Front Page: NCSC-FI
Front Page: NCSC-FI
Menu

Information security now!

Attempts to break into and hijack accounts used in online services are often made using different methods. This article contains brief instructions on how to protect yourself in advance and what to do after a breach.

Often, attempts to break into the accounts of different services, such as social media, games and e-mail, are made actively using different methods. This article has a short list of the most effective protection methods and instructions on what to do after a breach, as well as links to the instructions of the most common services in case of these situations. With regard to services offered by an organisation (such as the workplace), you should contact maintenance or technical support both when checking the security settings and in case of a data breach.

Proactive protection

  1. Use a unique password for each service.
  2. Make sure that there is more than one type of contact information linked to the account (e-mail, telephone number or similar).
  3. Check that the contact information linked to the account is active and under your own control – the e-mail account exists and you can access it, the telephone number has been entered correctly and it is still in use.
  4. Use two- or multiple-factor authentication (2FA, MFA); see links to the most common services below.
  5. Make sure that you have other options available in addition to the primary MFA option. You should think about what to do if an application on a smart device cannot be used because the device is broken, for instance (in that case, e.g. an SMS-based additional confirmation can be used as the second option).
  6. Make sure that the e-mail addresses linked to the services’ accounts have also been protected based on the things you have now learned.
  7. Keep delegated rights, if any, and their consequences in mind – if the account has rights to other accounts or services, or if other accounts can use the account, they should be protected in the same way to avoid vulnerabilities.

After a breach

  1. Try to take control of the account back by using the automated tools of the service in question. Beware forged phishing messages! Many services have automatic warning functions in use for password changes and new logins.
  2. Contact the service’s administration to start the account restoration process, if the automated tools do not work. Links to the most common services can be found below.
  3. File a report of an offence in the case. You can file the report of an offence in the case either online or at your local police station. Demand that the perpetrator be made responsible for their offence. If the process feels difficult, ask for help from Victim Support Finland (RIKU).
  4. Report the matter to the National Cyber Security Centre Finland. You can either use the notification form (below) or send a free-form e-mail to the address cert@traficom.fi.

Useful links

If you think that a popular service is missing from the list below, please tell us about it on Twitter! Our handle is @certfi.

Police of Finland

File a police report (External link)
Cybercrime (External link)

Victim Support Finland

Contact request (External link)

National Cyber Security Centre

Report to us (Notification of intormation security breach)
Take control of your passwords – Who is using your account?
Guide to protecting yourself against data breaches

Facebook

Report Compromised Account (External link)
What is two-factor authentication and how does it work? (External link)

Twitter

Help with my hacked account (External link)
How to use login verification (External link)

Instagram

I think my Instagram account has been hacked (External link)
What's two-factor authentication? How do I use it? (External link)

LinkedIn

Reporting a Hacked Account (External link)
Two-Step Verification - Overview (External link)

Apple ID

If you think your Apple ID has been compromised (External link)
Two-factor authentication for Apple ID (External link)

Gmail, Google accounts

Secure a hacked or compromised account (External link)
Turn on 2-Step Verification (External link)

Hotmail, Outlook, Live

My Outlook.com account has been hacked (External link)
How to use two-step verification with your Microsoft account (External link)

Twitch

Account hacked, what do I do? (External link)
Setting up Two-Factor Authentication (2FA) (External link)

PayPal

Report identity theft (External link)
How do I turn on or off 2-step verification for PayPal account login? (External link)

Pinterest

Reset password (External link)
Contact support regarding account access issues (External link)
Two-factor authentication (External link)

WhatsApp

Stolen accounts (External link)
About two-step verification (External link)

Yahoo

Secure your Yahoo account (External link)
Add two-step verification for extra security (External link)