A password manager like KeePass and LastPass makes it easier to create truly unique passwords for each site and service. Alternatively, you could create a master passphrase and tweak it slightly for each service; so, for example, you can use ThisIsMyPassword-forWebMail and ThisIsMyPasword-forGoofingOffonFacebook.
4. Notify friends and family of possible security issues. Often hackers will use your account to attach malware or send phishing emails to your contacts (e.g., “Dear Mom and Dad, I’m stranded in a foreign country and got robbed. Please send money.”) If your email has been hacked, warn your contacts not to click on any links from that account.
5. Set up credit monitoring. If the hacked account has any financial information (credit card or bank account, for example) tied to it, keep a close eye on your statements. Often, companies whose user databases have been hacked will offer customers free credit monitoring. If not, sites like Credit Karma and Credit Sesame can monitor your credit profile, so you’ll know if someone tries to open a new account in your name.
6. Revoke access to third-party applications. A hacker could possibly link your account to malicious third-party apps without your knowledge, so even if you regain control over your account, the hacker could still continue stealing your information. Take the time to review your permissions for these connected apps and remove any unknown or suspicious ones. MyPermissions is a useful landing page for seeing what apps have permissions on a variety of services, including Facebook, Twitter, Google, and Dropbox.
7. Protect your account. If two-factor authentication is an option, make sure you set that up on your account as soon as possible. Two-factor authentication is the best protection we have right now; it requires additional verification when anyone tries to log into your account from a new device. You should also sign up for alerts in Google, your bank accounts, and wherever possible for any suspicious activity in your account.