Security Advice

The 4 Things You Need To Do If You’ve Been Hacked

Here are 4 quick things you can do to contain the damage and prevent others from getting hacked:

  1. Change your password! You also need to change the password for all other accounts where you’ve reused that password or a variation.
  2. Start the account recovery process. This is different for every website so you’ll need to do more research.
  3. Determine how you got hacked, and if your device itself is infected to avoid spreading malware.
  4. Alert anyone who might be damaged by your account being compromised. For instance, Facebook friends might be targeted by the hacker impersonating you.

(1) Change Your Passwords

The first thing you should do is try and change the password of the account that got hacked. If you can change it, you might be able to regain access before the hacker can lock you out. Try it now! If there is an option to “log out of all devices” make sure you press that too.

If you’ve reused that password or a similar variation for other accounts, make sure you change the passwords for those accounts too. None of your variations are secure, read why here! It’s preferable to generate a new password for each account using a password manager like Locke.

(2) Start the Account Recovery Process

If you weren’t able to change the password for the account in question, it’s likely hacked. The next thing to do is start the account recovery process to try and regain ownership of your account.

This process looks different for every website so you’ll have to research how to do this on your own. However if you want help with this, register for a Locke account and our support can provide assistance. It can often take up to a week to regain access, so once you’ve started the recovery process continue to step 3 while you wait.

(3) Determine How You Got Hacked And If Your Device Is Infected

There are a lot of different ways you could have gotten hacked. The important thing here is to learn if your device itself is compromised since it can continue to spread malware to other devices on your network.

If you got hacked via a phishing attack it’s likely that your device itself is still secure. That doesn’t mean you’re in the clear, but it’s better than being infected with malware.

If you got hacked after downloading a questionable file, there is a chance your device is infected with a virus (malware). This is more complicated because further using the device can result in you spreading the virus to other people.

My device has a virus, what do I do?

First, disconnect the device from the Internet and turn off mobile data if it’s a smartphone. This prevents the virus from spreading or downloading more data to your device.

Next, to be completely safe, you should factory reset the device. This is much better than any virus scanning software since there is basically no way a virus can survive a factory reset. HOWEVER, this will wipe all your data off the device.

That means you might want to backup the device before resetting it. But be careful, backing up the data might carry the virus with it into the backup. If you must backup the device before wiping it, do so to an offline storage device such as a USB drive.

(4) Alert People & Report the Hack

The last thing you should do is tell everyone who could be impacted that you’ve been hacked.

For instance, if your Facebook account got hacked, the hackers often impersonate you and send malicious links to your friends to try and hack them too. If you can, let those people know your account is hacked while your going through the recovery process.

Once you eventually regain ownership of the account, post publicly letting people know not to open any messages sent by you.

Finally, the last LAST thing you should do is report the hack to authorities. At Locke, we use the phishing messages people receive to improve our phishing protection. You can submit them to use on our contact page. You can also report phishing emails to the FTC.

For more resources, visit our blog or

Leave a Reply

Your email address will not be published. Required fields are marked *