Immediately change the passwords for:

• Your primary email account (Gmail, Outlook, etc.). This is the most crucial account to secure.
• Your social media accounts (Instagram, Facebook, X, Snapchat, WhatsApp).
• Cloud storage (Google Drive, iCloud, Dropbox, OneDrive).

Tip: Use a completely new, strong password. Do not use combinations of your name or birth details. Consider using a password manager like Bitwarden or 1Password.

Someone might still be logged into your account on another device.

• Instagram: Settings > Accounts Center > Password and Security > Where you're logged in. Log out of unrecognized devices.
• Facebook: Settings > Accounts Center > Password and Security > Where you're logged in.
• WhatsApp: Open WhatsApp > Settings (or 3 dots) > Linked Devices. Remove any unrecognized browsers or computers.
• Google/Gmail: Go to myaccount.google.com > Security > Your Devices > Manage devices. Sign out of anything suspicious.
• Apple/iCloud: Go to appleid.apple.com > Devices. Remove devices you do not own.

2FA requires anyone trying to log in (even if they know the password) to enter a code sent to your phone or an authenticator app. You MUST turn this on for all accounts.

• Use an Authenticator App (like Google Authenticator, Microsoft Authenticator, or Authy) instead of SMS (text messages). SMS codes can be intercepted.
• Go to the Security or Privacy settings of each app (Instagram, Gmail, etc.) to set this up.
• Make sure to save the Backup Codes provided when you set up 2FA in a safe place.

Sometimes attackers gain access through rogue third-party applications linked to your account.

• Google: Review third-party apps with account access in your Security settings and remove anything you don't recognize.
• Facebook/Instagram/X: Go to settings and search for "Apps and Websites". Disconnect any apps you don't use or remember authorizing.