What to Do If a Hacker Has My Password?
'The username or password is incorrect. Please try again.' We've all seen this message, and usually, it's little more than a nuisance because it's due to some slightly chubby fingers and a loss of concentration. Often, a try or two later, you log in successfully, and everything's fine. But what if everything's not fine? What if you're certain that you're entering the right password, yet it doesn't seem to work? Unfortunately, this is where you start worrying because it means that your login credentials may have been compromised. It's time to find out what you can do about it.
Regain access to your account
Obviously, the cybercriminals have managed to get their hands on your password, and they've already changed it. You need to get them out of your account as quickly as possible. Contact the service provider's support agents and let them know that you've lost access. They'll give you options that will let you prove your identity after which they'll invalidate your old password, kicking the attackers out of your account.
It should go without saying that when you're setting the new password, you need to think of something completely different from what you've had so far. If you just add "1" to the end of the password the hackers already have, you're asking for more trouble.
If you've been reusing passwords, this should be your wake-up call
One account has already been compromised thanks to the stolen password. You don't want to see the rest of your online profiles getting the same treatment, right? Well, if you've used the same password for them, this is a very real possibility.
Think about whether you've reused the stolen password. If you have, make sure that all the accounts secured by it get new, unique passwords. Again, use something random and impossible to guess. If you feel like this is too difficult a task, you can let a dedicated tool like the Cyclonis Password Manager take care of it.
Find out how the hackers got their hands on your password
Unfortunately, there are many ways to steal a password, and sometimes, finding out how the hackers did it is no easy task. Try your best to learn what happened, though.
Start with your own computer. Malware that logs keystrokes and steals login credentials is nothing new, and if your password has been exfiltrated by a piece of malicious software, you need to make sure that it won't happen again. Download and install a reliable anti-malware solution on your computer and perform a full system scan to ensure that there aren't any dangerous programs running on your PC.
Try to remember whether you've received and opened any suspicious emails recently. Coaxing you into divulging your password is much easier than distributing malware and hoping for the best. That's why phishing is one of the most popular types of cyberattacks. It's cheap to pull off, and because it's largely unaffected by any security solutions the user may have installed, it's rather effective. Unfortunately, many people make the mistake of putting too much trust into the emails they find in their inboxes, so don't discount this as a possible attack vector.
The password wasn't necessarily stolen on your end. Data breaches happen every day, and some service providers react better than others. Read the news, get in touch with the vendor, and ask them whether they've been attacked. If they're uncooperative, reach out to friends and relatives that have accounts at the same website. If they've experienced problems similar to yours, a data breach is the most likely scenario.
Try to make sure it won't happen again
Taking the necessary precautions isn't a simple process, and there's no algorithm to it. Adopting the best security practices really is the only way of mitigating the risk.
Set unique, complex passwords for all your accounts and make sure that your computer is well protected. It's not all about local protection, either. Delete all the accounts you don't need and think about how trustworthy the service providers you use are. Nobody's immune from a cyberattack, but smaller, less popular websites are more likely to have a few holes in their armor which makes them an easier target.
Check for additional security features
For years, people have been criticizing the password for being a flawed way of authenticating users, and it must be said that to some extent, this is true. That's why companies have been trying to implement features that can help you retain access to your accounts in case your password gets compromised.
The most popular such feature is called Two-Factor Authentication, and although it has a couple of flaws of its own, having few other options means that you must definitely consider using it. Check which of the services you use offer it and turn it on wherever possible.
Spread the word
Finding advice on what you can do to prevent password theft is easy. But how many of your friends actually look for this advice?
Not that many partly because they don't know how unpleasant the experience is, and partly because they think that it won't happen to them. By contrast, they spend hours watching cat videos on social networks.
You can use the power of social media to teach your friends a valuable lesson. Tell them what happened, how you found out about it, and what you've done to protect yourself. People fall victims to cyberattacks every day, so there's nothing to be embarrassed about, and although many will likely ignore your story, if just one of the people you're connected with starts taking security more seriously, you've done a great job.