Grand Duchy of Luxembourg
Advice & Guidance
What if my login data has been compromised or even disclosed?

SOS - Compromised Data

If access to your bank account, Facebook, or email became compromised and ill-intentioned people can access them, here is what you should do:

1. Immediately change the password for the account in question.

This is the first thing you should do to protect your data. You should do this right away before criminals have the chance to access your data and change your password themselves. You should do this on a computer you trust.

If you are unable to log in to your account immediately to change your password, call your administrator so they can block your account.

Some webmail systems enable you to view all attempts to access your account and detect whether any suspicious attempts have taken place.

2. If the same password has been used for more than one log-in or online account, change the passwords for all these accounts.

It is not advisable to use the same password for more than one account. If necessary, you should change the log-in details for all your accounts, without forgetting anything.

3. Notify the account administrator that your log-in data has been compromised or published on the Internet.

They may be able to take practical steps to protect other users, in the event of a large-scale attack.

4. If your password has already been changed by a criminal

You should immediately notify your account administrator so they can block access to the account in question. They will usually be able to reset it with a new password.

5. Make a list of the information that is accessible on your account.

If any information grants access to other accounts, take steps to protect them (points 1 and 2).

If your mailbox has been compromised, check whether any confidential information was stored in it. If so, take suitable measures to protect this information. If necessary, warn any contacts who exchange confidential information with you.

Also, look at the password reminder functions for all online services you use which refer to your email address to regenerate a password. Make sure the attacker has not changed other accounts that you access through the compromised account.