When your email or password is in a data breach

What "your info was found in a breach" means, what to do next (change password, turn on 2FA), and where to check.

Listen to this guide

Prefer audio? Tap play to hear an AI-narrated version.

Tap play to listen — audio is generated by AI narration.

When your email or password is in a data breach

What "your info was found in a breach" means, wha​​‍​​‍‍​‍​​​​‍‍​​​‍​‍‍‍​‍​​​​‍‍​‍​‍‍​‍​​​‍​​​‍‍​​‍​​‍‍‍​‍​‍​​‍‍​t to do next (change password, turn on 2FA), and where to check.

What is a data breach?

A data breach means a company’s systems were hacked or leaked and information like emails, passwords, or other personal data was exposed. You might hear about it in the news or get an email from a company saying “your information was involved.”

What to do right away

  1. Change the password for the affected account. Do it as soon as you can — don’t wait.
  2. Change the password on any other account where you used the same (or a very similar) password. Hackers often try the same password on many sites.
  3. Use a strong, unique password for each account. A password manager can create and store them so you don’t have to remember every one.
  4. Turn on two-factor authentication (2FA) if the site or app offers it. That way, even if someone has your password, they still need a code from your phone or email to get in.

If the breach involved financial or medical data

  • Monitor your bank and card statements for a few months. Look for charges or withdrawals you don’t recognize.
  • Set up alerts on your accounts (login alerts, withdrawal alerts) so you’re notified of unusual activity.
  • If a bank or card number was exposed, your bank may suggest closing that account and opening a new one. Follow their advice.

How to make better passwords

  • Use at least 12–16 characters.
  • Mix letters (upper and lower case), numbers, and symbols.
  • Don’t reuse the same password on multiple sites.
  • Consider a password manager (e.g. 1Password, Bitwarden) to generate and store strong passwords.

Where to check if you were in a breach

Some security companies and services let you enter your email to see if it appeared in known breaches. Use a tool you trust (e.g. haveibeenpwned.com) and remember: these sites only show whether your email showed up in a leak — they don’t fix the problem. You still need to change passwords and turn on 2FA.

Learn more