How to Check if You’ve Been Hacked & What to Do if You Are
Hackers and scammers are a constant threat online. Everything from social media accounts to email addresses can come under attack at any time. Older accounts can put your newer accounts at risk, so how can you tell if your accounts or passwords have ever been hacked? Below are the signs you need to look out for to tell if you’re at risk of hacking.
Use ‘Have I Been Pwned?’
‘Have I Been Pwned?’ is one of the best tools for checking your email accounts’ safety. You should go to the website and enter each of your email addresses. The site will check if your account has ever been part of a data breach or if your account details have been pasted to the public online. If either of those things is true, you know the account is more at risk.
You should secure any accounts that are at risk. Use a password generator and password manager, and be sure not to open suspicious emails. It would help if you were vigilant for any suspicious activity on your email account. If you use the same password as the email account anywhere else, change it immediately.
Dehashed is another powerful tool for checking the safety of your online information. Unlike the above tool, Dehashed covers more than email addresses. You can enter any search term, such as an old username, and the site will trawl the internet to see if any of your information is publicly available. The site includes tools to help you remove any personal data entries you come across.
You should use Dehashed if you’re worried about old usernames you no longer use becoming compromised. It’s possible to search for your full legal name, address, and phone number. For security reasons, you’ll need to create an account before you can check the details of any data you come across.
Check For Hacked Sites
You should check sites you regularly use to ensure they’re safe. You can use free services, like Sucuri Site Checker, to ensure the sites you visit often are safe.
Go to Sucuri Site Checker and enter the address of any website. The site will provide you with a list of potential risks from the site you entered. If any sites you use regularly come back as risky, you should act immediately. It would be best if you changed any passwords associated with the breached site.
Monitor A Hacked Websites List
An essential step in checking if you’ve been hacked is to check on lists of hacked websites. ‘Have I Been Pwned’ offers a comprehensive list of all the websites that have ever been breached. There are other sites, such as Self Key, that offer lists of the most recent breaches. You should ensure you’re checking these lists frequently to ensure sites you use haven’t been the victim of a data breach.
Most sites inform their users when a breach occurs. However, it’s possible to miss those messages, and in some cases, websites fail to notify users in a timely fashion. For your own safety and peace of mind, you’re best checking these sites regularly yourself. If you want to keep updated, use an RSS reader like Newsflow and add the ‘Have I Been Pwned’ breached sites RSS feed. The feed will inform you whenever a new breach happens.
If you know you have been hacked, here’s what you should do
You might have noticed that your passwords have changed or that you have received suspicious login alert emails from the online services you are using. If you are locked out of your online account and cannot recover it, you could be hacked. Here are some immediate steps you need to take if your online account has been hacked.
If you need our expert help to recover your hacked account, you can order a recovery session with one of our experts.
First thing first: Notify your Friends, Family Members, and Followers
Your friends and family members must be aware that one or more of your accounts have been hacked. The reasons are:
- Most hackers hack for financial gain, and when they get access to your account, they will try to scam or blackmail you or attempt to scam your friends or followers of your hacked account. We have had multiple clients hacked by their own friends on, e.g., Facebook, as hackers already controlled their accounts. This is a continuous loop where the hacker keeps hacking friends of a hacked account and then repeats it. It’s called social engineering. Think about it, if you got a message from your dad, brother, or best friend, to send you a code from your phone, would you not do it?
- The second reason is that the hacker might post sensitive or violating content on your own profile. If you are an employee or have important positions, this might get you in serious trouble.
We have created a page with information that you can send to your friends, family members, and followers to ensure that they are kept safe and understand what you are going through. You can also have friends post this page on their profiles referring to your account specifically.
Never pay a ransom
If you have been hacked and the hackers have reached out to you demanding ransom, do not respond and definitely do not pay. By paying the hackers for their illegal activities, you are indirectly funding and supporting their operations, which means that they can continue hurting other people and businesses.
If hackers approach you and ask for a ransom, you should contact your local law enforcement and file a police report. You can also hire a third party who can talk to the hackers and not directly involve yourself.
What is important to know about most hackers is that they are in it for the money. The minute they understand you won’t give you any money, they will leave you alone and move onto their next victims. Most extortion attempts are shallow and won’t materialize.
Today, most online services will let you know if you have been logged into their services with a different computer, IP, or browser. If you do not recognize a login, you should take immediate action and secure your account by:
- Changing the password
- Adding 2FA (Two-Factor Authentication)
- Adding additional security levels the service provides
Unable to log in to your services?
If the hackers have changed your password and/or email, and you are unable to log back into your own account, you should follow the service’s own protocol for hacked accounts. Often you can reset recent changes from the email alerts sent by the service. If that does not help, you should try to get in touch with the service’s customer support and see if they can help you.
Follow our Hacked Protocol
If you are certain that you have been hacked, you should follow our protocol:
- Change passwords on all online accounts you still got access to and secure these as fast as possible.
- Ensure that you have secured your main email account, changed the password, implemented a recovery email, and enabled Two-Factor Authentication.
- Let all your friends and family members know that you have been hacked to ensure that they are not scammed by the hackers pretending to be you.
- Do an assessment of which accounts have been hacked and what information the hackers have received about you and your network.
- Do not create a new profile or account on the same platform you were hacked using the same credentials like email or phone number. This makes it much harder to recover your account.
After you get the full overview of the situation and secure all other online accounts, you can recover your hacked accounts. Go through your emails and see if you can find security alerts from the service you’ve lost access to. Often they give you an option to reset recent changes to your account.
Try to reset your hacked account’s password, using both the email option and the SMS option where applicable.
If that doesn’t help, go to the service’s help portal and see if you can find a form to report a hacked account.
You can also try to contact the service directly if they have a phone number or support email.
When filing a hacked report form, it can take up to two weeks before you get a response. Meanwhile, it would be best to keep an eye out for changes on your account that has been hacked.
For the worst extortion attempts and hacking breaches, you should consider involving your local law enforcement and file a police report. Read more about that there.
Feel free to check out our tutorials on how to recover certain accounts:
If you’re worried you’ve been hacked:
Featured image by Suttipun from Shutterstock.com