Internet and tech

How do you know if your email or online account has been hacked?

Are you concerned that an online account may have been hacked? Are you a member of a website that has contacted you regarding a data breach? Want to know if your email address has been hacked over the past few years?

Rarely a week goes by without news of a hack or database breach of some kind. The more we work and live online, the more we are susceptible to hacking. If you read my piece on ‘Why everyone should use a password manager’, you will know that even the strongest password will only get you so far.

How a little hash and some salt helps protect your online accounts’ illustrates some measures websites can take to protect your data but also mentions that not every website uses these measures.

So how can you find out if your details have been compromised?

How do you know if your email or online account has been hacked?

Have I been pwned?

‘Pwned’ is a slang term for being owned, or hacked. It’s a gaming term that has been taken on by the security community to describe when someone’s data has been breached.

Why do you need to know this?

Because there is a very useful website called ‘Have I been pwned?’ It contains regularly updated lists of all the emails it finds that have been released through data breaches and hacks. It doesn’t catch everything but is the best resource out there to see if your email has been caught up in a data breach.

Simply type your email into the box in the centre and select the ‘pwned?’ button. The system will check the available data and tell you whether your email appears on any of the lists it holds.

Remember, the website doesn’t include every data breach out there. It is a good indicator but if you see other signs of strange behavior, it may be time to change some passwords.

So what are those other signs of strange behavior?

Signs that your email or online account has been hacked

There are a few signs that your email and/or password may have been compromised. If you see one or more of these, you need to take action. Exactly what action, we will cover in a little while.

Signs your email or online account has been hacked include:

  1. Password changes you didn’t authorise
  2. Unexpected emails confirming orders or password reset notifications
  3. Complaints from email contacts that you are spamming them
  4. Different locations show up in the Gmail log

1. Password changes you didn’t authorise

If you find you can no longer log into an account and the website hasn’t notified you, this is a sure sign of a hack. The vast majority of websites leave passwords to users and will only perform mass resets in the event of a serious breach, which they would notify you of.

2. Unexpected emails confirming orders or password reset notifications

Many websites that use accounts will have an automatic notification set to alert you of any changes. If you see any notifications of a password or account reset you didn’t authorise, take action immediately.

3. Complaints from email contacts that you are spamming them

Complaints from email contacts that you are spamming them is also a sign that your email account may have been compromised. Someone gaining access to your email account may just want to use it to spam others.

4. Different locations show up in the Gmail log

If you’re a Gmail user, there is a very useful log when you use a browser. Scroll to the bottom of the index screen, on the right. You should see ‘Last account activity’ and then Details underneath. Select Details and you should see a popup window like the image below.

It will tell you exactly when you logged in and from where. Check this log to make sure it was you for each login.

How do you know if your email or online account has been hacked?

What to do if your email or online account has been hacked

Now you know the signs, what do you do if your details have been compromised? There is a specific procedure I would recommend to maximise security while moving quickly. As we don’t yet know how your account details were compromised, we need to take no chances.

Perform the following in this specific order:

  1. Run a full antivirus and malware scan on your computer or device you usually use to log into the accounts
  2. Install a password manager onto your devices
  3. Log into your email and change the password using the password manager
  4. Log into any online accounts you used the same password with using the password manager
  5. Keep an eye on your financials

1. Run a full antivirus and malware scan on your computer

Email addresses and online account details can be taken from your computer using malware. Yours may not have been leaked this way but it is vital we take precautions just in case.

Performing a virus and malware scan before you do anything else ensures your new passwords are not passed to the hacker along with your old ones.

2. Install a password manager onto your main device

Password managers are not perfect but they are many times more secure than any password you are likely to be able to come up with and remember for future use. I cover them in depth here and recommend everyone uses one. That way, all you need to remember is a super-strong password for the manager itself and every other password is taken care of for you.

3. Log into your email and change the password using the password manager

Changing your email password is a priority. Once someone knows your email address, they can begin attacking the account with bots or hacking apps. Using the password manager to generate a super-strong password means any hacker will be very unlikely to be able to hack your email using conventional means.

Use the maximum amount of characters permitted by your email provider and include upper, lower case, numbers and special characters.

4. Log into any online accounts you used the same password with using the password manager

There should be an option to change the password upon login or a feature for a forgotten password on most accounts. Use that to log in and change the password to something different. If you cannot reset the password yourself, contact the website administrator or helpdesk and explain the situation. They should be able to help.

Again, using a password manager means you can generate a genuinely random password using the maximum permissible number of characters.

5. Keep an eye on your financials

If you think more than just your email address has been compromised and more of your identity may be out there, it may be useful to keep an eye on your credit report. If you are sure financial information may have been leaked, tell your bank and set up alerts on your credit report with the credit reference agencies. Do the same for your credit card and any other financial institution you may do business with.

It may not come to that but if you notify these organisations in advance and something does happen, you are not liable for any potential losses as long as the data loss was not your fault.

Use two-factor authentication where possible

My final tip for staying secure online is to use two-factor authentication (2FA) wherever possible. It isn’t invulnerable to hacking but is many, many times more secure than not having it in place.

It will usually involve giving your mobile phone number to the website in question. In return, the website will text you a code every time you log in. Enter the code onto the page and you should be able to log in.

If your account is hacked in the future, the hacker will require a clone of your phone or physical access to your phone to be able to access your account. It’s an extra step in any login but seriously improves the security of your account.

%d bloggers like this: