Check If Your Email Was in a Breach & What to Do
Breaches happen. Here’s how to check your exposure safely and the exact steps to protect accounts, mail, and money.
Step 1 — Look up your email safely
- Use a trusted breach-check site or browser feature to see breaches tied to your email.
- Don’t enter your password—only the email. Avoid random “breach scan” ads.
Step 2 — Change passwords where reused
- If a breached site reused your password elsewhere, change those logins first.
- Use a password manager to generate unique 14+ character passwords.
Step 3 — Add passkeys or 2FA
- Turn on passkeys when available (device unlock instead of passwords).
- Otherwise, use an authenticator app. Avoid SMS where possible.
See our guide: Passkeys Explained.
Step 4 — Secure your email account (the master key)
- Change your email password; add passkey/2FA.
- Review Forwarding/Filters for malicious rules (e.g., auto-forwarding).
- Check Recent activity/devices and sign out of unknown sessions.
- Revoke suspicious app access.
Step 5 — Watch finances & identity
- Enable alerts for card charges and new sign-ins.
- If sensitive ID data leaked, consider credit freezes and monitoring in your country.
FAQ
Do I need to close my email?
No—secure it with a new password + 2FA, remove forwarding rules, and check sessions.
What about “combo list” leaks?
These compile reused passwords—change any matching passwords and enable 2FA everywhere.
