Showing results for 
Show  only  | Search instead for 
Did you mean: 

Welcome to our blog

Check out the latest on everything from staying safe online to getting the best from your service.

4 steps to take if your email has been pwned

If your email account has been compromised – often called being ‘pwned’ - then your personal information is in danger. This article guides you on what to do next and provides some top tips on how to avoid getting pwned in the first place.


What does being pwned mean?

Being pwned means that someone has taken control of your email address, or a user profile that has been created with it. And hacking an account is possibly the first step of identity theft, with online accounts often containing sensitive personal information, such as your credit card number, phone number, home address, and full name.

Identity theft can cause financial damage, intense personal stress, and a plethora of legal problems. And if your email account and password end up in the wrong hands, criminals can access your personal details and purchase goods in your name. Things can get even worse, though because if you have reused the same password and email on other accounts, criminals can access these profiles as well, increasing the risk of identity theft exponentially.


How does your email get pwned?

Almost every week significant data breaches happen which can lead to your login credentials being stolen. If you would like to check if your information has been exposed in a data breach, you can try this free Identity Theft Checker from our cyber security partner F-Secure.

It’s not only data breaches where your details can be stolen though, your accounts can also be obtained by infostealing malware or through phishing scams as well. But there’s no need to panic. If your account has been pwned, here are four things you can do to mitigate the risk:

  1. Make sure your device has online security installed and your operating system is up to date

    Viruses and spyware can steal personal information and login credentials. Having up-to-date antivirus and operating systems on your devices is important in protecting your accounts from being pwned. The majority of core software that we use is regularly updated by vendors to prevent hackers from utilizing flaws and vulnerabilities. And so, turn on automatic updates, which can save you from a lot of trouble if you do not yet have them enabled.

  2. Scan your device for malware

    If there is malware on your device, changing your account password isn’t enough. That’s because the attacker can steal your newly created password using malware. So, before you change any passwords, run a malware scan. If the scan detects an infection, deal with it first. If you already changed passwords, change them again. Because they might have already been compromised.

  3. Now, change your passwords

    Changing your password is the most important thing to do if your account has been pwned. If you have reused your password on other accounts, you should change passwords for those accounts as well.

    Criminals will try to access accounts with payment details and other valuable data. But if the attacker has already changed your password in a hacked account, don’t panic. You may still be able to restore your account through the “forgot your password” function.

  4. Check your email settings

    If your email account has been pwned, criminals can set it to automatically forward your messages to the attacker and to send malware, phishing scams, or spam. So, check your settings and see if you find anything alarming.

    You might also want to send an email to your contacts or post on social media that your email has been pwned, to warn against opening any attachments sent by you. This can save your contacts from being infected by malware.


How can you protect your email from being pwned?

Dealing with a compromised email address is possible, but the best course of action is to never let it happen in the first place. And you can cut that risk significantly by following these simple steps:

  1. Pay attention to the sender addresses of emails and SMS messages; don’t fall for phishing or smishing
  2. Be cautious when you open files, links, or install programs. Your bank or authorities don’t ask you to authenticate information online. Most likely you didn’t win a lottery prize either, and the “hot singles in your area” would probably use other methods to contact you
  3. Enabling two-factor authentication is essential in protecting your online accounts. That’s why many banks and service providers use it. Follow their example when possible
  4. And finally, always use unique passwords.

TalkTalk’s SuperSafe online security, protects up to 10 devices keeping all of the family’s smartphones, tablets and computers safe. Included with SuperSafe is a really helpful Password Manager which generates and securely stores unique passwords for you. It makes logging in to your online accounts easier, safer and faster as you can copy paste or autofill them when needed.

SuperSafe online security is just £4 per month (normally £140 a year). Once you’ve selected SuperSafe in My Account, you will receive an email from F-Secure to install the apps onto your devices.

Go to My Account where you can add  SuperSafe 

Beat the Scammers

about simonb

I Like to travel around the Mediterranean, I have 2 grandchildren who are so entertaining. I also like cooking and socialising.

Read more of my blog posts

More like this