Q. Could you please review best practices if one’s email is hacked? Is changing the password for that email sufficient? Is it necessary to change the email address (use a whole new email) for each site, like Amazon, that uses the hacked email as the user login?
A. If you still have access to the compromised account, changing the password is one of many steps you should take to protect yourself. If you are having trouble regaining control of the account, visit your mail provider’s site for instructions on recovering your account. Apple, Google, Microsoft and Yahoo all have guides on their sites, as should other email and internet service providers. Tell your friends that your account was hacked and to ignore any odd messages that appear to have come from you.
Next, check your mail settings to make sure nothing has been changed — like copies of your messages set to forward to an unfamiliar addresses, unfamiliar entries in your address book, or new links or information added to your email signature file. Take this opportunity to change and update your security questions and answers that your provider uses to confirm your identity if you use the Forgot Password option.Read more ↓
While you are in your mail settings, set up two-factor authentication or two-step verification if you have not already and the feature is available from your mail provider. You will need to provide a code or acknowledge a login attempt on another device after you enter your password, but the extra step helps keep your account more secure.
If you have rescued your account and bolstered its defenses, you should be able to keep using the address as a login for other sites, but go in and change the password you used with it, along with all the other passwords for other sites where you used the address as your login. You should also update any site where you repeatedly used the same password as the one for the hacked mail account.
Source by nytimes..