What To Do After You've Been Hacked | Gadget Lab | Wired.com: What to Do After You’ve Been Hacked
By Mat Honan
Reset Your Passwords
Immediately change the password on the affected service, and any others that use the same or similar password. And, really, don’t reuse passwords. You should be changing your passwords periodically anyway as a part of routine maintenance. But if you’ve just been hacked, it’s now more urgent. This is especially true if you reuse passwords, or use schemes that result in similar passwords (like 123Facebook, 123Linkedin, 123Google).
“Password reuse is one of the great evils and its very hard to prevent,” says PayPal’s principal scientist for consumer security Markus Jakobsson. Sites can set up password requirements — for example a character length or that a password include symbols and numbers — but they cannot force people into not reusing the same or similar passwords. “It’s very common for people to use similar or the same password but it’s very rare for people to realize that it creates a liability for them to do it and that they need to change their password after they’ve been hacked.”