This guide outlines what you need to do if you find out (or suspect that) an account of yours has been hacked.

If someone contacts you saying that they have accessed your account, do not reply them or click on any links they send. Screenshot the message or email for evidence

Secure other accounts

If you have used the same password in other accounts, change them.

• Your password should be long, at least 12 to 15 characters. This makes it harder for people to crack them using automated software.
• Your password should be new and unique. It should not resemble any passwords that you have used before. Otherwise, an abuser who knows you might know your password habits and guess your new password.
• Tip: Combine words, words and symbols randomly to create a strong but memorable password e.g. CurrySanitiser$Arrow2. You can also consider getting a password manager to help you generate and store strong passwords.

Recover your account

Contact the company that owns the account to recover it. Most companies have tools and procedures for managing compromised accounts. You can do an online search for these. For instance:

• Facebook Report Compromised Account
• Gmail Account Recovery

Change password and set up 2FA

If you recover your account:

• Change your password and your answers to security questions.
• Set up two-factor authentication (2FA), if you have not already done so.
• Check your account settings to ensure that they have not been changed.
  • For example, in email accounts, the hacker could have turned on a setting to forward all emails to another account. You want to make sure that this is turned off.

Set up 2FA for all accounts

Two-factor authentication (2FA) provides an additional layer of security. If your account information was leaked, this would prevent additional hackers from using that information to access that account.

Get a password manager

Password managers help you store and keep track of your passwords. They also help you create strong, unique passwords whenever you need to. Because these are dedicated services, the team who created the password manager will be working to maintain and improve it to ensure the manager remains secure.

To start, you will want to look for a password manager that is safe, secure, convenient, and accessible.

Add-on features to look for:

• Available across devices, browsers, and platforms
• Notifications if you have used the same password in multiple accounts, or if your email address was caught in a data breach.
• Reminders if you have not changed your passwords in a while.

This guide to password managers by Wired goes through some popular options available currently, including some that are free or which offer a free tier.

Fake answers to security questions

Many pieces of basic information – your birthplace, mother’s maiden name, etc. – can be found online or may be guessed by someone close to you. Instead of giving a true answer, consider a fake and random one. For example, if the security question is “What is your mother’s maiden name?”, your answer could be: truffle brie cheese.

Get alerts for data breaches

Create alerts so that you will be notified if your email accounts are caught in a data breach. You can do so by submitting a notification request to one of the following services. They will notify you if your email address has been compromised.

• Have I Been Pwned? (Click ‘Notify Me’ in the top navigation bar)
• Using Firefox Monitor
• Using Jumbo (an iOS security app)

Inform others that you’ve been hacked

Tell your acquaintances not to trust any communications from the hacked accounts or people claiming to be you.

Let them know how you will be contacting them and give them a way of verifying your identity.

Perform security checks

Google has an Account Security Check that walks you through the process of securing your Gmail account.

You can also use Jumbo (iOS app) to perform account security checks on platforms such as Facebook, Messenger, Instagram, Google, Twitter, and Amazon.