[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More


You’ve been hacked —what should you do next?

Published on
6,270 Points
7 Endorsements
Last Modified:
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
I’ve been hacked a few times, and it is a terrifying position to be in. The last time I recall a major hack was back in 2011 courtesy of a Malaysian hacktivist. It is unclear how the attacker procured the password to an old Gmail account — that I rarely used — but it was most likely tied to my use of the same weak password across multiple websites. Though these ancient accounts had been long forgotten by me, they morphed into the mode of unrestricted access for the attacker.

Armed with the initial weak password, the attacker was able to tie together some of my older accounts via a simple Google search. I vaguely recall seeing a Malaysian IP address when a Google account access alert arrived in my inbox, but alas, it was too late since the attacker quickly changed the password upon arrival.

When the Malaysian hacktivist gained access to my old Gmail account, he was able to communicate with my friends. My friends, in turn, communicated the hacktivist messages to me. The attacker also located old domain and web hosting logins and passwords from the compromised Gmail account and took control of those domains and websites. The attack was political in nature. In order to get my old Gmail account back — along with the stolen domains and websites — I was instructed to deliver a message via tweets about the current status of upheaval in their country. I complied.

During the interim, I knew that though I was the victim of this hack, I was also the weakest link in the security chain. Fortunately, I had a security asset in my corner — investigative reporter and security journalist, Brian Krebs — who was quick on the draw and contacted Google in an attempt to expedite retrieval of the hacked Gmail account.

What is your next course of action?

Think about it. Since you are clueless about how, when or why you will be hacked, how do you proceed with a working and viable plan of action? This is what I did: I checked my logs to find out if the attack could have originated from my computer. After assuring myself that my computer was not the source of the attack, my router was the next check point in my course of action. Next, I checked for backups. Did I have a backup of my old Gmail account? No, I did not have a backup. So all of the data that was in that account belonged to the attacker and was owned by that person or group. Because I did not have a backup of the login information for old domains and web hosts, these old accounts were not included in my password manager. I had to contact the companies directly and prove that I was the account owner.

I learned that backups are chief. Regardless of whether it is local data, a social media account, an online email account, or a cloud drive, your ability to recover from data loss that results from a malicious hacker, malware, or even ransomware—is recoverable if you have been proactive and implemented a good, solid backup plan. You should also remove login and password information from all online accounts and store them in a password manager.

Aside from checking computers and devices as a point of entry for threat actor — don’t overlook basic router security. Joe Stewart, Director of Malware Research at Dell SecureWorks recommends six basic steps to secure a router:

  1. Change the default password.
  2. Turn the firewall on.
  3. Turn logging on.
  4. Turn on WPA Wi-Fi-encryption and set as high as possible.
  5. Keep router firmware up-to-date.
  6. Don’t forget to logout after configuring the router.
Additional security measures include: Changing the default IP range of, to another IP range; turn off UPnP (Universal Plug and Play), turn off WPS, and disable remote management over the Internet.

Keep all computer and device software updated. This includes the operating system, all software (including security applications/subscriptions), browsers, and browser plugins. Cybercriminals love leveraging system vulnerabilities. With all local devices secured, you will be able to address Internet-based services and take the necessary steps to protect online accounts.

Having a viable plan of action to protect your online digital assets will better prepare you for potential future hacking events. I learned from my experience that my old accounts contained valuable information that gave the hacker a leg-up. Also, using a weak password across multiple accounts was advantageous to the hacker and a grave embarrassment to me.

Get a grip on all your accounts

Regardless of the age of any account, secure it with a strong password. If two-factor authentication is available, use it. Inconvenience is a small price to pay to keep an account safe from the criminally-minded. Password managers are a great tool that can assist in the creation and maintenance of strong passwords — choose a password manager wisely. There are many password managers available, both commercial
Once you have all your accounts gathered — whether local, on a network, or online — secure them and delete/remove any accounts that are no longer applicable. Old accounts can become an attacker’s best friend, just don’t let that “best friend” become attached to one or more of your accounts.

Change logins, passwords, and PINs for all accounts and never use the same password for multiple online accounts.

Aside from getting a grip on all your accounts, you should notify your contacts so that they are aware that your account was compromised.

Report it

Contact the website or service that the hacked account resides on first.

You should file a complaint with the Internet Crime Complaint Center (IC3) as soon as possible. IC3 serves as a central hub that provides an easy-to-use reporting mechanism to alert the appropriate authorities of suspected Internet crimes.

After IC3 receives a complaint, their analysts review and research it, then send it to the appropriate agency for criminal, civil, or administrative action. IC3 does not take any legal action aside from forwarding the information to an agency that has jurisdiction. It is up to the receiving agency to act upon the complaint. Since the reporting process is streamlined, you will not have to waste time trying to figure out which agency to contact — IC3 will do it for you.

If you are a victim of identity theft follow the Federal Trade Commission (FTC) process and take the suggested steps as outlined by the FTC to report the crime. Gather all the documentation from online filed complaints along with the evidence that you gathered from the hacked device(s) and file a report with your local police agency. (Credit bureaus often require a police report if you need to place a credit freeze on your account). Though there are still many police agencies that are not equipped or familiar enough with Internet crime to respond to or address the computer crime, filing a local police report assures that the crime was reported if an agency requests evidence of a police report to proceed with your case or request.

In the case of identity theft, one critical piece that is often overlooked after a hack is adding a fraud alert or a credit freeze to your credit report. Adding a credit freeze often requires proof that you filed a local police report. Most states do not charge a fee for victims of identity theft.

Lessons learned

Regardless of what type of future hack you may be involved in—you need to get your house in order today. Not tomorrow, next week, or next month—it will be too late. This does not mean that you have to be consistently paranoid and pull out your hair when a benign ad shows up in your email inbox. It means you must always be vigilant and prepared in advance for any future attacks.

"The question is not if you’ll be hacked but when." — Dr. Csilla Farkas, Associate Professor, Department of Computer Science and Engineering, University of South Carolina

Are you proactive or reactive?


Check if your email account leaked to the web

Have I been pwned?

Find out if a password hack has exposed your password online 

This post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies.

This post originally appeared at the TekSec Blog.
LVL 19

Expert Comment

by:Kyle Santos
Good job.

Author Comment

Thank you Kyle :)

Featured Post

Introduction to Web Design

Develop a strong foundation and understanding of web design by learning HTML, CSS, and additional tools to help you develop your own website.

Join & Write a Comment

After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month