Another day, another big information security breach. This time, it’s LinkedIn and eHarmony, but it seems like only yesterday that Sony, Zappos, Nintendo, ATT, Global Payments, and even the Department of Defense were scrambling to deal with huge numbers of stolen passwords and compromised accounts.
All things being equal, one thing is increasingly clear: If you buy, sell, congregate or communicate through a computer, you’ll probably have your account hacked at least once in your lifetime. And if you haven’t already faced the momentary fear and loss, the sense of disassociation and confusion that accompany a data breach, you’re lucky — and probably overdue.
(Admittedly, there are some people for whom this isn’t an issue. If you change your passwords weekly, always choose random selections of numbers, letters and symbols, and scrupulously refuse to use the same password more than once, chances are much higher that you’ll manage to avoid having your accounts hacked. Then again, if you’re constantly generating, memorizing and changing passwords, chances are that you’re already dealing with a fair bit of terror.)
Laughing at LinkedIn
For the rest of us, the question is not if — or even when — we are going to be hacked. It’s how we’re going to deal with the aftermath. The first thing to do is not delay. As The Los Angeles Times’ Salvador Rodriguez noted when LinkedIn was hacked, the Twitterverse was flooded with e-mails giggling about the site’s general lack of utility. One user commented “If my LinkedIn profile was updated or signed in to in any way in the last four years, then yes, it was hacked,” while another piped up with, “Gee, I sure hope nobody got my LinkedIn password! If your friend request gets accepted, you’ll know I was hacked.”
While the Twitterers fiddled and LinkedIn burned, a bigger problem may have been developing. Many people use the same password on multiple sites, which means that, for a significant fraction of those 6 million to 8 million LinkedIn users, both their e-mail addresses and their common passwords were in the wrong hands.
Fixing the Problem
And therein lies the first key to dealing with a compromised account: Don’t waste time. If you find out that one of your accounts may have been hacked, move quickly to isolate the problem. The first step is to check the malware and antivirus software on your computer.
Make sure that your protection is up to date, and run the programs to ensure that your computer is clean. This is vital, as many viruses will continue to send your data back to the person who hacked your account. Jon Chase, on AOL’s Switched, lays out the step-by-step process of dealing with a hacked e-mail account, but the most important lesson is that you need to be proactive.
Regardless of whether your e-mail account has been hacked or you just suspect that your personal information might be vulnerable, the key is to keep the breach from spreading. Once you’re sure that your computer is clean, change passwords, activate security questions, and generally do everything you can to limit your vulnerability. If you have any concerns about your accounts, notify administrators and anyone else who may be affected.
Gallery: 9 Scary Ways Criminals Use Facebook
But even halting the spread of your breach won’t do much to overcome your initial security problem. Chase suggests creating a minimum of three e-mail addresses — one for business communication, one for dealing with your service provider, and one for registering on sites like LinkedIn. Another security option is using a password vault, like Clipperz or KeePass, which allow you to keep all your passwords in a single, highly protected place.
As long as people use the Internet to move money, goods and services, our data will continue to be a big, attractive target. And, while security tools are getting more sophisticated, so are the people seeking to subvert them. The key to your peace of mind will be setting up structures that will make it easier for you to survive the inevitable attack.
Bruce Watson is a senior features writer for DailyFinance. You can reach him by e-mail at firstname.lastname@example.org, or follow him on Twitter at @bruce1971.