Got hacked – virus on PC, Facebook/Instagram/Reddit compromised. Did I do everything right?

Ensuring Cybersecurity After a Personal Device Breach: A Comprehensive Guide

In today’s digital landscape, cybersecurity incidents can be both unsettling and complex to resolve. Recently, I experienced a situation where my personal computer was suspected of being infected with malware, which subsequently led to suspicious activity on my social media accounts—namely Facebook and Instagram—and a login attempt on Reddit. Recognizing the importance of swift and thorough action, I took several steps to secure my online presence and would like to share my experience along with recommendations for others facing similar challenges.

Incident Overview

A few days ago, I noticed unusual activity indicating that my PC might have been compromised. Shortly thereafter, I observed unauthorized access attempts and suspicious behaviors across my social media profiles and online accounts. I suspect that my credentials or active sessions may have been accessed by malicious actors. In response, I prioritized implementing strong security measures to mitigate further risks.

Proactive Security Measures Taken

1. System Reformatting and Device Security

2. Fully formatted my infected PC to eliminate any malware or viruses.

3. Used a separate device—my phone—to make security-related changes, minimizing the risk of re-infection.

4. Password Management

5. Changed all account passwords to strong, unique combinations generated via a reputable password manager.

6. Ensured that each password was distinct to prevent credential reuse.

7. Account Security Enhancements

8. Enabled Two-Factor Authentication (2FA) on all critical accounts, including email, social media, banking, and cloud services, to add an extra layer of protection.

9. Updated recovery email addresses and backup codes to ensure account recovery options remained secure and accessible.

10. Reviewed and terminated all active sessions across devices and platforms to prevent unauthorized access.

11. Secured newly created or existing email accounts with 2FA and verified recovery options.

12. Personal Data and Identity Protection

13. Removed unnecessary personal information, such as my phone number, from accounts where it was not essential.

14. Enabled specific protections, like PESEL monitoring, to safeguard against identity theft (noting that I am based in Poland).

15. Reporting and Monitoring

16. Reported the security incident to relevant platforms, including Facebook (Meta) and Reddit, to alert them of potential breaches.

17. Continually monitored all accounts for any signs of suspicious activity since the incident.

Additional Considerations and Ongoing Precautions

Despite these comprehensive steps, I remain cautious about potential vulnerabilities:

• Phone Number Security: I am contemplating whether removing my phone number is sufficient or if acquiring a new