Help, I've been hacked!
If your email, Twitter or Amazon account gets hacked it's a truly horrible experience - read our handy guide that helps you recover from it, and top tips to stop it happening.
If you've been hacked
If your account has been hacked it means someone might be using your account to access buy things using your debit/credit card, or send spam or phishing from your email account. There are three main ways a hacker can access your account:
- Guessing your password. If your password is very simple (see our page about choosing passwords) then they might have guessed it.
- Stealing it from another website. If you use the same email and password combination on a number of websites, if one website is compromised they may have got your login details and will try it on other sites.
- Malware. You may have inadvertently installed software on your computer that allows hackers to access your computer or monitor what you type (a keylogger). If this happens they can record you logging into a website and steal the information.
What to do
- Scan your computer. If you have malware on your computer and change your password, they'll still have access to your computer. If you have a Windows PC, run Security Essentials to scan for malware.
- Change your password for that account. This may involve emailing or calling the company who run the account that was hacked if the hacker has changed your password. See our page about choosing a good password for details
- Check your account settings. If hackers have accessed your account, they may have changed your details. Reset any security questions associated with your account and check reply-to addresses for email accounts.
- Change passwords on other online accounts. If you use the same username and password combination on any other websites, you'll need to change those passwords too. So if your Amazon password account gets hacked and you use the same login details for your eBay account, the hackers will most likely target that next.
- Check what damage they have done. If your Twitter account has been hacked, check and delete anything they have tweeted anything in your name. If your Amazon account has been hacked, check if they have ordered anything and contact Amazon to let them know what happened. If your Hotmail account has been hacked, check if they have sent any messages from your email address. You get the idea.
Tips to avoid being hacked
1. Use a different password for each online account
No-one wants to hear this, but the best way to avoid having your accounts hacked is to set up a different, random password for each website you use. At the very least use different passwords for the top websites like Amazon, eBay, Apple, Facebook, Twitter and your email address. Of course this means you'll have to start recording your passwords, but there are many tools to help you with this like LastPass.
2. Use two-factor authentication where possible
This is where you use a device to log you into a website, like the small key generators that your bank gives away, but more commonly websites can send a passcode to your mobile phone - Apple, Twitter and Paypal offer this to name a few. Another option is to use a security token like Google Authenticator when you log in. This is a free app for your mobile available from Google to secure your accounts. More websites are using this option, and the advantage is that one app secures a number of websites.
3. Don't use public computers to log into important accounts
If you're using a computer in an internet cafe or library, assume that it's infested with malware that may steal your passwords. This is another good reason to use two-factor authentication - even if they get your password, they can't log in without your mobile phone too.
4. Always use a secure connection (https) where possible
Most popular websites now offer a secure connection, so make sure that when you connect to Facebook, Twitter, Amazon etc that the address starts https:// and that the website address is the one you're expecting - you may have inadvertently typed the address wrong and could be on a fake website that looks like the real thing.