Monday, October 14, 2024

Your Online Account(s) Got Hacked & You Are Locked Out: What Do You Do!?


Online security is becoming increasingly critical as more of our daily lives move onto the internet. If you believe one or more of your online accounts have been hacked or compromised, it’s essential to act swiftly. If you are locked out of an account, the situation becomes even more urgent. Below are detailed steps you can take to mitigate damage, regain control, and enhance the security of your other online accounts.


*Note: One takeaway from my own personal "getting hacked" experience is that the new "Verified" model that most social media platforms use now is being leveraged to push users into paying for the verification, just to receive any kind of personal support if they happen to have any problems or issues with their account. Going forward I recommend (and will personally practice) that you verify ANY and ALL online social media accounts that are important or critical to your life/work. You can use the services for free, but if you have an issue like an account hi-jack/take-over, it can be next to impossible to get ANY help if you are un-verified.


1. Report the Incident Immediately!

Reporting the compromise to relevant authorities and service providers is crucial. This not only helps you recover control of your account but also aids in preventing further damage.

  • Local Police: If you suspect identity theft or fraudulent activity, file a report with your local police department. Keep copies of the report for further use.
  • Websites or Software Providers: Contact the customer support teams of any websites or services involved in the breach. Most platforms like Google, Facebook, and financial services have processes in place to assist users in recovering hacked accounts.
  • IC3/FBI: If the incident involves significant financial loss or cybercrime, file a report with the Internet Crime Complaint Center (IC3), which is a division of the FBI focused on internet-based crimes.

2. Recovering a Locked-Out Account:

If you are locked out of an account, follow these steps (and see further details at the end of the blog):

  • Use Account Recovery Options: Most services offer account recovery options like email or phone verification, but this may not be safe if these are compromised. Prioritize recovery methods like trusted devices or backup codes (which many services provide when setting up 2FA).
  • Contact Customer Support: If recovery options fail, reach out to the service provider’s customer support. Be prepared to verify your identity through personal information or past account details.
  • Keep Documentation: If you’ve filed reports with the police or the IC3, share these reports with the service provider, as this may help speed up the account recovery process.

3. Secure Any Associated Payment Services

If you're completely locked out of an account, especially one that’s linked to financial services, take immediate action by logging into any associated payment services and removing access to the hacked site or account. For instance:

  • PayPal
  • Venmo
  • eBay
  • Banking apps or credit card accounts

This helps to stop any unauthorized transactions that could stem from the compromised account. Be sure to carefully review recent activity on these services to identify any fraudulent activity and report it to your payment service provider.

3. Change Passwords on Any/All Online Accounts You Have!

Once you've safeguarded your payment methods, it's essential to change your passwords across all your online accounts. Start with the most important and sensitive accounts first:

  • Email Accounts: Your email is often the gateway to all your other accounts, so this is the highest priority.
  • Financial Accounts: Banking, credit cards, PayPal, Venmo, CashApp, Zelle, etc.
  • Shopping Platforms: Amazon, eBay, and any other sites where your payment information is stored.

Use strong, unique passwords for each account. Consider using a password manager to generate and securely store complex passwords, reducing the chances of reuse or weak password issues.

4. Monitor and Secure All Other Online Accounts

Even if only one account was compromised, hackers may have attempted to access other accounts through the use of the same password or linked email addresses. Take the following additional precautions:

  • Review all recent account activity for suspicious logins or transactions.
  • Revoke access to any suspicious devices or apps that are connected to your accounts.
  • Update security questions and answers, ensuring they aren't easily guessable or derived from public information.

5. Setup, Use, and/or Check Any Credit or Data Monitoring Services

If you use any sort of data monitoring or ID monitoring service(s), this would be the time to check on them or even ask the provider to run an up-to-date check of your personal information.

  • Guardio: We do use and recommend Guardia as an "Umbrella" service to not only monitor your personal information but also look for password leaks and even provide email/web filtering and monitoring. The service is not free, unfortunately. But their products and services have GREATLY helped us with similar issues in the past.
  • Free Credit Monitoring such as Experian, Equifax, Credit Karma, the FTC, and other resources.

6. Enable Two-Factor Authentication (2FA)

Where available, always enable two-factor authentication (2FA) for your accounts. However, be cautious with the type of 2FA you use:

  • Do not rely on 2FA through SMS or email, as these can be intercepted through SIM-swapping attacks or email compromises.
  • Use an authenticator app such as Google Authenticator, Microsoft Authenticator, or Authy.
  • Security Keys: For the highest level of protection, use your security key for 2FA on any accounts that support it.

Make sure to set up both security keys on all accounts that support them for redundancy in case one is lost or stolen.

7. Implement Security Keys for Two-Factor Authentication (2FA)

Using a security key (like a YubiKey) is one of the most effective ways to protect your accounts. Security keys provide an extra layer of security beyond traditional passwords by requiring physical confirmation for account access.

  • Buy Two Security Keys: Setting up two keys ensures that if one is ever lost, stolen, or damaged, the backup key can be used to regain access to your account.
  • Register Both Keys: Set up both keys on every account that supports their use (e.g., Google, Dropbox, Microsoft, social media, financial services, etc.).

8. Ongoing Protection and Monitoring

After recovering your accounts and enhancing their security, adopt good online security practices going forward:

  • Use a Password Manager: This helps you create and store strong, unique passwords for all your accounts.
  • Monitor Credit Reports: If financial information is compromised, regularly monitor your credit report for unusual activity. You can also consider placing a fraud alert or credit freeze.
  • Watch for Phishing Attempts: Be especially cautious of phishing emails or texts that may follow a breach, as hackers may try to gain further information by impersonating legitimate companies or services.

By following these steps, you can effectively respond to an account compromise and significantly reduce the chances of future breaches. The key is to act swiftly, report incidents, and continuously improve your security practices.


Platform Specific Help & Resources:

1. Facebook

  • Facebook Account Recovery Page: If you cannot access your account, go to the Facebook Account Recovery Page. This page helps you report a compromised account and provides steps to secure it.
  • Facebook Help Center: Visit the Help Center and search for "hacked accounts" for specific guides. Facebook provides instructions for recovering accounts that may have been taken over.
  • Identity Verification: You might be asked to verify your identity by uploading a government-issued ID. Go to the Identity Confirmation page to submit the necessary documents.
  • Some folks have also reported that by signing up with Meta Verified can give easier access to support and a better/faster resolution to account hijack and hack issues.
  • Possible Contact Emails To Reach Out Directly:
    • support@fb.com
    • support@facebook.com
    • support@meta.com
    • support@metamail.com
    • appeals@fb.com
    • appeals@facebook.com
    • appeals@meta.com
    • appeals@metamail.com

2. Instagram

  • Instagram Account Recovery: If your Instagram account has been hacked, use the Account Recovery Tool and follow the steps to request a login link to your email or phone.
  • "My account was hacked" Form: If you cannot recover the account using the usual methods, fill out the Hacked Account Form.
  • Identity Verification: Instagram may ask you to submit a selfie with a unique code for account verification or other identity documents if the regular recovery process doesn't work.

3. Twitter (Now X)

  • Twitter Account Recovery: Go to the Help with Hacked Accounts page and select "I can't log in to my account." From there, follow the instructions to reset your password or report unauthorized activity.
  • Twitter Support: You can contact Twitter’s support via their Help Center. They also have forms specifically for issues like compromised accounts.
  • Submit a Ticket: If password resets don’t work, you can submit a ticket to Twitter Support and provide details of the issue.

4. eBay

  • eBay Account Recovery: If your eBay account is compromised, go to the eBay Help Page. They offer instructions for securing your account and restoring access.
  • eBay Live Chat or Phone Support: Use eBay's Customer Support to contact them directly through chat or request a callback.
  • Report Unauthorized Transactions: If there are unauthorized purchases, report them through the eBay Resolution Center to open a case.

5. Amazon

  • Amazon Account Recovery: If your Amazon account has been hacked, visit the Amazon Help page and select "Account & Login Issues."
  • Contact Amazon Support: You can also directly reach out to Amazon Customer Service via phone or chat for help with securing your account and reporting any unauthorized orders.
  • Identity Verification: Amazon may ask you to verify your identity through email or phone if unauthorized changes are detected.

6. Venmo

  • Venmo Help Center:
    If you believe your account has been hacked, go to the Venmo Help Center. Search for "Account Hacked" to find steps for securing your account.

  • Contact Venmo Support:
    If you are locked out of your account or suspect fraudulent activity, you can contact Venmo support directly:

    • Submit a Request: Use Venmo's Contact Form to submit a request for help.
    • Venmo Support Email: Email Venmo at support@venmo.com.
    • Phone Support: Call Venmo at 1-855-812-4430 for customer service. They are available Monday–Friday, 8:00 AM–8:00 PM CT, and Saturday–Sunday, 10:00 AM–6:00 PM CT.
  • Freeze Your Account:
    If you suspect your account is compromised, you can temporarily freeze it by logging into the app and going to "Settings" > "Account" > "Security" > "Disable Account." This will prevent further transactions while you work to recover access.

7. PayPal

  • PayPal Resolution Center:
    If your PayPal account is hacked, you can report unauthorized transactions or suspicious activity through the Resolution Center. Here, you can open a case to dispute fraudulent transactions.

  • Password Reset and Account Recovery:
    Go to the PayPal Account Recovery page if you're locked out. This page helps you reset your password or recover your account.

  • Contact PayPal Customer Support:

    • Message Center: Contact PayPal through their Message Center for help with account issues.
    • Phone Support: Call PayPal directly at 1-888-221-1161 for immediate help. You may need to log in to view your customer service code to expedite the process.
    • Social Media: PayPal has active support on Twitter (@AskPayPal) and Facebook. You can send them a direct message for assistance.
  • Monitor Your Linked Bank Accounts:
    If your PayPal account has been compromised, check your linked bank accounts or credit cards for unauthorized transactions and notify your bank if necessary.

8. Square

  • Square Support Center:
    If your Square account has been compromised, visit the Square Support Center and search for "Account Hacked" to access specific instructions.

  • Square Account Recovery:

    • If you're locked out of your account, visit the Square Sign-In Troubleshooter to recover access by resetting your password or contacting support.
  • Contact Square Customer Support:
    Square offers several ways to get in touch for urgent help:

    • Phone Support: Call 1-855-700-6000 (Monday to Friday, 6:00 AM–6:00 PM PT). You will need your customer code, which you can generate by logging into the Square Dashboard.
    • Submit a Request: You can also submit a support request using their Help Page.
  • Fraudulent Charges:
    If you notice fraudulent charges, dispute the transaction directly through Square’s support channels and check your linked bank accounts for unauthorized activity.


General Tips for All Payment Platforms:

  • Freeze or Disable Accounts Temporarily: Some platforms allow you to temporarily freeze your account to prevent further unauthorized activity while you work to recover access.
  • Enable Two-Factor Authentication (2FA): Ensure you have 2FA enabled on all these accounts. Use an authenticator app rather than relying on SMS-based 2FA, as SIM-swapping attacks can intercept SMS codes.
  • Monitor for Unauthorized Transactions: Check your transaction history frequently for any suspicious activity, and act immediately by disputing transactions through the platform's support.
  • Monitor Linked Payment Methods: If your accounts are connected to payment services like PayPal, Venmo, or linked credit cards, review and remove any suspicious activity immediately.
  • Keep Payment Methods Secure: If your accounts are compromised, notify your bank or credit card issuer of any potential breaches and monitor your statements.
  • Check Email for Notifications: Many platforms send security alerts when there is suspicious activity on your account. These emails often contain links to resolve the issue.
  • Use Account Recovery Tools: Every platform has account recovery pages where you can reset your password or report unauthorized activity.
  • Social Media Support: Some companies respond to queries via their official social media accounts (e.g., @Facebook or @TwitterSupport). Be cautious about sharing personal details in public channels.


No comments:

Post a Comment