Help! I’ve Been Hacked: A Guide to Protecting your Personal Information Online

Picture this: You’ve logged into your online account only to realize your personal information may be compromised. This can feel scary, but don’t worry—here are some steps you can take to keep your online info safe.

General safety tips

If you think one of your online accounts has been hacked, change your passwords right away. Your new passwords should be unique and hard to guess. If you’re worried you’ll forget your new passwords, write them down and keep them in a safe place.
Reach out to your family and friends to inform them that you have been hacked, and to not open emails or suspicious messages from you.

I think my Facebook account has been hacked—what do I do?

If you're worried about the security of your Facebook account, you can follow these steps to protect your personal information:

Visit facebook.com/hacked, opens a new window in your web browser and complete the form to let Facebook know there’s a problem with your account.
Complete Facebook’s Privacy Checkup,, opens a new window which will walk you through adjusting settings such as who can see what you share, how people find you on Facebook, and more.
Visit your data settings, opens a new window then go to “Ad Preferences” to remove any apps or websites you don’t recognize or no longer use, as they may be able to access your data or post on Facebook on your behalf.
Active sessions show you all the devices you’re signed in to Facebook; you may not even realize you’re still logged into your account elsewhere. Don’t worry, though. You can log out of active sessions, opens a new window.
If you’ve been tagged in a photo or a post, you can review the activity you’re tagged in, opens a new window to remove or report the tag.
If someone has shared personal information about you that you don’t want others to see, you can click on the three dots above the post and select “Find support or report post.”

If you’re a Twitter user, you can find information about what to do if your Twitter account has been hacked, here, opens a new window. If you’re an Instagram user, you can also learn more about protecting your privacy settings., opens a new window

Protect your personal information in your emails and text messages

Our email accounts and text messages are important tools in our daily lives, but you also need to be careful because some links may be aimed at tricking you into providing your personal information to someone you don’t know.

Hackers are known for sending fake emails and text messages that appear to be from a legit source, such as your bank or the Canada Revenue Agency, and may claim that there is an issue that requires your attention or that you have won money.

This technique of attempting to trick people into clicking on a link that asks them to enter personal information is called "phishing." As a general rule, if something feels off about an email or a text message, it probably is.

For tips on keeping your email safe, visit:

You can also block text messages that appear “phish-y”:

What if I'm asked to provide personal or financial information over the phone?

Be careful when you are providing personal information over the phone, especially if they’ve called you. Sometimes these calls are legit, but it’s always better to err on the side of caution.

If someone calls asking you for your banking information, Social Insurance Number, date of birth, or other personal information, you can always hang up the phone and call the person back. It’s best to find their phone number by checking on their company’s website or by finding the number on the back of your bank card.

If you suspect your banking information has been compromised, reach out to your financial institution right away.

What is Two-Factor Authentication?

Many online services, such as Google, Apple, Microsoft and Facebook, offer a feature called two-factor authentication that sometimes requires you to enter a second, temporary code in addition to your password when logging in on a new device. So, even if someone else knows your password, they will not be able to log in unless they have access to the text messages on your mobile device. Turning on Two-Factor Authentication will prevent any unwanted log-ins to your accounts. Learn how to enable this setting:

Tip: If you use any of Google’s services, we also recommend taking Google’s Privacy Checkup, opens a new window!

Why do I always see advertisements for products I’ve searched for?

Does this sound familiar? Maybe you've decided to start searching for a new brand of dog food for your beloved, furry, four-footed friend, so you start browsing the Internet for dog food. Now, it seems like all you see are advertisements for dog food.

Many online companies, like Facebook and Google, make their money from advertisers, so they want to be able to target ads to your preferences making you more likely to click on their ads and buy their products. These advertisers know your preferences because of something called “cookies.” Cookies are small files stored in your web browser that allow online companies to track of your browsing habits, so think twice before you click “Allow cookies” on websites that ask you to allow them.

From time to time, it’s a good idea to clear your cookies and your browser's cache which will delete any cookies stored in your web browser. Keep in mind, though, that clearing your cookies and your browser’s cache will also remove any saved passwords. The following links provide instructions on how to clear cookies from various browsers.

How can I prevent being tracked?

Many browsers support a feature that requests that advertisers not track you. For instructions on how to enable “Do Not Track,” follow the instructions for your browser:

You may also want to consider using Private Browsing Mode. You can learn more about Private Browsing Mode, and other tips for staying safe online in our blog post, 5 Tips for Keeping Your Personal Information Safe Online, opens a new window.