When a Company You Use Gets Breached
Sooner or later a service you use will be hacked. Here is the calm, ordered response that limits the damage.
Data breaches are now a fact of online life. At some point a company you have an account with will be hacked and your details will end up in a leaked database. This is not usually your fault, and it is not a reason to panic. It is a reason to have a short, reliable routine, because how you respond in the days after a breach determines whether it stays a nuisance or turns into a real problem.
The first and most important step is to change the password on the breached account, and to change it anywhere else you used the same password. This is the moment reused passwords come back to bite people, because attackers take the leaked email-and-password pair and try it on hundreds of other sites. If every account had a unique password, a single breach stays contained to that one service. If you already use a password manager, this step is quick.
Next, turn on two-factor authentication for the affected account if it was not already on, so that even a leaked password is no longer enough to get in. Then watch for the second wave, which is follow-on phishing. After a breach, criminals often send convincing messages that reference the very service that was hacked, hoping your worry makes you click. Treat any such message with extra suspicion and reach the company through its official site rather than a link.
Finally, take stock calmly. If financial details were exposed, alert your bank and watch your statements, and consider whether freezing your credit is warranted. You can check whether your email has appeared in known breaches using a reputable breach-notification service, which will also warn you of future ones. A breach is rarely an emergency if you have unique passwords and two-factor authentication in place. It becomes one only when the same password unlocks everything, which is exactly the situation this course is designed to prevent.
Quick quiz
A couple of quick questions to lock in what you just read. Nothing is saved — pick an answer to see if you got it.
-
The first step after a service you use is breached is:
Reused passwords are why one breach spreads; unique passwords keep it contained.
-
After a breach, the common second wave is:
Criminals send convincing messages about the breach hoping worry makes you click. Use the official site, not a link.
-
A breach is rarely an emergency if you already have:
It only becomes a crisis when a single password unlocks everything.
Keep going
Subscribe for new lessons and a printable security checklist.