You've been exposed...Now what?!
Please take these steps right away to protect yourself.
You are not alone. I went through what
you are going through a little over a year ago when the
MyFitness Pal App was compromised. See My Story.
Here are the steps you need to take.
Change your password for that account. If possible, also change your username. If you can’t login, contact the company. Ask them how you can recover or shut down the account.
If you use the same (or similar) password for other accounts, change them too.
Check your accounts. If the password and username were for a financial site – or even if a credit card number was stored on the site – look for charges you don’t recognize.
Once the exposed account is taken care of, it would be a good idea to start protecting your usernames and passwords for other accounts. Here are some valuable reminders for everyone:
Use multi-factor authentication when it’s available. Multi-factor authentication adds another layer of protection against attacks. What’s multi-factor authentication? To log in, you must combine something you know (like a password), with an additional factor, which is usually something you have (like a code texted to a mobile phone) or something you are (like a fingerprint). More and more companies are offering it. We love and use the Authy App. Click the link for a How-to and a full breakdown that I put together.
Make your password long, strong, and complex. That means at least twelve characters, with three different “character classes” (uppercase, lowercase, numbers, symbols). It’s best to put non-lowercase letters in the middle of your password. Also, avoid common words, phrases or information in your passwords. And if you’re not sure if you’ve been affected by recent breaches (such as LinkedIn, Myspace, and Tumblr), it’s safest to change your passwords just in case. Sounds a little daunting, huh? Start with the password that we have alerted you to and then focus on changing 1-5 passwords a week. Click here for some tricks and tips to picking passwords.
Select security questions only you know the answer to. Don’t use questions whose answers can be found through online public records searches – like your birthplace or your mother’s maiden name. Don’t use questions with a limited number of responses that an attacker can easily guess – like the color of your first car.