Skip to content

Trending tags

What steps should you take when your email has been pwned?

Luciano Hernández

24.10.19 5 min. read

Every now and then a large breach on a major website or service is broadly reported around the world. It is only healthy to question whether your information has been part of the breach, and if your passwords and email addresses have ended on the hands of hackers. That’s basically what being pwned means, your account information being compromised.

Hacking your email account is possibly the first step of identity theft. If your email account has ended up in the wrong hands, it can be used to purchase goods in your name, and it can be used to spread malware or as a part of a botnet. It can also lead to your other accounts being pwned too. It might be you have linked your credit card information with the same login credentials on another account. If you have reused your password and email combination, the one who has gained access to your information can use this to wreak havoc on your other profiles as well. All this is not merely a nuisance, this could cause financial damage, and through identity theft it can lead to legal problems as well.

There are many ways this could have taken place. In addition to being part of a breach, your email account can be hacked through malware attacks on any of your devices, or through phishing activity. You can check if your information has been a part of a breach on e.g., but otherwise it can be difficult to be sure of the way your email has been compromised. The next steps to secure your account aren’t really that different from each other in the end. Here are four things to do if your email has been pwned.


  1. Make sure your antivirus programs and operating systems are up to date

One of the reasons software is regularly updated is to prevent hackers from utilizing flaws and weaknesses in the software. Not only do updates make the software better, they also make the software more secure. Updating your cybersecurity programs and the operating system on each of your device is important in protecting yourself from being pwned. Automatic updates can save you from a lot of trouble if you do not yet have them enabled.


  1. Change your passwords

It might feel obvious, but this is also one of the most important steps to take. It’s a healthy habit to change your passwords every now and then, but it becomes imperative If you suspect or know that your email has been pwned. If you have reused your password on other accounts, which is a habit you definitely should get rid of, you should change passwords for those accounts as well. Yes, it can be tiresome to have multiple passwords, but we are talking about your own security here. Can you be too secure?

If your password has been changed for your hacked account, don’t panic. You may still be able to restore your account through the “forgot your password” function, provided you have placed security questions or a back-up email address or mobile phone.

Speaking of security questions, you should change them as well. It is possible the attacker gained access to your account through breaking your security questions, especially if you used answers that can be guessed based on your social media profiles or personal information.


  1. Scan your device for malware

Even if you know that your account was pwned through a massive breach, it is still a good idea to run a full scan on your device. You should regularly do this even if everything seems to be fine, because malware can be inconspicuous. If there is malware on your device, changing your passwords aren’t enough, because the attacker might gain access to your new passwords as well for example through a keylogger. If the scan does detect infection, deal with it and change your new passwords again. They might have already been compromised.


  1. Check your email settings

If pwned, your email can be set to do things you don’t want to, such as forwarding your messages to the attacker, or automatically send messages spreading malware or spam. Check your settings and see if you find anything alarming.

You might also want to send an email to your contacts or post on social media that your account has been hacked to warn against opening any attachments sent by, well, you. This can save your contacts from being infected by malware.


How can you protect yourself from being hacked?

Always be cautious when opening files or installing programs. You should do this only when you trust the origin of the file. Don’t fall for phishing scams or spam, be cautious of the source of messages. Most likely you didn’t win the lottery, your bank or the authorities don’t ask you to authenticate information online and the hot milfs in your area probably would use other methods to contact you.

Enabling two-factor authentication is a very good way to make it harder to hack your account. That’s why many banks and service providers use it. You should follow their example and use it when possible.

Last, always use strong passwords. The harder your password is to guess, the better. You shouldn’t reuse your passwords especially on important and sensitive accounts. If you get a password manager to secure your passwords, you only have to remember one to access all the rest. F-Secure KEY – our password manger — is free on any one device and is included as part of F-Secure TOTAL.





Luciano Hernández

24.10.19 5 min. read


Leave a comment

Oops! There was an error posting your comment. Please try again.

Thanks for participating! Your comment will appear once it's approved.

Posting comment...

Your email address will not be published. Required fields are marked *

Related posts

Newsletter modal

Thank you for your interest towards F-Secure newsletter. You will shortly get an email to confirm the subscription.

Gated Content modal

Congratulations – You can now access the content by clicking the button below.