What to do when your email has been breached?

Image source

Every day, like clockwork, there’s a hacker attack every 39 seconds.

Imagine waking up one day, trying and failing to log into whatever social media account you have. You try again and again, only to get a “wrong password” response each time.

Then you try to log into your email to recover your password, only to find out that you can’t log into your email either.

This is what it’s like moments before realizing you’ve been hacked.

With dawning horror, you check your messages to find out there’s been a bunch of charges on your card that you definitely have no memory of.

“Has my email been hacked?“

When your email has been breached, you lose more than just spam and bills. Videos and photos uploaded onto your accounts are compromised, and a hacker is often a few steps away from accessing the money in your bank.

Why? Because most people don’t bother having different passwords for their email and bank account.

Studies show most email accounts have 130 password-protected accounts linked to it.

Over 90% of people using Gmail, the most common email provider, don’t even use 2-factor authentication. It’s easy to see why a hacker would target anyone’s email: It provides the best return on investment for the least effort.

Once your email has been breached, it’s a simple matter of asking for password resets on every single website you access to pretty much take over your identity.

The email accounts we take for granted are often a huge single point of failure for our entire lives, capable of causing incredible inconvenience with a single breach.

So if your answer to the question, “Has my email been hacked?” is “Yes,” what should you do?

1. Secure your computer and devices.

A telltale sign something is wrong is your computer acting up and taking longer to do even the simplest things. When a malware or spyware has infected your system, you often experience a slowdown in all the apps you use. Spyware and malware can lie in any email attachment you receive, in any software you download, or even in that flash drive you plugged in the other day.

There are too many viral vectors to count, but the actions you need to take never changes:

  • Update your operating system — patch all the security holes.
  • Run a complete virus scan on all your drives.
  • Make sure your firewall is up and running.

Image source

If your computer isn’t secure, all changing your passwords will do now is alert the hacker that you’ve changed your password. If you have a trojan, key-logger, or ransomware lodged into your system, it’s a waste of time to take any action before cleaning up your system first.

Your smartphone and other devices aren’t exempt either. If you’ve run software on your phone that doesn’t come from trusted and verified sources, then you’re liable to have an infection. A 2018 Webroot study revealed that 32% of mobile apps downloaded contained code malicious in nature. If you come across pirated or anonymous software, it’s safest to assume they contain spyware.

Key-loggers track every single keystroke on your computer and send it to malicious hackers. A spyware and malware scanner should detect any software key-logger on your system.

But some key-loggers are completely invisible to any software detection.

Hardware key-loggers are jammed into the space between your keyboard and computer in the form of a little physical device that logs your keystrokes. Hardware key-loggers must be physically detected to be removed. Although rare, it never hurts to know what they look like when they’re embedded onto your system so you know what to look for.

Wireless keyboards are an up-and-coming vulnerability as well. Hackers use sniffers to capture the packets your keyboard sends to the computer and log all the passwords and account names in complete secrecy.

Once your smartphones, tablets, and computer is virus and malware free, it’s now safe to change your passwords.

2. Change all your passwords.

Prioritize your bank accounts and change login credentials to all the important accounts you have. You don’t need to ask, “Has my email been hacked” if you have a banking account associated with your email, it’s better to be safe than sorry.

Remember, a password should be difficult to guess for any outsider but easy to guess for you. Longer passwords with mixed characters are the safest.

The single best advice for password creation is to create a password that is likely to be unpopular among others. Never use information in your password linked to your personal identity, such as credit card information, family birthdays or addresses.

If someone has hacked into your accounts remotely, it’s likely they have successfully figured out your security question and answer as well.

Change your security question/answer across all accounts and don’t keep anything stereotypical or pop-culture related that’s easy to guess.

Remember, your email is only as safe as your security question.

3. Notify your friends, family, and colleagues.

A common technique hackers engage in is phishing attacks. Phishing attacks are an attempt to pose as someone legitimate to trick you into handing over your personal details. Details like your credit card information, or something as seemingly simple as your pet dog’s name can be valuable.

If you’ve ever answered innocuous questions such as those recently, you don’t even need to ask “Has my email been hacked?” as the answer is likely yes. Phishing social engineering attacks are insidious and even the tech-savvy can completely fall for them.

Your hacked email address is now social proof for hackers to use on your friends and family. Everyone on your contact list is a target. Informing everyone important you know that your email is compromised is a responsible step towards making sure they don’t have their information stolen as well.

People in high profile jobs carry a social weight in their email circles that are ripe for hackers to exploit.

4. Consider multi-factor authentication.

Most email services offer at least 2-factor authentication, where you use your mobile phone to receive a unique, one-time-password every time you log in.

Most people consider their mobile phones an essential extension of their body and value their expensive phones highly. But even multi-factor authentication is vulnerable to sim swapping, sim cloning and social engineering.

While this method has flaws, consider that every difficult obstacle you place for the hacker to overcome increases the marginal odds that your account will be safe. Having your email breached seems unlikely and a far-off ambiguous possibility, but it’s well worth it to take the extra effort to protect your mail. Losing access to your email for most people, borders from incredibly inconvenient to seriously damaging as even your identity can be stolen under the right circumstances.

5. Report the breach.

If your answer to “Has my email been hacked” is “Yes” and you’ve taken the above steps, you’ve done everything you can possibly do to mitigate the damage. But for a safer future, consider reporting the breach to your email provider.

It is incredibly beneficial for most providers to have users report breaches so they can investigate and understand how and why the breach took place. They might even be able to offer additional information that you would otherwise never be able to obtain. If you are a paying customer, they might present avenues of reclaiming your account as well.

You’re protecting yourself and others from future threats when you go the extra mile to report a breach. Depending on the size and nature of the breach, other services you rely on might be affected. It’s always worth it to take the small amount of time needed to formally report this to your provider. Email providers can always see where the last successful login was made and they should be able to help you in many cases, possibly even with reclaiming your email given the circumstances.

6. Immunize yourself.

You never realize the value of something until you lose it.

Now that you’ve lost your email, you might find that familiarizing yourself with common phishing scams, social engineering attacks and other cyber security measures is worth it in the long run. While social media might connect us with friends and family, our email is often our official fingerprint in the cyber-world. Professionals and businesses rely on our email to verify we are who we say we are.

Your family photos and videos carry a sentimental weight that important emails and files don’t have. It can be a strangely tragic moment when you lose your email to a hack. Back up your files among multiple sources in the future, use different passwords for your email and bank account, and treasure your email. It is the cyberspace equivalent of a mail box and people take theirs for granted until they lose it.

Practice best practices to always protect yourself. You can go to websites like to see if your email has been breached and find out the nature and time of the breach. There are plenty of password managers that can help you create a strong password to prevent this from ever happening again.

Can I Schedule An Email To Be Sent At Midnight In Gmail?