Incident Checklist
Data Breach Checklist: What to Do After a Password Leak
A data breach is stressful, but panic causes mistakes. Your goal is to contain the damage: protect email, replace exposed passwords, check account activity, and add stronger authentication.
Step 1: Secure your email
Your email account is the reset key for many services. If attackers control it, they can reset other passwords. Change the email password first and enable two-factor authentication.
Review forwarding rules, recovery email, phone number, connected apps, and active sessions. Remove anything you do not recognize.
- Change email password.
- Enable 2FA.
- Remove unknown sessions and forwarding rules.
Step 2: Replace reused passwords
If the breached password was reused anywhere, replace it everywhere. Use unique random passwords instead of variations of the old one.
Do not only add a symbol or change the year. Attackers know those patterns.
Step 3: Check financial and personal accounts
Review bank, payment, shopping, cloud, and social accounts. Look for unknown transactions, new addresses, new devices, or unexpected messages.
For critical accounts, revoke active sessions after changing the password.
Step 4: Improve long-term protection
Use a password manager, enable 2FA, save recovery codes offline, and delete accounts you no longer need. Less attack surface means fewer future problems.
- Use unique passwords.
- Enable two-factor authentication.
- Delete old unused accounts.