What to Do When Your Account Has Been Compromised?
How to deal with the sinking feeling that an attacker has accessed your account.
I recently received an automated email notification that someone from Vietnam had accessed my Square account. Living in the United States, I knew that someone unauthorized had gained access to my account.
Panic began to set in…
This isn’t an account that I use too often, but it does have personal and financial information that you do not want to be made public. Immediately, my mind begins to wonder how this happened. What steps do you take in this situation? Are my other accounts compromised as well? One question leads to the next until I came to the realization that I need to take action.
In this article, we’ll discuss the actions that I took to help get my account back under control and secure.
You can, and should, take these actions when your account has been compromised, but I highly recommend taking action now to prevent future attacks.
Doing these things can prevent attackers from taking control of your account in the first place.
Validate the Compromise
Most alerts will come through email or a text message. It’s common to receive phishing emails from scammers trying to elicit a knee-jerk reaction to get you to click a malicious link. These emails will look like they’re coming from a company that you use to gain your trust. Below is an example of a phishing email.
You should log directly into the website and not use the link provided in an email or text message if you are unable to verify the authenticity of the sender.
Be cautious and do not click links from untrusted sources.
Most websites can check the latest account logins and will include data such as date, time, and location of login. You can also use the company website to reach out directly for more information. Companies usually have a contact us button at the bottom of their websites.
Validating the compromise will confirm whether you need to take additional steps or if an attacker was trying to phish information from you.
Change Your Password
After validating the compromise you should change the password on your account. An attacker was able to log in to your account and most likely knows your password.
There is a possibility that the attacker has changed your password to keep you out and maintain control. If that happens, you will need to use the “Forgot Password” option on the website to change your password and gain access to your account.
Ensure you are using a strong password.
Enable Multi-Factor Authentication (MFA)
Companies are beginning to implement MFA to give customers an additional layer of security on their accounts. The most common methods of MFA are:
- Receiving a text message with a code that you enter when logging into a website
- Receiving an email with a code that you enter when logging into a website
- Using an authenticator app such as Google Authenticator or Microsoft Authenticator and entering the provided code when logging into a website— both available on iOS and Android
Enabling MFA ensures that even if an attacker knows your password they will still need to have the code from a text, email, or app to access your account.
Attackers look for easy targets. Having MFA enabled makes your account more difficult to compromise.
Updating Accounts That Use the Same Password
Now that the account that was originally compromised is back under your control with a strong password, you need to turn your attention to other accounts that use the same compromised password.
Using the same password across multiple accounts puts all of those accounts at risk if an attacker knows your password. You will need to update the password on those accounts to ensure an attacker isn’t gaining unauthorized access.
Keeping track of different passwords across different accounts can be made much easier by utilizing password managers such as LastPass and KeePass. LastPass makes creating and managing passwords seamless since it is integrated into your browser, cell phone, and tablets.
Gone are the days of having one password for 100 accounts. You can now easily have 100 passwords for 100 accounts.
Checking If Your Data Was Part of a Previous Breach
It’s possible that a company may have had a data breach that included your data. Depending on the breach, your username and password may have been exposed and are now available on the internet for attackers to use.
Websites, such as Have I Been Pwned and Am I Breached, allow you to type in your email to see if your data has been part of a data breach. Knowing this information can help alert you that you need to update account passwords or seek other protections.
Wrapping Up
Taking these steps allowed me to regain control of my account in about 15 minutes. The initial panic subsided as I took the correct actions to protect my accounts and my personal information.
Having a plan makes all of the difference.
Going forward, I am much more prepared if this unfortunate situation were to arise again. While you can never stop these types of events from happening with certainty, you can take the appropriate actions today to reduce their impact.
My hope is that this article can serve as a guide for those that experience a compromised account and need to know how to restore their access and increase their overall account security.
If you have any questions feel free to Tweet or PM me @mrkmety
