If your dark web scan shows you have had a password stolen, it means they are available for criminals to use. While this doesn't mean criminals have already hacked into your accounts, it does mean you're vulnerable to identity fraud.
You should take action quickly to limit further damage. Here's what to do next:
1. Change your passwords for all your accounts
If you’re still using this password and you can see which account has been hacked, change it there first. But if like many people, you’ve used this password for lots of sites, you’ll need to change it for your other accounts too.
2. Prioritise your most important accounts
Changing passwords can be time-consuming, so prioritise these accounts:
- Any account that provides access to other sites (e.g. your email account, password managers, Facebook, Google)
- Financial accounts (e.g. your bank account, credit card account, PayPal, ClearScore and investment platforms)
- Sites that hold your payment details (e.g. Amazon and other online shopping sites)
- Government sites such as myGov which also has access to your Super
3. Use a different password for every account
To maintain security of your accounts, you need to use different passwords for every account, and make them as long as possible. Try joining three random words together for a stronger password.
4. Use a password manager
To keep track of all your passwords, you could try using a free password manager or a high-quality paid product with extra features.
5. Turn on two-factor authentication
We also recommend that you turn on two-factor authentication (2FA) on all your important accounts, including your ClearScore account. You can turn this on in your ClearScore account under ‘Login and security’. Two-factor authentication adds another layer of protection, by asking you to re-confirm your identity using something other than a password. This could be a text to your phone, or an authentication app, for example. Two-factor authentication is a must for your email, banking, social, PayPal, ClearScore and password manager accounts.
If your identity has been compromised on the dark web, you should also continue to monitor your credit report at least monthly to ensure nobody has taken credit out in your name. ClearScore also provides free alerts to let you know if there are new enquiries for credit under your name. Check your report.