New media has met its match.

If you haven’t heard, Gawker and all of their sister sites have been compromised. If you signed up for that site as a commentor odds are your username, password, and email have been leaked.

The posts on Lifehacker have done an good job of letting you know you should beef up your security as soon as possible. This post is intended to tell you how you can actually go about doing that immediately. Seriously, don’t be lazy with this. A soft identity theft like getting into your Facebook account can easily turn into a full blown problem.

Step 1: Containment

• Immediately change any financial accounts that use the same email or username that was leaked
• Change the password for the email account that was compromised
• Reset your Gawker passwords

Step 2: Defense

• Sign up for LastPass. At the very least you should put all of your non-sensitive website accounts there. If you have a hard time trusting them with financial websites, email accounts, etc., then leave those out. Just make sure you use a secure password for those other sites that utilize lowercase, uppercase, numbers, symbols, and don’t use any real words. If you don’t have a secure password, make one now. It may seem hard to remember, but after you enter it 20-30 times during the process of updating your passwords it will be just as easy to remember as “password.”
• Use a very secure password for LastPass like I describe above. This is the key to all of your passwords, so make sure it is secure and memorize it. Install LastPass on your main machines. If you’re on a public computer and need to access a site, log in to the LastPass website to get your passwords.

Step 3: Auditing

• Go through all the websites you can think of that you have accounts with. Ones with the same username or email that were compromised are a priority. Think in categories like email, forums, stores, blogs, website hosting/domain registrars, social networks (even the old ones from 1999), job websites, travel/airlines, games, productivity sites, banks, retirement accounts, credit card companies, utility/other bills, health benefits websites, etc.
• If you feel like its necessary, on any sites that store addresses or credit card information see if you can remove it. Saving 2 minutes isn’t worth the anxiety of wondering when your identity will be stolen.
• As you go through each site, write each down so you have a consolidated list of all the sites that you have accounts with. For security reasons, don’t include your username or password on this list directly, but add a column with some kind of code or reminder as to what the username and password (if you’re not using LastPass) should be. For example, if you log in with your Yahoo email address, just type a “y” or something even less obvious.
• Sign in to the site, but don’t tell last pass to remember it just yet.
• Where to change your password for each site is different. Look for words like control panel, account, profile, settings, and obviously “change your password.” Sometimes clicking on your username on the top of the site will also bring you to the account settings area. If you can’t find it Google the website name and “change password” to find the help section of the site with instructions.
• In the LastPass menu open Tools > Generate Secure Password. Check all of the settings A-Z, a-z, 0-9, Special. For the amount of characters use as many as each website will let you, but at least 10 characters. You won’t need to remember this password so it should be as secure as possible. I also set the minimum digit count to 2. If a website does not allow symbols uncheck it and regenerate a password.
• Once you have generated a password, copy and paste it into the site that you’re changing and save.
• Once this is complete, log out. Make sure you have clicked “Not Now” in the LastPass bar in your browser. Go to the website’s homepage and then back to the normal sign in page (I like to do this so you’re not telling LastPass to link to the different sign in page you usually get to upon sign off). Sign in with your username and pasting that new password string. Now when LastPass asks to save the site click Save. Feel free to add a group to organize your sites.
• Some sites don’t trigger LastPass. If they don’t, go into the LastPass menu, go to Sites > Add Site. Type in your username and paste the password and save.
• Repeat this process for every single site generating a new password for every site.

Step 4: Searching

• Now that you’ve updated all the sites you can remember, it’s guaranteed that you missed 80% of the ones you have accounts with. To remedy that you want to do some real searching. If these sites can be found a hacker will find them, so you better find them all first. Google the username that was compromised and go through as many pages of results as you can before you go crazy. Even when you start to get to the Chinese or Russian Google results that have nothing to do with you, it’s still possible that you have some other account hidden in the results that you will miss.
• Now Google your email address and repeat.
• Now that you’ve given yourself a bit of breathing room to relax, it’s a good idea to search for all the usernames, emails, etc. that haven’t been compromised. You might as well get everything else secure too so you don’t have to do this again. Also, if someone has gotten into your email account already, they may already know some of your other information.
• Go into your email accounts and search for “password,” “username,” and “order confirmation” separately. Look through all the results to find more sites you forgot you signed up for.

Step 5: Thinking

• Now that you’re in the security mindset, keep thinking of other sites you may have signed up for. Odds are there are a ton, and you will probably still be remembering new ones days later.

I will post more tips if I think of them, but this will at least make you a lot more secure than you probably were before. Good luck!