This question originally came from a reader on my Quora Page:
I recieved an Uber Eats promo code, and I foolishly entered it. 5 mins later, my account was disabled and my phone number and email were not recognized anymore by Uber. I cancelled my credit card, but the email and password I used to create the account are the same I always use. What can I do?
One thing about your question stood out to me more than anything else:
“…the email and password I used to create the account are the same I always use.”
I would lecture you on why that is a terrible idea, and trust me that’s coming, but at this point there’s nothing you can do about the past, you need to quickly start damage control. Go to every single site you’ve used that password on and change it. If you use the same password for your email change it first, then work down the list of what’s most important to you, online banking, amazon, facebook, and change every last one to something, anything different than what it is now. Once you’re done with that, come back.
Have you changed everything you possibly could care about? Are you sure?
Okay now it’s time for part two. Find a password manager, there are plenty of secure digital ones out there, but at this point a sheet of paper would be a step in the right direction. You need a different password for every single service you use, it’s hard to think of unique strong ones for each site, so here’s my trick don’t; go to a site like this one, and generate a few lists of 99 of passwords pulling out random ones each time. Add your own entropy, just toss random numbers and ch@ct3rs into it randomly and then store it in your password manager.
If you think this is silly or a waste of time think about it this way: Do you know the owner of that new app you just installed? What about every employee at facebook that can legitimately modify the code you see? Employees that legitimately can see your credentials or modify the websites you use in such a way that would cause you to send them to them instead, might become disgruntled at some point or could have built their whole product as a honey pot, just to steal large batches of information. The largest and most devastating breaches that have ever happened have all been the result of insiders. It’s not just hackers you should be worried about. Protect yourself from all cross-site credential re-use attacks, and just use a different password everywhere.
