While you might be aware of steps you should take to prevent getting hacked in the first place, what if the worst-case scenario happens and you actually are hacked? What do you do? We talked to Satnam Narang, the senior security response manager at Norton by Symantec, for his advice on the steps you should take immediately and in the days following to ensure that you're back in control.
(Note: We've chosen to focus on two of the places with the most personal information, Facebook and Gmail, but most social and email accounts will have similar tools.)
Immediately After You're Hacked
First, see if you can log in to your account, Narang says. If you're lucky, the people who hacked it will have forgotten to change your password, and you can go in and change it. (Be sure to follow these steps for creating the strongest one possible.)
If you can't get into your account, try to reset the password remotely, by clicking the common "forgot your account" or "can't login?" link you'll see on most social media and email login pages. Gmail requires you to have a secondary email linked to your account, so your password reset will show up there. Facebook will also send the reset message to your linked email account. If that account is no longer active, you can choose to answer a security question, or get in via a trusted contact.
After Accessing The Hacked Account
Once you're in, it's time to get a look at your hackers. If you're in Facebook, you can go to your Settings, click Security, and press the "Where You're Logged In" tab. This will show you where those other devices are and how long the hackers have been logged in. It also allows you to "end activity" and block them from your account.
In Gmail, scroll to the bottom of your inbox and click "Details." This will show you similar information about who else has access to account and when they got in. From there, change the settings to revoke access.
It can be tough to immediately determine the full scope of a hacker's activity in your account. But there are places to look for clues. Narang advises checking your Gmail's sent mail and trash for any messages the hacker may have sent to your contacts. In Facebook, view your activity log and any information that has been sent through Messenger.
If you follow the secure password rules and have different passwords for each of your accounts it isn't completely necessary to change all of your accounts' passwords if one is hacked. However, it's a good idea. "Your email is one of the keys to your kingdom," Narang says. So, the hacking of any accounts that are linked to your email, including Facebook and Twitter, can put it at risk.
Be safe rather than sorry, and change your passwords. Can't remember all the crazy numbers, special characters, and capital letters you put in each? A password manager will be your best friend.