Why Changing Passwords May Not Help When You’re Hacked

One beautiful day you wake up in the morning to see that a hacker attack, so familiar to you from the news, is now paying a personal visit. Now you need to regain control over your identity and compromised account.

If you’re lucky, you’ve discovered the hackers get into your computer before they could do anything. You may get a security alert that an IP address from the opposite side of the world was trying to access your account, or you may check active sessions and recognize one that is definitely not yours.

If you’re not so lucky, your password has already been changed to lock you out of your email. It may be that you can’t reclaim your account using the “forgot your password” link and answering your security questions. The attacker went ahead and closed a back door.

In the worst case, the hacker had enough time to spread out the attack to gain access to your bank account, crypto wallet and social profiles associated with your email.

The good news is that there’s always a way to regain your digital identity and recover your account. But the further attackers go, the harder it is to kick them out of your profiles. So time is of the essence, as well as the right course of action. Continue reading this article if you want to find out dos and don'ts in case you've been hacked.

Step 1. Freeze All Endangered Accounts

An average person has registered accounts on dozens of services like social media, music streaming, and online shopping. All of them are usually linked and available from the primary email address.

Once you notice that something goes wrong with your online privacy, you should freeze services connected to a compromised account. Thus you ensure that nobody can access your facts and figures until the vulnerability is fixed. Attackers won’t be able to take advantage of the breach any more, and you’ll buy time for your next steps.

Most of the major online services have tools to protect an account if it has been taken over by someone else. If you detected someone poking around your profile and you still have access to it, you can usually block an account by yourself.

For instance, on CoinLoan, we send you “Did you just sign in?” email notification every time someone (hopefully you) is logging into your account. These emails contain a security freeze link that can temporarily block your account in one click.

If the access to your accounts has been lost, you’ll need to regain the access first of all. Contact customer service from any other email or via live chat. Support representatives will ask you some questions to prove that you are the person you’re claiming to be. After that, the compromised account would be blocked so that no one could log in. For unfreeze,  request the assistance of the support team one more time.

Step 2. Try to Understand the Causes

The next step is less obvious but yet important if you want to protect your sensitive information. Before you change passwords on every website, find out how malware made its way into your life. Otherwise, you’ll treat the symptoms, not the disease leaving a malicious user a way to return.

If you try to reset passwords before a malware is neutralized, it may get access to new passwords instantly. Thus begins a cat and mouse cybersecurity game.

To fight an intruder effectively, make sure you know where he's hiding. A hacker that stole your identity has probably used SIM swapping, malware, or simply cracked your password. Below, we’ll address how to confirm or deny each of the three and how to deal with them.

Step 3. How to Deal With SIM Swap Fraud

SIM swap or a port-out scam is a phone number hijack that gives hackers the keys to your phone, SMS-based two-factor authentication, and connected accounts. The practice of SIM swap scam is becoming increasingly common. All it takes is to convince the mobile operator employee that they were you using your data. Sometimes that’s enough to check your social media to get all the information needed for swapping.

Then they say your phone was lost or damaged and ask the provider to activate a new SIM card connected to your phone number on a new phone — a phone they own.

How to Detect SIM Swap

Detecting SIM hijackers would be the easiest. All you need is to check if you can make or receive phone calls. If everything works well, move on to step 4 below.

How to Stop a SIM Swap Attack and Return Your Phone Number

If your phone stopped working and couldn't find a signal, contact your mobile carrier immediately to block your card and take back control of your phone number.

After you regain access to the SIM, you can unfreeze your accounts to check them for unauthorized charges or changes and reset passwords. Don’t try to change passwords until you make sure attackers no longer have access to your SIM card. Otherwise, it may be a wasted effort. Scammers will still be able to intercept text-based 2FA codes or trick services into telling your new passwords.

Step 4. How to Deal With a Malware Attack

If you use an iOS or macOS, you can sleep easily. Apple devices are considered well protected from malicious software, so it's unlikely to get malware on them. Though the risk from malware is low, there is no such thing as zero risk.

To fight malware on macOS, we recommend using Safari browser in recovery mode to change compromised passwords. Even if your computer is infected, malware won’t be able to get new keys.

If you have a gadget on Android or a Windows PC, it's a riskier story. Hackers can steal personal information from your computer using a keylogger. That’s a type of monitoring software that tracks user behavior without users’ knowledge. Once installed, it detects every single keystroke they enter through a keyboard, including usernames and passwords.

The primary method that hackers use to spread keylogger malware is phishing emails. They send fake emails with attachments that install malware when users download them.

A keylogger may also be packaged with free online software or phishing URLs, that can be found at the bottom of a video, an article, or in a mobile app description.

The most common way that malware gets onto Android devices is through infected applications that can even work, as usual; however, being busy with an additional secret task.

How to Detect Malware

To scan your PC, phone, or tablet for any existing malware, you need to use antivirus software.

Antivirus programs for Windows:

Antivirus programs for Android:

Please keep in mind that no one malware scanner is perfect. Malware constantly evolve to be able to pass through such software undetected. You can’t be sure that nothing is lurking on your device even if all antiviruses say it’s clean.

How to Stop Malware and Return Access to Your Device

If you still believe your Windows computer is compromised, it doesn't make sense to change passwords on it. Hackers will easily manipulate your device and collect new passwords if a malware is still active. Having any suspicion, you’d better power your computer off while you handle the issue.

The safe course is to act from another device that is not accessible for attackers. Use your smartphone, for instance, to change passwords for email and other accounts, enable 2FA, remove unknown active sessions and disable various recovery options. Having all things done, you've already put hackers at a disadvantage. A computer malware won’t be able to hijack your accounts when 2FA is enabled and recovery options disabled.

To remove malicious software from an Android phone, try to use malware removal applications from the list above. The more robust way to get rid of any unwanted software is to make a hard reset to erase all your data from your phone and give it a fresh start.

Important: Before doing a reset, make sure to back up the data you need.

Step 5. How to Deal With a Compromised Password

Passwords are the bane of cybersecurity. They’re often reused and typically easy to crack. If you’re using simple passwords or the same password for multiple sites, you’re lining in a powder keg. If you have been hacked, your keg has probably exploded.

Check if Your Password Has Been Compromised

Find out whether one of your accounts was a subject to a data breach using the have i been pwned? site. Your data might have been leaked, enabling attackers to take login attempts using known emails and password pairs.

Having your account hacked, you should first regain the access if it was lost and kick attackers out by changing all passwords and recovery methods, and enabling 2FA.

Step 6. Improve Your Cyber Awareness

Well, it was a tough process, but you made it through. Your accounts are yours again, and the next step is to create and maintain a healthy protective routine to keep your personal and financial information secure in the future.

  • Use a password manager to generate and save a strong and unique password for each website or service. You may try Bitwarden’s free password manager.
  • Enable two-factor authentication using a free authentication app, such as Google Authenticator or Authy. If a hacker doesn't have that second "factor" verification code, he can't get into your account, even with your password. More information on 2FA you can find inside our dedicated article.
  • Update your software regularly. New versions may include important security fixes that have been discovered.