Here’s What to Do If Your Credentials Are Compromised

No one wants to learn their passwords were found in hack. Unfortunately, it’s all too common of an event: Bad actors target companies and organizations, and eventually break through, stealing, among many things, login credentials. If yours are among the bunch, it’s serious.  That said, there are still plenty of actions you can take to protect yourself in such a
July 30, 2024
 / 
meritsolutions
 / 
Image

No one wants to learn their passwords were found in hack. Unfortunately, it’s all too common of an event: Bad actors target companies and organizations, and eventually break through, stealing, among many things, login credentials. If yours are among the bunch, it’s serious. 

That said, there are still plenty of actions you can take to protect yourself in such a situation. It’s important to keep tabs on communications from your connected companies and organizations: If you learned there was a data leak, or that your password was found in a previous hack, take these steps to mitigate the situation.  

Steps to take if your credentials are compromised

Most importantly, if the affected company hasn’t done so for you already, reset your password for this account. That way, the password the hackers stole is now useless. When resetting it, make sure to change a password that is strong and unique: You want to make sure your password cannot be cracked by either humans or machines.  

Second, if you know any of your other accounts use this same password, change those passwords immediately. If the bad actors who have your stolen password use it against any of these other accounts, they’ll find their way in fast. As a rule of thumb, never reuse passwords for this exact reason. Instead, make all of your passwords strong and unique, so if one account is compromised, it’s the only one. 

If you don’t have multi-factor authentication set up for the account that was compromised, set it up now. MFA requires a second authentication method to logging into your account, either through an SMS code sent to your phone, or through an authenticator app. As long as you have this trusted secondary authentication method, bad actors won’t be able to break into your account, even if they have the password. In fact, it’s essential to set up MFA on every account that supports it: While password leaks are bad, with MFA, there’s a second (stronger) line of defense to protect your details. 

Depending on the severity of the attack, especially when you keep sensitive data with the company involved, consider a credit monitoring service. This service will watch for signs of identity fraud, and, should it occur, will help you take step necessary to fend off attackers.

Share This

Leave a Reply



Sign Up for weekly MERIT Security Briefing

By signing up, you agree to our Privacy Policy.