Has Your Account Been Breached?
Noticed some unusual activity on your account? Have you just been made aware that your confidential credentials have been published online for everyone to see? You’re probably feeling scared and worried of the fallout, don’t worry, we’re here to help!
Stay Calm, Stay Collected!
The worst thing you could do right now is apply an emotional response to your current situation. We know it’s a troubling time, and the future looks uncertain, but at Inturity, we want to provide you with all the information you’ll need to immediately protect yourself, and how you can defend yourself in the future.
How was my password compromised?
There are many ways that a Cybercriminal could have obtained your passwords. Some of the most common methods includes Phishing and Search Engine Phishing. You may have accidentally submitted your details to an email that you received, believing that it was legitimate. The email could have prompted that a service you use will be cancelled, or that an issue has been detected on your account, and that you must login to fix it.
In addition, you may have attempted to purchase a product online which was offered at a discounted rate, by which the details you submitted when creating an account were sold online as the website was created by Hackers, which lured you in by offering what appeared to be amazing deals.
Furthermore, the hack itself may have not been your fault at all. Even though large companies invest millions a year to Cybersecurity, there’s always a chance that they are hacked, which subsequently means that your data is stolen. For example, Facebook may have encountered a security breach whereby your email address and password was stolen. This means that your account has been compromised but was completely out of your control.
Does this mean all my accounts associated with my email are compromised?
Let’s say for example your eBay account was compromised. If the password you used for eBay is commonly used on other websites using the same email address, there’s a chance that other services may be affected too. So, if your PayPal, Facebook, Twitter and Instagram accounts all use the same email address and password as eBay, these services could have been comprised too.
However, if you had implemented a strong password policy, then your password should differ for each site and service, meaning that they only have access to your eBay account, and nothing else. So, if your passwords are frequently recycled for everything, you should look at securing these services too.
Can I check where my passwords were breached and published?
You can! If your password was part of a large-scale data breach and was sold to an online database that has since been published, there are several free-to-use websites which can identify where, when and how your details were leaked. However, if your passwords were compromised via other methods such as Phishing and Search Engine Phishing, and was sold privately, then this search won’t conclude any results.
- https://haveibeenpwned.com/ – Have I Been Pwned is a website which allows you to input your email address and find out if it has been compromised in a data breach. Using several large, public databases, this website searches the index to find any and all hacks that your address was involved in. Simply type your email address into the search box and hit enter.
- https://breachalarm.com/ – Breach Alarm is very similar to Have I Been Pwned. Using the same principle, it checks your email address against a database of breaches, to determine if it has been involved in a hack. The process is the same, simply type your email address into the search bar and hit enter, however; Breach Alarm has access to different databases, ones which Have I Been Pwned does not have access to.
- https://www.dehashed.com/ – Last but not least is DeHashed. Following suits from Have I Been Pwned and Breach Alarm, this service searches yet again more databases that the others don’t have access to, in order to find if your address has been involved in any breaches. If a positive result is returned, you can see when it happened, how it happened and what services were affected.
Here are our 10 steps to getting back on track:
Step 1: Change the password for the primary account that was compromised.
As you have been made aware at some point that your account has been breached for a certain service, change it immediately. This will prevent any additional damage from occurring, as you’re on damage limitation duty at the moment.
For now, it doesn’t have to be ridiculously strong or complex, you just want to deny them further access to your account, we can work on creating a more secure password in later steps.
Step 2: Locate which breach your account was compromised by.
You should identify which service was breached, and in turn exposed your password. If you are able to find out what website was hacked, you’ll be able to narrow down the exact password that has been published online. This means you can make a list of other services that share this password, to secure your online identity.
Step 3: Secure your other accounts.
If you have been able to identify the exact password that was compromised and have been able to create a list of services which share it, you should immediately change them. For example, if you used that password for your online banking and social media accounts, log in straight away and change them.
Again, it doesn’t have to be super complex, we just want to prevent them from logging, we can make it much more secure once your accounts have been locked down.
Step 4: Damage limitation.
Now that your accounts have been secured, and are back under your sole control, you need to assess what damage has been caused (if any), and work on a plan to fix it.
What could be valuable?
If your email account has been compromised, search through your inbox to identify if there are any valuable or sensitive emails that could have been exploited. Most of the time, Cybercriminals hack for financial gain, so they attempt to steal money, personal information and even sensitive images.
Track and trace: Even though we don’t memorize which emails we’ve opened or not, we usually have a pretty good understanding as to which ones we have interacted with.
Some hackers will mark emails as unread, to make you think nothing was opened. However, some aren’t as clever as that. Try to scan your mailbox for emails you think you haven’t opened, but appear as read, to identify any emails that have been accessed.
Check your ‘deleted’ folder: If the hacker has performed mischievous activities on your account and has attempted to cover up their tracks, the emails they have sent may still be in your deleted folder. If they haven’t emptied this folder, you’ll be able to see exactly what they have done. It may be a long shot, but it’s worth a look.
Check your ‘sent’ inbox: A popular activity once email accounts have been breached is to use your account to send Phishing emails. As your account is genuine, the chances of making it past other people’s spam filters is high, so they abuse your account by sending emails from it.
Check your ‘sent’ folder to see if they have sent any emails. While they can just delete emails from this folder to cover their tracks, it’s still worth a shot.
Check your forwarding settings: Email accounts have the ability to forward emails on to another inbox. For example, if you just want an account to receive emails, you could have all emails sent to ‘email@example.com’ sent to ‘firstname.lastname@example.org’ immediately. The hackers may have setup a rule to forward all of your emails to their account, so they can spy on you and keep an eye on your emails.
Check your email forwarding rules to see if any settings have been activated. If you’re unsure how to do this, contact your email service provider and they’ll help you identify if any has been setup.
Review your bank statements: If your accounts have been compromised, there’s a chance your bank card details have also been exposed, as these are typically linked to your accounts. Keep an eye on your bank statements, and immediately report any unrecognisable transactions to your bank to reverse or hold the transaction.
Step 5: Creating stronger, more complex passwords.
Preventing another attack in the future could be aided by generating a stronger, more secure password. It is possible to social engineer someone and use software to guess random combinations of information that is meaningful to the user, this is why passwords named after your family, pets or important dates is advised against as they can be easily brute forced.
There are 2 methods that we advise to create a password. The first being picking random words from the dictionary and adding numbers/symbols throughout. Grab a dictionary and pick 3 random words from random pages and add your choice of numbers and symbols throughout. Due to the randomness and length of the password, it makes it infinitely harder to social engineer the combination or brute force the characters.
In addition, a password generator can be used. Whilst these don’t create a coherent string of characters, the randomness also prevents passwords from being guessed or brute forced. However, not everyone has an eidetic memory, thus; remembering a random sequence of alphanumerical characters can be challenging.
To solve this issue, we recommend using a secure password manager to store all of your passwords. Reputable services such as LastPass allows you to store all of your passwords online, in a secure and encrypted database that only you can access. You can add all of your passwords here and allow LastPass to auto-fill them so you don’t have to type (this prevents shoulder surfing as someone could see you typing in your password characters). What’s even better is that LastPass works across all your devices, and syncs automatically. So, your passwords will load on your computer, tablet and phone alike.
Step 6: Scan your machine for malware.
If your credentials haven’t been harvested via a Phishing attack or a business data breach, your machine may have been infected with some type of malware. Whether that be from an email, or attached to other software you have installed, malware such as keyloggers may be active and running on your machine.
Keyloggers will record your exact keystrokes that you enter when logging in to websites and send these credentials back to the Cybercriminal. Therefore, running a scan on your machine may identify malware on your machine which could have contributed towards the unauthorised access of your account.
Most operating systems come with a pre-installed anti-virus program installed but doesn’t thoroughly scan for all types of malware. We recommend installing Malwarebytes and/or AVG Internet security, both are free to use and can scan your entire machine in just a few clicks.
Step 7: Enable Multi Factor Authentication (MFA).
In the unlikely event that your account does once again become compromised, if you have enabled MFA on your accounts, it will prevent them from gaining access.
MFA means that once you login using your username and password, a randomly generated code is sent to your phone via text or an app and must be entered within a specific timeframe to let you login.
Therefore, if a hacker can gain your password, they will need a code which is sent to only your phone. Since they won’t have this, they won’t be able to login and cause any damage.
Step 8: Password recovery.
When you forget your password, you’re able to either recover it or change to a brand new one. Most services will directly email you a link to reset it, however; some websites still use recovery questions. The issue with this is that whilst they are personal, a lot of the information submitted can be found online or via your social media accounts.
For example, they may ask for the name of your pet, which could be found on your social media accounts as you have posted pictures and annotated it. Another example is your mother’s maiden name, this could be found online, you get the point.
Consider changing the recovery questions for services that still use these. Pick something you know isn’t available online or on social media, this gives your account the highest chance possible of being secure.
Step 9: Learn with Inturity.com!
Now that you have secured your online identity, it is crucial that you widen your cybersecurity horizon. Learn how to protect yourself online with our clear, concise and easy to use courses today!
Step 10: Protect your friends and family.
You’ve learnt how to secure your accounts and protect your online identity, now what? It’s time to help out the ones you care about!
Make sure that they check their email address against the data breach databases and sign up for our cybersecurity awareness training courses in order to protect themselves from what you experienced.
Follow us on Twitter or Facebook to keep up to date with the latest news, features and the hottest cybersecurity topics.