Shapes

Cyber security

What to do if your password has been compromised?

12 August 2022

The dreaded day has come. You have been notified, or believe that your beloved and much-used password has been compromised. 

Is your password compromised?

Immediately, you think back on all those times that you should’ve listened to everyone that warned you against doing exactly what you’ve done. You curse yourself, knowing that it wouldn’t have happened if you’d simply not used the same password for absolutely everything. 

[insert said password] Never let you down before. It was so memorable. You thought you’d picked a good one; convinced yourself that the hackers would never guess it. Well, until today.

“53% of people rely on memory to manage their passwords” This is now outdated thinking. With the number of accounts needing username/password combinations we have in this day and age, it is near impossible to remember them if you are using them correctly. Passwords should be unique and use a combination of letters, characters and numbers and the best way to manage this is by using a password generator and manager tool.

“51% use the same passwords for both work and personal accounts”  As mentioned, passwords should be unique to every account. Bringing these same passwords to work spreads the risk and can put not only yourself, friends and family at risk from a personal POV but also your work colleagues and business as a whole. 

“The password ‘123456’ is still used by 23 million accounts” While this may be comforting to think that many people out there are doing this, the chances are their credentials have been breached. To find out if yours have, follow the steps below. 

(Source - Password statistics

“59% use their name or birthdate in a password” Information such as this is much more widely available than you may think

“43% have shared their password with someone” 

“Almost two-thirds of people use the same password across multiple accounts”  

(Source - Password statistics

 

What happens to compromised data after a security breach? 

If your company has a compromised password or has been involved in a data breach, the aftermath could prove difficult, especially if important documents or customer information is exposed. 

For individuals, a data breach could result in hackers gaining access to your accounts, viewing your emails, medical records, bank details and more. For worst case scenarios, a hacker could even steal your identity; with this, they could ruin your credit score, steal money or damage your reputation. 

The impact on businesses, if someone in your company’s password has been compromised, can prove catastrophic, from causing malware infiltration to important data being breached and more. 

For businesses, you can hire an IT support company that specialises in cyber security services. As part of this security service, they should offer dark web monitoring alongside their other services. With dark web monitoring, this involves gaining threat intelligence about stolen user data associated with your company domains, alerting when a compromise is detected. Then, the team can stop potentially costly and widespread data breaches. 

Follow these steps if your data has been compromised in a security breach: 

  1. Get confirmation of the breach and if your information has been exposed 
  2. Find out what type of data has been stolen 
  3. Change and strengthen online logins and passwords 
  4. Contact the right people/ seek help from an IT company and take immediate action 
  5. Stay alert – monitors your accounts or reach out to an MSP who can do this for you. 

What to do if your passwords are compromised? 

Are you using the same password on multiple accounts? Are your passwords compromised? 

This is a common mistake and it can have a domino effect, on both personal accounts as well as for businesses, allowing hackers to take down multiple accounts by simply cracking one, single password. 

Follow these top tips for  protecting your accounts after a security breach: 

  1. Change ALL your passwords in accordance with your business's password policy
  2. Implement multi-factor authentication 
  3. Check your bank accounts to see if payment details were included in the breach 
  4. Turn off ‘share my location’ 
  5. Don’t auto-join local Wi-Fi networks 
  6. Use an IT service provider, like Bluecube, that monitors the dark web for credential sharing 

Perhaps you’re just worried your passwords compromised, or you’ve received a notification letting you know that your password has been hacked. DON’T click any link you receive as it could be phishing. Whatever the reason may be, here are some ways you can tell if your password has been hacked. 

  1. Log into the account on another device and see if the account is live. If it is, change your password immediately 
  2. Check haveibeenpwned.com.  Put your email in and it will tell you which account has been part of a data breach and which company/account this was from.
  3. If you're not comfortable, get an MSP to do it. We can constantly monitor your credentials and if you have many to manage, it may be easier to outsource.

 


Related Articles

Has your business fallen victim to a cyber-attack or IT security breach? Let’s get your systems back up and running - contact Bluecube today

At Bluecube we specialise in providing cyber security services to businesses of all sizes across the UK and overseas. Our crisis response team can help get you back up and running, give us a call today on 0845 257 8010, alternatively, you can fill out our online enquiry form, and we’ll be in touch as soon as possible.

Latest