I Got Hacked!
What to do if you have been hacked?
Go Off-line and Reset Your Passwords
Take your hacked services/servers off-line temporarily until you know you have resolved the issue. This should be done to prevent your site visitors/customers being affected. Change your password immediately on the affected service, also other services that use the same or similar password. DO NOT reuse passwords.
Update Your Antivirus Software and Scan
Use the latest version of your anti-virus / anti-spyware product and run a scan for malware and viruses that may have been the source of the attack. If you don’t have a commercial anti-virus program, try an automatic cleaning from an anti-virus company like Trendmicro (housecall service), Panda software or use Sophos free.
Take Back Your Account
Nowadays, many services such as Google, Facebook, WordPress and Microsoft have mechanisms to take back control over your account after it has been taken over by someone else. Typically you can find these procedures by searching for the service name plus account recovery.
Set Up Multi-Factor Authentication and Improve Security
Use 2-step verification for your services whenever possible to help secure your accounts. Apply all available bug-fixes and update all services to the most recent stable release. Also most services allow to turn on notifications when special or personal accounts have been accessed. Finally when connecting to your services, it is best to use secure connections such as SSL or SFTP whenever possible.
Perform a Security Audit and Forensic Analysis on All Your Affected Accounts/Servers
Go through the logs on your servers and look for suspicious activity. Best is to ask security experts to perform a security audit and forensic analysis to identify security risks and signs of potential Intellectual Property theft, industrial espionage, forgeries, inappropriate use of your email and IT infrastructure. Hackers often leave tools allowing them to get back in or they might have left tools to exploit your servers to send out spam email, launch attacks against other servers etc.