You’ve undoubtedly heard plenty of advice on how to protect your passwords, such as:
- Taking steps to avoid viruses, including downloading anti-virus software.
- Choosing a different password for each account.
- Avoiding writing down your passwords.
- Opting for two-step verification when it’s offered.
- Changing your passwords often.
But unfortunately, there are situations in which a strong password and careful practices can’t help you, such as when the service you’re using gets hacked.
As Javelin Strategy and Research reports, two-thirds of identity fraud victims were also notified of data breaches. That means that in some cases, a stolen password can mean a stolen identity, such as if your account information houses your social security number.
So what do you do when you follow all this advice about strong password and privacy practices and you still fall victim to a hack? Start with the following bits of advice.
Confirm the Breach
As Time.com reports, banks are required to inform customers about data breaches, and 46 states mandate that other companies inform their customers as well. The problem is that phishing scammers will take advantage of these laws, which can lead to the password breach itself.
For instance, scammers may send you an email masking themselves as a service you use. They’ll tell you there’s been a data breach and ask you to click on the link in the email and change or reenter your password. This is how they get ahold of your password in the first place.
If there’s been a real password breach, you may receive a similar email. Before clicking on any links, be sure to confirm the breach, such as by calling the company and requesting more information or seeing confirmation of the breech on the company webpage or in the news.
Change Your Password
Once you learn about the breach, it’s a smart move to change your password. That way, hackers can’t get into your account using the credentials they’ve stolen.
But don’t think you’re safe just by changing the breached account’s password. Hackers know that people tend to use the same passwords for multiple accounts. They may hack into a more vulnerable service in hopes of gaining access to more sensitive data by using the same password on your other accounts.
That’s why experts suggest you use a different password for every account. If you happen to use the same one, however, it’s best to change the password of all accounts that use the same credentials as those stolen in the password breach.
Ensure “Free Monitoring Services” Fit the Crime
After a password breach, companies often offer “free monitoring services.” However, sometimes these free services don’t match up with what you really need. For instance, if a password is stolen to an account that houses your credit card number, there’s a good chance that credit card fraud will take place.
Identity theft protection and credit monitoring only alert you when someone tries opening an account in your name. You aren’t alerted when a purchase is made using your credit card, rendering these free services useless until it’s too late.
In cases like this, be sure any free monitoring services you’re offered are actually doing something besides just providing you with a false sense of security.
Protect Yourself for Future Breaches
Once you’ve sorted out your current password breach, be sure to take cautionary steps to prevent one in the future. For instance, don’t forget to equip your mobile devices with anti-virus software, and make sure you sign up for account alerts—on all accounts, not just the one with the current breach.
Now that you know a little bit more about what to do after a password breach, how will you protect your data?
Morgan Slain is an expert on password management and identity protection. Slain has been quoted in Mashable along with other mainstream and tech media. He has more than 20 years of experience in technology including web and mobile. Morgan Slain is the current CEO of SplashData, the leading provider of security applications and services for over 10 years.