Has my account been hacked?

Sometimes you hear news of a company being hacked or a service being compromised by hackers resulting in numerous accounts and personal data to end up in the hands of nefarious actors. Perhaps you use a service or have an account with a company that was compromised but weren't aware of a data breach because you never heard the news.

Regardless, it's a scary prospect to think about, having your account, identity, banking details and personal info stolen so it never hurts to keep track of whether an account of yours whether an old one from the past you never use anymore or one you currently do has been found in a data breach.

There's a website I recommend to anyone for doing a quick check to see if your login details were found in any data breaches called Have I been pwned?

Example of a compromised account

Feel free to check your work and personal accounts

This website gets you to input an email address you use or have used and it will search through all the known data breaches and let you know if your email pops up in any of them. If the site reports that your email was found in at least one data breach, then check the date of the data breach and ask yourself:

When was the last time I updated my password for that account?
- If you've updated your password recently or multiple times in the past, then there's no cause for concern for that particular breach, but check with the other breaches too
Do I use the same email and password combination anywhere else?
- If you use the same email and password combination for multiple services then they ALL are at risk as the hackers will try that login combination on multiple different sites to see if they get lucky. Update your passwords for all those accounts ASAP!

How can I secure my account?

Start off by changing and updating your passwords for any compromised and potentially compromised accounts. Refer to my other guide here for creating strong passwords. I'm sure you've heard it many times by now, but do not use the same password for multiple accounts, especially if they use the same email address for the login.

Next consider enabling multifactor authentication (MFA) sometimes referred to as 2-factor authentication (2FA) for your accounts. Our work emails by default have multifactor authentication enabled but you should also consider enabling this for your own personal accounts.

Consider learning how to identify dodgy emails, don't click links to sites you never visited before or look odd, open sketchy file attachments and don't enter in login details to websites that you've never been to that you were directed to by someone you've never spoken with before.

What do I do if my account is hacked?

Contact IT right away so that we can mitigate the damage as soon as possible, please provide as much information as you can as to how your account got hacked or compromised. We know it can be embarassing to explain if it was your own fault but we're here to help you, not lecture or ridicule you.

Our first course of action will generally be by changing your passwords and depending on severity we may make a company announcment and restrict access to servers and such to minimise damage.

When it comes to personal accounts that were compromised, generally the first step would be to change your password if you haven't been locked out of your own account. Do the same for any accounts that use the same email and password. Then contacting the company to recover your account as soon as possible.

If your account had banking details tied to it like credit card details, make sure to lock the card or ask the bank to cancel and issue a new one, monitor banking activity for the following couple of weeks to ensure no suspicious transactions take place.

Hopefully you never have to find yourself in such a situation by following these tips!