Security breaches suck. Unfortunately, they’re quite common. As reported by The Washington Post, the latest high-profile ransomware attack hit Dish and its subsidiaries, Sling TV and Boost Mobile, six weeks ago, and customers are still having issues getting through to customer support. While the company has not confirmed whether any sensitive user information was stolen, we do know that at least some data was stolen. When lacking clarity in these sorts of situations, it’s best to assume your data was compromised, and take steps to protect yourself.
Watch for suspicious activity
We’re all inundated with spam messages on a daily basis, but following a data breach, keep a closer eye on them. If you notice text messages or emails informing you of accounts being created or credit cards being opened that you know aren’t legit, it could be a red flag someone is abusing your stolen information.
At the same time, fake account creation messages are a phishing tactic too — so if your suspicions have been raised, tread carefully. Never click on any links or download any attachments in strange emails or texts. Always visit a trusted organisation’s website by typing the address in the URL bar yourself, and call them directly to address any concerns about fraudulent accounts. It’s an odd tightrope to walk, but it’ll help protect you in the long run.
Change your passwords (and start using a password manager)
When you find out a company, such as Dish, has been hacked, you probably think to change your password. But it’s good practice to change other account passwords, too, particularly if you’ve reused that combination of compromised password and email address before. Ideally, you shouldn’t be doing that, but I’m a realist — I know most of us recycle passwords.
If you have accounts that share the same password as the hacked company, change those passwords, too, as one way hackers break into your accounts is by using passwords leaked from hacks elsewhere. If they now have your Dish password, they’ll try it against your other valuable accounts. And to keep this from being an issue in the future, start using a password manager to keep track of all of your account logins. (Here are seven we recommend.)
Set up two-factor authentication
Let’s say hackers take your stolen password and try to sign into an account of yours that happens to share that password. If you didn’t change it yet, they’ll automatically have access to the account — unless you’re using two-factor authentication (or 2FA).
2FA requires both your password and a code in order to enter your account. That code could be sent to your phone via SMS (although this isn’t the most secure method), generated using a 2FA authenticator app like Google Authenticator, or through a physical security key. You should set up 2FA with any accounts that support it, including accounts that were previously compromised.
These tips are helpful for protecting your interests going forward, but they can’t hold companies accountable. Complaining, however, can.
There’s no guarantee that complaining will do anything, but it can help you in two ways. First, you’re alerting these agencies to the issue at hand, and second, you’re starting a paper trail that will be a boon to you in the event litigation is brought against the company that did you harm.