How can you contain the damage done by a successful hack? How can you recover?
If you suspect you are being hacked, it is important to know if your physical device is compromised, or if your online account (such as email) is compromised.
Different passwords for different services contains the damage from any one hack.
As has been briefly mentioned in this guide, one of the root causes of bad password security is people creating password that they can easily remember. While this is good for ease of use for the user, it is bad for password security. Often, these easy to remember passwords are also easy to crack. However, this ease-of-use blunder extends past creating a single password: It infects all passwords. Another side effect of trying to create passwords that are easy to remember is that users will often use the same password across many if not all of their online accounts [9]. If you have one password that you can remember easily, why not use it everywhere! That's SUPER easy to remember! No need to keep track of 50 different passwords for different sites. Life just becomes simpler. Or at least it does until you get hacked.
If your physical device is compromised, disconnect it from the internet, or unplug your router.
If your physical device is compromised, they are likely controlling it over the internet. Thus disconnect it from the internet to stop it from being remotely controlled. Then the best path forward is to wipe the computer completely using a full reinstall with no data being saved. This wipes any code the hackers could have deployed during the hack. If you are going to restore the computer using a backup, make sure you are restoring it with a backup before the time you suspect you were compromised.
Let's say you, quite unfortunately, fall victim to a successful password hash-cracking attack for a password that you use on one of your accounts. Clearly, that account is now compromised. However, if you use that same password to protect a second account on another website, that second account is compromised as well. If you use the same password for all your accounts, ALL your accounts are compromised. Instead of having to crack 10 or 20 passwords to access all of your digital data, an attacker only has to crack one. This makes their job so much easier and makes your life so much harder.
If your online identity/account is compromised, immediately change your password if possible, and call/contact customer support or fraud.
It is crucial to change your password as soon as you are hacked. This prevents them from changing your email or phone number which is often all that links you to your account. Then sign out of all devices, and then sign back in using the new password. This kicks hackers out of all your other sessions. Then it is important to call customer service or fraud teams for the companies your account was compromised for in order to report it to them, and ask for them to help make sure your account is safe.
If, however, you use different passwords for all your online accounts, a successful attack on one of those passwords does not affect your other accounts [10]. The damage is mitigated and contained, at least for the moment, to that one, compromised account. This makes recovery much easier as well because instead of having to manage locking down all of your accounts and keeping track of all the damage that was done, you only have to focus on one account.
If your email is compromised, this is incredibly dangerous. Until you are certain that you have control over it again, switch all your important accounts over to another email that you know you have control over. This gives you protection and isolation until you are certain you are safe again.
If you're hacked, you want to know about it, and fast!
While this is all happening, pay attention to all phone notifications, recent history, emails, emails in trash, transaction histories, and more, on all your important accounts. If you notice suspicious activity, take action to secure your accounts. Attacks are often subtle and can spread from account to account.
If the above sounds stressful, it's because it is. It is a much better idea to be preventative in the security space, rather than reactive.
It's important to have these notifications so that you not only know when you are being hacked, but you know as soon as possible. So first off, make sure you have these notifications enable for all your accounts. Not all accounts may have an option to turn these on, and some may not even have these notifications at all, but you should always try and search for the option in your account settings to turn these notifications on.
Often these notifications come in the form of emails and can be for a few different types of events, usually related to login attempts or successful logins. The service on which you have an account will often send you an email if it deems the attempt or successful login to be suspicious. The email should contain details about the login, such as time, date, and location, as well as ways to act against the suspicious login. If the login was from you, then no problem! If it wasn't, then you know you've been hacked.
We've said it before, but we'll say it again because it's that important: If one of your accounts is unfortunately hacked, CHANGE THE ASSOCIATED PASSWORD. The password often the one way in that the hacker has, so if you close the door and change the lock, the hacker cannot get back in. Just make sure that when you change your password, you make it more complex. (More on that in Good Password Security in the Use complex passwords section.)