Recovering from a Hacking Incident: A Guide

By Andrew Lisa

Getting hacked is never fun, all too common, and never 100 percent preventable. Hackers can impersonate you, damage your online reputation, or steal your money. In the event that it happens to you – and it’s very likely that it may – the actions you take in the immediate aftermath will determine how harmful the attack will ultimately be.

Follow this guide to recovering from being hacked.

Security Story - Recovering from a Hacking Incident Pic 1

If you’ve been hacked, change your password immediately.

Change Your Password

Whether it’s your email, your Facebook, or any other account that has a password, the first thing you need to do is stop the bleeding by changing that password. As soon as you change your password, the damage will usually be contained.

If you use the same password for multiple accounts, change those passwords as well. If a hacker has accessed your email, it’s likely he or she will try the same password to access any other account associated with you. The reason for this is that so many of us use the same password for everything.

Report the Incident

If you were hacked, tell the host application. This is important for them, for you, and for future victims. It may never lead to the perpetrator being revealed or punished, but it can help program developers create safer software. There is no central agency that handles hacking reports, but virtually every major email provider, bank, social media site, etc. has a specific department to report to. If your Facebook is hacked, for instance, visit

Clean Your Machine

The only sure way to guarantee your computer is totally free of any traces of malware, viruses, or Trojan horses left behind is to totally start over by reformatting your hard drive. This will, of course, result in total data loss.

If you’re not willing to go that far, make sure to get the latest updates and security patches for both your operating system and for any web browser you use. Obviously run a thorough scan through your security suite, but don’t presume that it will necessarily root out the problem – it didn’t this time, after all. If your security software is not set to auto update, make sure that it is.

Remove Permissions

A smart hacker will anticipate your password change and install “back doors” through which they can re-enter. One of the best ways to shut these back doors down is to remove permissions with any associated app that allows third parties to access your account.

Many of the most popular programs, such as Google, Facebook, Twitter, and Dropbox support oAuth, which allows outside apps to access your API without secure access information. This is convenient, but dangerous.

Once you’ve dealt with the intrusion, be sure to shut down any back doors though which a hacker could re-enter.

If your friends are getting weird emails from you telling them to follow links for great deals on sunglasses, you’ve been hacked – and you have to act right away. Doing nothing is always the worst option. Act fast and try to think in a big-picture way that takes all your accounts into consideration. You’d better believe the hacker is doing the same thing.

Andrew Lisa is a freelance writer living in Los Angeles. He writes about online security and preventing digital crime.

Useful Links:

We are hiring Penetration Testers. Do you have what it takes?

Leave a Reply