What to Do When You’ve Been Hacked

Everyone talks about hacking as if it’s something we can all prevent with a few simple steps. The reality is that once in awhile there will be holes in the woodwork and hackers will slip through your security. As of late, many people have been hacked and are the victims of password leaks and Trojan horse infections. Despite the growing number of victims, no one is telling you (unless you own a business) what kind of process you should follow once you’ve been compromised. That’s what we’re here to talk about, and I hope it serves its purpose for you!

It’s Time For Damage Control (Now!)

If one or two of your accounts were hacked, you’re still in the pink as long as the email you registered them with is still accessible. You’ll have to act fast since hackers will try to cross you over and change your registration email address right away. This is actually the first thing you should do when you’re attacked. Try accessing any of your accounts and see what you can recoup from there. Once you get an idea of the damage done, you can proceed to investigate any causes.

First Things First: Run A Scan


If someone is targeting you, you have to figure out what angle they were using to hook you. The best way to dodge a punch is to see where it’s coming from so that you don’t get hit. In this case, you were hit. Now, it’s time to make sure you don’t get hit in that manner again. Run a thorough virus scan (preferably using a real piece of software that’s been reviewed extensively and scores well) to see if there are any Trojan horses that could have logged your keystrokes. They’ll often have the signature label “KeyLogger” or something similar when they show up as infections detected on your scan. Get rid of those as soon as possible.

It’s helpful to see the path where the file was found. It may give you clues as to how the virus infected you in the first place. You need to be wary of what you find on the web; but even if you are, you get hit once in awhile with a nasty infection like I did last June. The best thing to do is to try to find out what you downloaded that was infected and avoid that download source altogether. It’s not trustworthy if it doesn’t even bother to scan the files it hosts.

Now, Let’s Consider Other Possibilities

Do you use a major service online in tandem with millions of other people? Of course you do! Everyone does. Look for every account you have on the web. Start with the major ones, and search for “password leak” followed by the name of the service you’re using. For example, if you want to find out whether Yahoo suffered a password leak, you’d search “Yahoo password leak” and try to find dates that look recent.

Let me give you a real-life example of what I’m talking about. In July 2012, Yahoo was compromised. Millions of its passwords were leaked across the web. Not long after, someone was trying to enter my Facebook, PayPal, and GMail accounts. I made a quick search and found this:


Luckily for me, only my Yahoo account was compromised since I use different passwords for each service. Others weren’t so lucky. If you find that a service you use has suffered a compromise on its database, change all of your passwords immediately.

Don’t Eliminate The Possibility Of Sabotage

Some services you have an account with can tell you what IP tried to access your accounts. If you can get your hands on one of those lists, you can track down the perpetrator. Type the IP address into a website like WolframAlpha or IP Location and you’ll find where it’s coming from and which Internet service provider (ISP) they’re using. If it’s not your ISP (or you’re certain you’ve never used that IP) and the IP comes from your vicinity, you’re probably dealing with someone who got your password the old-school way: you told him/her your password at one point or he/she stole it from you somehow using “pen and paper” methods.

If you feel that the offense merits serious consideration and don’t feel like you can coax the person to give you access to your accounts again, you must report this incident with your local police. They’ll be able to handle this, and in some jurisdictions, the offense falls under laws governing identity theft in the criminal/penal code.

Do you feel like you can add to this? Do you have any questions about the material? Please leave a comment below so we can continue this discussion!

Miguel Leiva-Gomez Miguel Leiva-Gomez

Miguel has been a business growth and technology expert for more than a decade and has written software for even longer. From his little castle in Romania, he presents cold and analytical perspectives to things that affect the tech world.


  1. For myself, I have been down this road one too many times. This is why I made the “jump” from Windows to a Linux oriented operating system. I did that (made the move) back in 2007, and I have not had a security breach since then. I know a lot of people will come down on me far saying it, but it’s the truth. I’m not going to go into a whole schpiel of which OS is better, or what the pros and cons are, but for those who are tired of virus-scans, malware scans, ad-ware scans, and all kinds of registry, dll, exe, docx, xml, and various other types of infected or trojan carrying files I would recommend giving Linux a try. Mind you, you would still have to be vigilant regarding security on your PC’s, laptops and such, but you would have a little more peace of mind knowing that it would take more than just a script kiddie writing some code to hack into your system.

  2. This article while somewhat useful leaves out a great deal of information needed to live up to the first paragraph. I also found it misleading because to think you can know who hacked you by their IP is a delusional thought. If I want to hide I just setup and use proxies and so do all the hackers, spammers and other lowlife scum, so I suggest you look it up because 99% of all hackers use them full time so your odds of knowing who hacked you is so rare its not worth the time spent trying to find out! All you need to know is the IP that logged in was not yours to know you have issues!!! 90% of the battle is just knowing you got hacked in the first place and the remainder of that should be spent learning how it happened!

    Funny thing is most of the people that bring me in to fix their hacked systems are businesses. Contrary to this authors idea that they are informed about prevention it must be local to where he is. No the truth has two sides, either the person that should be informing them is not or is giving them misleading or incomplete (like this post) information or the person who should be listening is not which is more times the real problem.

    @Eddie – I side with you on using Linux but my experience has shown me that the real problem is the human factor. In all but a few cases where someone called on me because they got hacked it turned out someone clicked something they should not have and given the knowledge to know better may not have. Then of course there is just raw stupidity where no amount of information, security software or OS can save them from themselves!

    1. 1) You still should look there to see if there was a saboteur involved. I’m not talking about hackers here. I’m talking about an ex or some “frienemy/enemy” who got their hands on your password through carelessness on your part. These people will not usually know anything outside of the most conventional ways of hiding one’s IP and it’s likely that their personal IPs will appear in a log somewhere.

      2) You’re perhaps talking about small/medium businesses. I speak of larger enterprises with their own IT staff. Yes, small businesses are very uninformed about what they should do when hacked, especially if they’re not required to read material on PCI-DSS and other regulations as part of their repertoire before starting their businesses.

      3) I must endorse you on what you said regarding Linux. Linux or not, you’re going to get hacked if you start using the same password for everything, or you’re unlucky enough to be on a password leak list.

      1. Sorry, Miguel but you are incorrect on #2. Let me remind you of Target. They are a major corporation with a large IT staff and yet they were hacked and 70 million customer records were compromised.

        The security of businesses, companies and corporations depends on their computer usage policies. If the policies allow only enough computer/Internet access to do one’s work, then the company’s computers are much safer from being compromised. If the policies are more liberal, allowing for pretty much unfettered Internet access, company’s risk of being compromised rises exponentially.

        I worked in IT department of a company with around 10,000 users. The company allowed its employees to have liberal Internet access. A month did not go by without some sort of company-wide virus infection. A day did not go by that we did not have to reimage at least a few user computers because they were infested with malware/adware to the point of being unusable.

        1. I am not in disagreement with you. However, we mustn’t ignore the amount of information going out to enterprises as of late. In recent years, the entire enterprise ecosystem received quite the boost in security awareness; and even before, they were always more equipped than small businesses to perform damage control and prevent new attacks.

          BYOD is really giving a lot of trouble to the business community right now, and this is something that has gotten most of them up in arms. A company I recently interviewed uses MDM to thwart threats brought about by mobility issues. More of the companies I speak to have been adopting some sort of strict computing policy and proper web management. SSO is on the rise. Many of these things are keeping hackers at bay, and we’ll see a lot more companies adopt these solutions in the future as they become aware of them (or as soon as they are attacked, if they are as lazy as most other firms).

  3. Most hackers are not malicious, but want to use your personal contacts to send advertisements with your “endorsement”. I found out about my hack when one of my email listees contacted me to ask if I really felt some product was good. Most major Browsing sites have an alternate contact for you (another browser) so that you can reset your passwords and notify your accounts (I put a tag line with the fact that I have been hacked and including my new contact url on all my outgoing emails for about 6 months). It is always a good idea to keep off your sites personal information like social security numbers, credit card numbers, bank account numbers, etc. so that any hacker would not find them when you get hacked (and you will eventually).

  4. @Richard – so you do not consider it malicious to just want to take your personal contacts and to speak out on your behalf? You make it sound so harmless, but your complacency is another problem with society today!

  5. I have been hacked and it might be too late to retrieve my old email info.I can’t open my yahoo account. Wish I had a phone
    3 to call you and give you my new carrier and email address.

Comments are closed.