposes over 772 million email addresses and over 21 million passwords. The information is now being circulated online and sold to cybercriminals.
Is my email that valuable?
You might be thinking, “I’m just using my email address to keep in touch with people and send files.” But remember that you’re also probably using it for other services like Facebook, Twitter, Instagram, Netflix, Spotify, Lazada, Shopee, Dropbox, Amazon, Steam, even bank accounts.
If you’re using a single email address and password for all these accounts and happened to get exposed, then the attacker can simply change your password (assuming you don’t have 2FA activated), lock you out, access all your data, and use it for other malicious activities. For a cybercriminal, that’s gold.
How to know if my accounts are compromised?
One way of checking if your accounts are compromised is by using haveibeenpwned.com by security researcher Troy Hunt. It is a website that allows internet users to check if their personal data has been compromised by data breaches. The site allows you to separately check if your email address or password has appeared in data breaches.
My email address has been pwned, what should I do?
If your email address or password were identified as pwned, then it’s time to take action right away, and the first step is to change your passwords.
When you choose your new password, make sure to use a combination of uppercase and lowercase letters, symbols, numbers, and is at least 8 characters long to make sure they’re not easy to guess or crack by brute force. To check if you have a strong password, you can use this tool from LastPasscom.
If you need time to remember it, write it down and keep it somewhere safe. You might also want to consider getting a good password manager if you manage plenty of accounts.
Also, make it a habit to regularly change your password. Some recommend doing it every few months or twice a year, but you should do it immediately if there’s a data breach like what was mentioned earlier, there’s an indication of unauthorized access to your account, or if you have shared it with someone else.
2FA or 2-Factor Authentication is your second line of defense in case your password gets compromised. What this feature does is send a code to your mobile device via text, email, or activate a push notification to your smartphone to notify you if it detected access to the account.
If it’s you who’s trying to access the account, just enter the code or allow the access and you’re good. But if you received it even if you’re not logging in, then simply revoke that access (DO NOT give out your PIN or code). Take this as solid evidence that your account has been compromised so it’s time to change a password again.
For a guide on how to enable 2FA to popular services like GMail, Facebook, Twitter, Steam, and other platforms, you can read our article here.
To find out if a website or service has a 2FA feature, you can visit twofactorauth.org.
Keep yourself informed
There are plenty of ways on how to secure your account but they’re useless if you don’t study and apply them. Take time to learn about the online services that you use and study their security policies and features and take advantage of them. The more you know, the more you will be able to secure your accounts.