If You Get Hacked: A Calm Response Plan

Even careful people can be compromised, and the difference between a scare and a catastrophe is often how you respond in the first hour. Having a plan in advance lets you act calmly and in the right order.

First, regain control of the affected account. Change its password immediately from a device you trust, and if you can still get in, sign out all other sessions and turn on two-factor authentication if it was not already enabled. If you are locked out, use the official account-recovery process right away.

Second, protect your email above all, because it is the master key that resets everything else. If there is any chance your email was accessed, secure it first, then work outward to your other accounts, prioritizing anything tied to money.

Third, contain the financial damage. If payment details were exposed, contact your bank or card provider, watch for unfamiliar charges, and consider freezing your credit to stop new accounts being opened in your name.

Fourth, look for what the attacker may have changed. Check for new email forwarding rules, added recovery phone numbers or addresses, and unfamiliar connected apps, since attackers plant these to retain access even after you change your password. Remove anything you did not set up.

Finally, warn the people in your contacts if your account may have been used to message them, and take a breath. Methodical action beats panic every time.