First things first: it would be great to find out how the service was hacked and, more importantly, whether the hacker got hold of your data. If you notice an unusual login or transaction that's only applicable to you and haven't read about the password management service being hacked, then it could mean that a cyber criminal has somehow found a way to get hold of your data. This could be via a keylogger, malware, or other methods of infecting your computer or mobile device.
The best thing to do in such a case is to reinstall the operating system and restart your computer or mobile device from scratch to fully eliminate any malicious software from it. Change your device password and master password immediately after doing this.
Once this prepping is finished, log into the password management app and change the passwords for all important accounts such as online banking, email, and the like. Basically, you should take the same approach as with phishing thefts: change the password and activate two-factor authentication everywhere that it is available.
Choose Another Password Manager
If the password manager's central database gets hacked, then it is up to you to decide whether to stay with them or switch to a more secure service. Do some research: google the service provider's name and the word “hack” to see if it had been hacked before. If it has happened more than once, it may be a good time to pick another one…
It goes without saying that even the most reputable password managers, like any company, can run into problems that aren’t their fault. We don't have to go back too far in time to find that OneLogin, LastPass, Keeper, Dashlane were hacked, while even 1Password has had bugs identified and addressed during the last couple of years.
Sadly this list of big names proves that a breach can be inevitable because if a developer doesn't mitigate the risk by taking into consideration one or more potential attack scenarios, then cyber criminals will find the Achilles heel of the service and gain access to user data.
What makes the difference, however, is whether such hackers will obtain user data in plain text or an encrypted format. If they do somehow get into the system then you are completely exposed with data stored as plain text, but if the latter is true then the hacker has a lot more work to do because all they will get is strings of gibberish.
How to Keep Yourself Informed
If a password management service communicates well with its users, then you'll get an email or notification shortly after they notice a data breach. If you’re concerned, it’s good to keep an eye on your emails and distinguish between phishing scams and legitimate messages sent by the service provider. Regularly check the newsletter, blog, or social media channels to stay informed about the system status of the password management service.
Another great source of information is the news. Various blogs and media outlets will report a hack if one has occurred and even mention the name of the service. Check the social media feed of your preferred news service to keep yourself up to date with what is happening in this area.
Best Password Managers of 2019
|Editor's Choice 2019|
- How Does a Password Manager Work?
- How Often Should I Change My Passwords?
- iCloud Keychain
- Is a Password Manager Safe?
- Is a Password Manager Worth It?
- Is it Safe to Use Random Password Generators?
- Is It Secure to Save Passwords in My Browser?
- Should I Use a Password Manager?
- What Is a Password Manager?
- What to Do If Your Password Manager Is Hacked?
- Which Password Manager Should I Use?
- Which Password Managers Have Been Hacked?