Skip to content

Trending tags

What steps should you take when your email has been pwned?

Luciano Hernández

24.10.19 3 min. read

If your email has been pwned, it means that the security of your account has been compromised. Almost weekly there’s a new data breach on a website or service broadly reported around the world. It is only healthy to question whether your information has been part of such breach. It could mean your passwords and email addresses have ended on the hands of cyber criminals.

Hacking an account using your email address is possibly the first step of identity theft.  There’s a lot of sensitive information linked to your email address. You might have linked your credit card information or some other important personal information with the same login credentials on another account. If your email account has ended up in the wrong hands, criminals can use your information to purchase goods in your name, and it can be used to spread malware or as a part of a botnet. If you have reused the same password and email combination on other accounts, the one who has gained access to your information can use this to wreak havoc on these other profiles as well. Identity theft can cause you financial damage and legal problems.

There are many ways your email can be pwned. In addition to being part of a breach, your email account can be hacked through malware attacks on any of your devices, or through phishing scams. You can check if your information has been a part of a breach. F-Secure has a free tool you can use for that. Otherwise it can be difficult to be sure of the way your email has been compromised. In the end, the next steps to secure your account aren’t really that different from each other. Here are four things you should do if your email has been pwned.

1. Make sure your antivirus programs and operating systems are up to date

Malware is a major reason of personal information being acquired by criminals. Having up-to-date cyber security programs and operating system on each of your device is important in protecting your accounts from being pwned. Software is regularly updated to prevent hackers from utilizing its flaws and weaknesses. Not only do updates make software better, they also make the it more secure. Automatic updates can save you from a lot of trouble if you do not yet have them enabled.

2. Scan your device for malware

If there is malware on your device, changing your passwords aren’t enough. The attacker might gain access to your new passwords for example through a keylogger.

Before you change any passwords, scan your device for malware. You should regularly do this even if everything seems to be fine, because malware can be inconspicuous. Some malware can even deactivate your antivirus software, if it’s not powerful enough to prevent it.

Even if you know that your account was pwned through a massive breach, it is still a good idea to run a full scan. If the scan detects infection, deal with it first. If you already changed passwords, change them again. They might have already been compromised.

3. Now, change your passwords

This is one of the most important steps to take. It’s a healthy habit to change your passwords every now and then. If you suspect or know that your email has been pwned, you must change them. If you have reused your password on other accounts, which is a habit you definitely should get rid of, you should change passwords for those accounts as well. Yes, it can be tiresome to have multiple passwords, but we are talking about your own security here. Can you be too secure?

If your password has been changed for your hacked account, don’t panic. You may still be able to restore your account through the “forgot your password” function, provided you have placed security questions or a back-up email address or phone number.

Speaking of security questions, you should change them as well. It is possible the attacker gained access to your account through breaking your security questions. This is possible if you used answers that can be guessed based on your social media profiles or personal information.

4. Check your email settings

If your email account has been pwned, crooks can set it to do things you don’t want to. These can include forwarding your messages to the attacker and automatically sending malware or phishing spam. Check your settings and see if you find anything alarming.

You might also want to send an email to your contacts or post on social media that your email has been pwned to warn against opening any attachments sent by you. This can save your contacts from being infected by malware.

How can you protect your email from being pwned?

Pay attention to the source of messages; don’t fall for phishing scams or spam. Always be cautious when opening files, clicking on links or installing programs. You should do this only when you trust the origin. Most likely you didn’t win the lottery, your bank or the authorities don’t ask you to authenticate information online and the “hot women in your area” probably would use other methods to contact you.

Enabling two-factor authentication is a very good way to make it harder to hack your account. That’s why many banks and service providers use it. You should follow their example and use it when possible.

Last, always use strong passwords. The harder your password is to guess, the better. You shouldn’t reuse your passwords especially on important and sensitive accounts. If you get a password manager to secure your passwords, you only have to remember one to access all the rest.

F-Secure ID PROTECTION  is a safe and handy password manager. It also allows you to set your personal information for 24/7 monitoring, so when your email has been found to be part of a breach, you will be alarmed. ID PROTECTION is included also in F-Secure TOTAL.





Luciano Hernández

24.10.19 3 min. read


Related posts

Newsletter modal

Thank you for your interest towards F-Secure newsletter. You will shortly get an email to confirm the subscription.

Gated Content modal

Congratulations – You can now access the content by clicking the button below.