If your email was found in a data breach, do these five things right now: change the password on the breached account, change that same password on every other site you used it, enable two-factor authentication on all important accounts, watch for phishing emails over the next 90 days, and check if any other personal data was exposed.

What does it mean if your email was found in a data breach?

It means a company or website that had your email address (and possibly your password, name, phone number, or other data) was hacked. The attackers stole a copy of their database and your information was in it.

This does not necessarily mean your email account itself was hacked. It means your data was exposed in someone else’s security failure. But it does mean you need to act fast, because attackers use this stolen data to try to break into your other accounts.

The most dangerous scenario is when your password was also exposed. If you used that same password on other sites (most people do), every one of those accounts is now at risk.

Step 1 — Change your password immediately

Go directly to the breached website and change your password right now. Do not wait. Do not “get to it later.” The window between a breach becoming public and attackers trying your credentials on other sites is measured in hours, not days.

Your new password should be:

  • At least 16 characters long
  • Completely random — not based on words, names, or dates
  • Unique to this one site — never used anywhere else

If you cannot log in because someone already changed your password, use the “Forgot password” option to regain access through your email. Once you are back in, change the password immediately and check for any changes to your account settings.

Do not just tweak your old password. If your old password was “Summer2024!”, changing it to “Summer2026!” provides almost zero protection. Attackers use pattern-matching tools that catch exactly this kind of change.

Step 2 — Check which other accounts use that password

This is where most people make a costly mistake. If you used the same password (or a close variation) on other sites, those accounts are now in danger too.

Attackers use a technique called credential stuffing. They take your leaked email and password and automatically try it on hundreds of popular sites — your bank, your email provider, social media, shopping sites — within hours of getting the data.

Start with the highest-value accounts:

  • Your email account — this is the master key to everything else, because password resets go here
  • Your bank and financial accounts
  • Social media accounts
  • Any shopping sites with saved payment details
  • Work or employer accounts if you reused the password

Change the password on every account where you used the same or similar password. Use a different, random password for each one.

Step 3 — Enable two-factor authentication

Two-factor authentication (2FA) means that even if an attacker has your correct password, they still cannot log in without a second verification step — usually a code from your phone.

Go to the security settings of each important account and turn on 2FA. Use an authenticator app like Google Authenticator or Authy rather than SMS if possible. SMS codes can be intercepted through SIM swapping attacks. Authenticator app codes cannot.

Priority accounts for 2FA:

  • Your primary email account
  • Your bank and financial services
  • Social media accounts
  • Cloud storage (Google Drive, iCloud, Dropbox)
  • Any account with payment information saved

This single step stops the vast majority of account takeover attacks, even when your password is known.

Step 4 — Watch for phishing emails

After a breach, your email address is confirmed active and in the hands of attackers. Expect an increase in phishing emails — messages designed to look like they are from your bank, a delivery service, or even the breached company itself.

These emails try to trick you into clicking a link and entering your login credentials on a fake website. They often create a sense of urgency — “Your account will be locked in 24 hours” or “Unusual activity detected.”

How to protect yourself:

  • Never click login links in emails — go directly to the site by typing the URL in your browser
  • Be suspicious of any urgent “verify your account” or “confirm your identity” messages
  • Check the sender email address carefully — phishing emails use addresses that look similar to real ones but are slightly different
  • Do not download attachments from unexpected emails
  • If an email claims to be about the breach itself, go directly to the company’s website to read their official statement

The first 90 days after a breach are when phishing attempts are most intense.

Step 5 — Check if any other data was exposed

Not all breaches are equal. Some only expose email addresses. Others expose passwords, phone numbers, home addresses, Social Security numbers, credit card details, or health information.

Use EmailLeaked’s free breach checker to see exactly what data was exposed in your breach. The type of data exposed determines what additional steps you need to take:

  • Passwords exposed — change them everywhere immediately (Steps 1-2 above)
  • Phone number exposed — watch for smishing (SMS phishing) and potential SIM swap attacks
  • Home address exposed — be alert for physical mail scams and identity theft attempts
  • Financial data exposed — contact your bank, freeze your credit, and monitor statements closely
  • Social Security number exposed — place a fraud alert or credit freeze with all three credit bureaus (Equifax, Experian, TransUnion)

How long do you have before hackers use your data?

Not long. Research shows that stolen credentials are tested on other sites within hours of a breach becoming public. In some cases, attackers have been using the data for weeks or months before the breach is even announced.

This is why speed matters. The steps above are listed in priority order — start with Step 1 and work your way down as quickly as possible.

The good news is that most attackers use automated tools. If you change your passwords before they get to your accounts, you are safe. The attackers move on to easier targets.

What information do hackers actually get?

Every breach is different, but the most commonly stolen data includes:

  • Email addresses — exposed in almost every breach
  • Passwords — sometimes in plain text, sometimes hashed (encrypted). Weak passwords can be cracked from hashes within minutes
  • Names and dates of birth — used for identity theft and social engineering
  • Phone numbers — used for SIM swapping and targeted phishing
  • Home addresses — used for physical fraud and identity theft
  • Payment card details — used for financial fraud (though these are often encrypted)
  • Security questions and answers — used to bypass account recovery processes

The more data exposed, the more creative and targeted the attacks can be. An attacker with just your email might send generic phishing. An attacker with your email, name, and phone number can craft a message that looks completely legitimate.

Frequently asked questions

Is it too late to do anything?

No. Even if the breach happened weeks or months ago, changing your passwords and enabling 2FA still protects you. Most stolen data sits in databases for a long time before it is used. The attackers may not have gotten to your accounts yet.

Should I close the breached account?

Not necessarily. Closing the account does not undo the breach — your data was already copied. Instead, change the password to something strong and unique, enable 2FA, and remove any sensitive information (saved payment cards, personal details) that you do not need stored there.

Do I need to tell anyone about the breach?

If the breach exposed financial data, contact your bank. If it exposed your Social Security number, place a fraud alert with the credit bureaus. If you used the same password for work accounts, tell your IT department. For most email-only breaches, the steps above are sufficient.

What if I do not know which breach it came from?

Use EmailLeaked’s free checker to see every known breach your email has appeared in. Each result shows you exactly what data was exposed and when, so you know which accounts need attention.

Can I get my data back or remove it from the breach?

Unfortunately, no. Once data has been stolen and distributed, there is no way to “un-leak” it. The breach data is typically shared across underground forums and dark web marketplaces. The best you can do is change your passwords to make the stolen ones useless and add 2FA to prevent account access.

How do I stop this from happening again?

Use a different, strong password for every account — a password manager makes this easy. Enable 2FA on everything that supports it. Be cautious about which sites you give your email to. Check your email regularly for new breaches so you can act fast when they happen.