What is hacking?
Hacking refers to the unauthorised accessing, manipulation, or exploitation of networks and/or computer systems (including computers, mobile phones and tablets). Hackers (ie anyone engaged in hacking) use special skills to break through security barriers, often with bad intentions. Hackers can steal private information, disrupt the provision of services, or take over devices for different reasons like making money, spying, or 'just for fun'. Hacking can be done in many ways, from big, organised attacks by groups of hackers (eg cyber attacks) to smaller-scale attacks by one person.
Hacking is a significant problem as it threatens your online security and privacy. This highlights the importance of having protection measures in place and being extra careful while online.
What is cybercrime?
Cybercrime is a type of crime that either targets or involves computers, computer networks, network devices and/or digital information. Cybercrimes can range from hacking, malware attacks, and cyber extortion (ie demanding money to prevent a threatened attack) to identity theft, fraud (eg APP fraud), and online harassment.
When talking about cybercrimes, there are 2 types to consider:
-
cyber-dependent crimes - these are exclusively made possible by using Information and Communications Technology (ICT) devices (eg computers). In cyber-dependent crimes, ICT devices are used to commit the crime itself while also targeting ICT devices (eg a computer targeting another computer). Examples of cyber-dependent crimes include creating and spreading malware for financial profit and hacking to steal, sabotage, alter, or delete data, networks and/or activities
-
cyber-enabled crimes - these are more traditional crimes that are magnified in scope or impact through the involvement of ICT devices. In other words, cyber-enabled crimes are crimes that grow in scale through the use of ICT devices, but which aren’t fundamentally reliant on such devices. Examples of cyber-enabled crimes include cyber-enhanced fraud and data theft
Is hacking a cybercrime?
Yes, hacking is considered a cybercrime, specifically a cyber-dependent crime.
The Computer Misuse Act 1990 (CMA 1990), the main legislation in the UK addressing crimes targeting computer systems, specifies which activities constitute cybercrimes. Examples of these activities include:
-
deliberately making a computer do something to gain unauthorised access to data stored on the computer (eg hacking)
-
the unauthorised access to a computer with the intention to commit or aid in committing another crime (eg hacking a business’ systems to steal customer data and then using that stolen data to commit identity theft)
-
any unauthorised acts with the intention of impairing the operation of a computer (this will often apply in DDOS (ie Distributed Denial of Service) attacks, where a server is flooded with internet traffic to prevent users from accessing online services and sites)
-
any unauthorised acts causing (or creating the risk of) serious damage, for example, to the economy, national security, or human welfare (this will often apply where critical national infrastructure is attacked, such as the Ministry of Defence getting hacked)
-
making or supplying malware
The Data Protection Act 2018 (DPA 2018) also covers certain hacking offences, which may be committed alongside cyber-dependent crimes. These include:
-
obtaining or disclosing personal data (ie information about individuals from which these individuals may be personally identified, like names and addresses) without the consent of the data controller (ie the party that decided on the purposes for and means of processing, eg collecting and storing, personal data)
-
selling personal data that has been obtained or disclosed without the consent of the controller
Penalties for cybercrimes, including hacking, vary depending on the severity of the offence. They range from 1 year in prison to life imprisonment.
How do I know if I've been hacked?
Spotting when your account has been hacked is crucial for taking quick action. Look out for signs like unexpected logins from unknown locations or devices, unfamiliar changes to your profile or settings, suspicious emails or messages sent from your account without your knowledge, and any other unexplained activity.
If you have enabled two-factor (or multi-factor) authentication (2FA) (eg using two-factor authentication apps like Google Authenticator), keep an eye on any suspicious confirmation codes/notifications about login attempts you may receive. Two-factor authentication is an extra form of protection where you'll get notifications whenever someone from an unfamiliar device attempts to access your account. You are then able to either authorise or reject the access attempt. If someone is trying to access your account and is stopped by two-factor authentication, you should take steps to secure your account (more information on this below).
You should take extra care to protect your bank account from being hacked. Keep an eye out for any unexplained activities (eg purchases, withdrawals, or transactions) that take place without your knowledge, and contact your bank if you have any concerns.
You should also monitor any notifications from your service providers about unusual activity on your account. Regularly reviewing your account activity and enabling security features like two-factor authentication can also help you detect and respond to potential breaches promptly.
For more information, read What risks do cyber attacks pose?
What should I do if I get hacked?
Keep in mind that as soon as you find yourself hacked on your socials, you should act quickly to minimise damage. If you believe that you have been hacked, you should:
-
change your passwords
-
enable two-factor (or multi-factor) authentication on the affected accounts (more on this below)
-
notify relevant parties (eg your bank or email provider), and follow their instructions for securing your accounts
-
keep records of any suspicious activity for reporting purposes (eg screenshots of unusual activity)
Social media platforms, such as Facebook and Instagram, have special features for saving hacked accounts.
Instagram’s protocols for addressing hacked accounts
If you think your Instagram account has been hacked, there are several steps you can take to secure and recover your account. Recovery steps include:
-
checking your email for any messages from Instagram (specifically security@mail.instagram.com) informing you that your account’s email address was changed. You may be able to undo this change by selecting ‘Secure my account’ in that email (be careful not to click any similar links in emails from email addresses that are similar but not identical to this one)
-
requesting a login link from Instagram to your email or phone number
-
requesting a security code or support from Instagram by providing a secure email that Instagram support can send recovery steps to
If you no longer have access to the registered email and are disconnected from Instagram (since the hacker could have altered it to prevent your access entirely), Meta (the company that owns Instagram and Facebook) suggests reaching out to your email provider to attempt to regain access to the address.
If you're still unable to recover your Instagram account through your email, you can contact Instagram support by:
-
accessing instagram.com/hacked/
-
selecting the option ‘The login code was sent to a phone number or email that I no longer have access to’, then
-
completing the identity verification (eg by submitting a video selfie)
For more information on how to recover a hacked Instagram account, see Instagram’s guidance on managing your privacy settings.
Keep in mind that, if the problem persists, you can also contact Instagram by email, describing what happened.
Facebook's protocols for addressing hacked accounts
As Instagram and Facebook are both owned by Meta, their processes for recovering and securing hacked accounts are very similar. The steps to recover a hacked Facebook account include:
-
changing your password (if you still have access to the account)
-
checking where you’re logged in (you can see this in the same place where you change your password) and, if you see any suspicious logins, taking steps to secure your account against them. You can do this by clicking on the suspicious login and selecting ‘Secure Account’
-
reporting the incident to Facebook in the Settings & Privacy menu
If you no longer have access to the registered email and are disconnected from Facebook, Meta suggests reaching out to your email provider to attempt to regain access to the address. If your Facebook account was hacked, you can also contact Facebook support by:
-
accessing facebook.com/login/identify
-
searching for the account you want to recover, then
-
following the instructions to reset your account password
Keep in mind that, if the problem persists, you can also contact Facebook by email, describing what happened.
If you believe that your account has been hacked, you can use Facebook’s guided help to find out what steps to take.
How to protect your accounts from hackers
Preventing your accounts from getting hacked is very important. For personal use or to keep your business accounts safe, follow these recommendations:
-
choose a strong password - you can use a combination of uppercase and lowercase letters, numbers, and special characters
-
don’t reuse passwords or share them between accounts - if there's a security breach on one of your accounts resulting in your password being exposed, hackers could utilise automated software to test that password across other accounts
-
use two-factor (or multi-factor) authentication - this adds an extra layer of security by making you confirm your identity with a code sent to your phone or email or with an authorised app (this is in addition to using your password)
-
update your passwords regularly - regularly changing passwords helps you anticipate potential threats and uphold a heightened level of security. For businesses especially, this ensures regulatory compliance and safeguards the integrity of sensitive information
-
set up your privacy settings - consider managing your privacy settings to control who has access to view your posts and personal details
-
be wary of phishing - phishing involves sending fraudulent messages (eg in emails or texts) pretending to be a reputable entity to induce individuals to reveal personal information (eg passwords). Be cautious of emails, messages, or websites that ask for your personal information or credentials and always verify the sender's identity before clicking on links or downloading attachments
-
use secure connections - especially when accessing any sensitive information or conducting financial transactions online, make sure you're using a secure connection. In the URL of the website, look for "https://" and the padlock symbol (which indicates that a secure connection between the browser and the website server exists)
-
be careful with public Wi-Fi - avoid accessing sensitive accounts or sharing personal information when connected to public Wi-Fi networks. As an extra layer of security, consider using a VPN (Virtual Private Network)
-
secure your mobile devices (eg phones and tablets) - consider applying security measures such as screen locks, biometric authentication, and remote wiping capabilities to your mobile phones and tablets
-
limit access privileges to your devices and accounts - you should restrict administrative privileges on your devices and accounts. Make sure to only grant administrative access to trusted users and/or only when necessary
For more information on protecting your accounts, read How strong is my password? and the National Cyber Security Centre’s (NCSC) guide. For more information for businesses, read Information security and cyber security. If you have any questions, you can Ask a lawyer for assistance.