What To Do Immediately If Your Email Is Hacked - smadatek
June 26, 2018


Several years ago, Yahoo fell victim to the largest data breach in Internet history. Names, email addresses and passwords for every single customer account on the company’s servers were exposed in a cybersecurity attack of unprecedented scale and sophistication. Three billion users across multiple services under Yahoo’s umbrella were left vulnerable as a result of the hack. Despite the far-reaching security repercussions of such a massive data breach, complete details only came to light in late 2017 after Yahoo’s new parent company Verizon was made aware of the true nature of the incident.

Whether you’re a longtime user of services like Yahoo Mail, or you are signed up to similar cloud-based offerings from email providers such as Microsoft, Google and Apple, these startling revelations should inspire some well-founded concerns about the security of your own email address. After all, your email may be the single most important digital asset you own. The communications on your account hold crucial information about your professional networks, personal relationships, and credentials for every other digital service for which you’ve signed up. In unscrupulous hands this sensitive data could be used for identity theft, financial fraud, and blackmail.

While there are safeguards you can implement to deter cyber criminals from accessing your account, in a widespread severe breach these best practices may not be enough to prevent your email account from being hacked. In these situations, swift action is required to prevent further damage. Here are the steps we at Smadatek recommend that you take if you believe your email account has been compromised.

Try to Change Your Password

You need to verify whether your email address is still accessible. Most hackers will immediately change your password to prevent you from using your account. If you are able to secure entry before this has been done, you can reduce the threat of further attacks.

Make sure your new password differs completely from your last one, and don’t reference any easily guessed personal details such as your birthday or your pet’s name. Ideally, your password should be at least 10 characters long, and it should include, a special character and number.

In addition, you should look to change your answer to any secret questions used in the account recovery process. After doing so, confirm that the alternative email addresses and phone numbers associated with your email account are not changed.

Once you have confirmed the changes, implement 2-factor authentication on your account if available. With this vital step, any future access attempts on your account will require an additional verification (usually a code sent to or generated on your smartphone) in addition to the password before the login will be successful.

Recover Your Account

If you cannot access your account using your old password, then you will need to put in some extra effort before you can recapture sole control of your email address. Start with the “forgot your password” option and check out the recovery options available. It may be as simple as sending an email to an alternative account or a text message to your mobile phone to regain control.

If these options are not available, or you do not have access to your alternative accounts then you will need to browse through the help center for your email provider for other means of securing access. In worst-case scenarios you might be forced to run the customer service gauntlet to see if you can find a sympathetic employee that is willing to help.

Once you regain access, immediately implement the steps detailed above.

Check Your Email Settings

Keep an eye out for any changes made to your email settings and reset them back to your preferences. Possible issues you should be aware of include:

  • An unfamiliar forwarding address added to your email
  • A new “reply to” email address that tricks your contacts into sending their replies to a different account
  • An enabled auto-response option, used to send out spam messages to your contacts
  • Malicious links added to your email signature

Once you have reset any changes to your settings, scan over your sent folder to see if the hacker sent out any sensitive information found in your email history.

Change Passwords for Other Accounts

If you are using the same email and password for multiple accounts, get to work changing your login credentials for these services as soon as possible. This would be a good time to choose unique passwords for each service.

Scan your email inbox and trash folders for any password reset messages. Most hackers can identify other websites that make use of your primary email address. Once they have figured that out it is simply a matter of sending a password reset link and you suddenly have a plethora of compromised accounts on your hands. Make sure to reset login credentials for any similarly breached logins.

Notify Everyone Involved

Email everyone on your contact list including business associates, family members and friends about the breach. Next, get in touch with your email provider and report the details. Not only will this alert them to future infiltration attempts, but they may also be able to provide you with further details about the incident and where the access attempts came from.

If you feel sensitive information like bank records have been compromised, you may want to reach out to a credit reporting agency and have them track your personal credit activity in the months following the incident.

Partner With a Cybersecurity Firm That Can Keep You Secured Around the Clock

At Smadatek, we specialize in providing businesses with the knowledge and technology they need to protect their vital systems and data. In a quickly evolving digital environment, you need a business partner with expertise in the information security best practices. Contact us today for more ideas to safeguard your privacy online.


Chris Adams,
CEO, Smadatek

Five Questions to ask before signing or extending your IT Support Contract

About the Author

Chris Adams, President Adams Technology Group, Corp. My companies are smadatek: managed IT & consulting; smadaLabs: computer sales & service; and smadaPro: customer service consulting.

Chris Adams, President Adams Technology Group, Corp. My companies are smadatek: managed IT & consulting; smadaLabs: computer sales & service; and smadaPro: customer service consulting.

Chris Adams, President Adams Technology Group, Corp. My companies are smadatek: managed IT & consulting; smadaLabs: computer sales & service; and smadaPro: customer service consulting.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}