Security "leaks" and breaches on popular services are becoming so common it's almost comical. Except that if your account gets hacked, it could have dire consequences for your privacy and even financial security. Whether it's a simple social network like Twitter (where 250,000 users' details have been leaked) or your email account that gets hacked, here's what you need to do to get control back and protect yourself going forward.
1. Find out if your account has been hacked. Sometimes it's obvious when your account has been compromised. On Twitter, the hacker might post in your name. For your email account, all of the sudden family and friends are telling you you've been spamming them like some Nigerian scammer. Even worse, you might find fraudulent charges on your credit card if one of your online shopping accounts gets compromised.
If you're not sure or you want to keep tabs on any possible leaks associated with your email address, sites like Pwned List and Should I Change My Password will check your email address against publicized databases of compromised accounts. Both will alert you, if you create an account, in the event your email winds up on any new compromises.
2. Try to regain control of your account immediately. First, scan your computer for malware to make sure your PC is clean. Then try to change the password on the account; you might get lucky. If you're able to get in, also change the account security question. Because security questions are very basic and also easily guessable, however, it's best to fib a bit on those answers. E.g., if asked your favorite sports team, answer with your favorite quote.
Change your password to one that's as long as possible, with mixed case letters, numbers, and symbols. A passphrase is easier to remember than random alphanumeric characters, but the most important factor is length and that you don't use the same password everywhere (more on that it a bit).
If you can't get back into your account, contact the security team for the service right away. If your email has been hacked, set up a new email address that you can use for secure communications only (and a separate new email address for stuff like newsletters).
3. Change your password for every site you've used the same password. Using the same password for multiple accounts is convenient but it leaves you vulnerable. If you've used the same password as the compromised account anywhere else, change it to a unique one right away.
A password manager like KeePass and LastPass makes it easier to create truly unique passwords for each site and service. Alternatively, you could create a master passphrase and tweak it slightly for each service; so, for example, you can use ThisIsMyPassword-forWebMail and ThisIsMyPasword-forGoofingOffonFacebook.
Sign up for Computerworld eNewsletters.