You get the email or the news alert. A service you used has been breached, and your address is on the list. Maybe the leak includes passwords. Maybe it includes more. The first reaction is usually a small wave of panic followed by a vague sense of “I should probably do something.” This is the something. Follow it in order and you will be in a much better position by tonight than you were this morning.
Hour 1: Confirm What Was Actually Exposed
Not all breaches are equal. Some leak only email addresses. Some leak passwords in a hashed form that may or may not be crackable. Some leak full names, addresses, payment details, and security question answers. Before you do anything else, find out which kind you are dealing with.
Go to haveibeenpwned.com and type the address in. The site will list every known breach your email appears in and tell you what data was exposed in each one. This is run by a respected security researcher and is the standard reference. Make a short list of the affected accounts.
Hour 2: Change the Password on the Breached Account
Start with the obvious. Log into the service that was breached and change the password. Use something long, something unique to that site, and not a small variation of your old password. If the service offers to log you out of all other sessions, do that too. If your account on that service has an option to require email or phone verification for new logins, turn it on now.
Hour 3: Change the Password Everywhere You Reused It
This is the most important step in the whole plan and the one most people skip. If the breached password is also used anywhere else, every one of those accounts is now at risk through a technique called credential stuffing. Attackers will run the leaked email-password pair against thousands of common websites within hours.
Make a list of every account where you used the same password or a small variation. Email, social media, shopping, streaming, work, side projects. Change them all. If the list is long, that is normal, and it is the strongest argument for adopting a password manager today. Even a free one will let you generate and store unique passwords for every service without trying to remember them.
Hour 4: Turn On Two-Factor Authentication
For each of those accounts, turn on two-factor authentication. Use an authenticator app like Aegis, Bitwarden, or Google Authenticator rather than SMS where possible, because SMS is vulnerable to SIM swap attacks. If a service supports a hardware security key, that is even better.
Pay special attention to your primary email account. If an attacker controls your email, they can request password resets for almost everything else you own. Treat your main inbox as the keys to the kingdom and protect it accordingly.
Hour 5: Check Account Recovery Settings
While you are inside each account, look at the recovery options. Is the recovery phone number current? Is the recovery email an address you still control? Is there a list of trusted devices that includes phones or laptops you no longer use? Clean those up. Attackers sometimes add their own recovery options to a compromised account so they can come back later even after you change the password.
Hour 6: Watch for Targeted Phishing
The hours and days right after a breach are the most active time for phishing attempts aimed at the people who were exposed. The attackers know your address is real and active. They know which service was breached. They will send convincing emails that look like they come from that service, asking you to “verify your account” or “confirm new security settings.”
Do not click links in any email about the breach. Open a new browser tab and go to the service yourself. Anything that needs your attention will be visible inside the account.
Hour 12: Look at Financial Accounts
If the breach included payment information, partial card numbers, or billing addresses, monitor your card statements for the next few weeks. Most banks let you set up real-time alerts for every transaction. Turn those on. If you see something you do not recognize, even a small charge, dispute it immediately. Small test charges are often the prelude to larger fraud.
For deeper exposure, including national identifiers like a social security number, consider placing a credit freeze with the major credit bureaus in your country. A freeze blocks anyone, including you, from opening new credit lines until you lift it. It is free, reversible, and one of the strongest defenses against identity theft.
Hour 24: Build a Short-Term Watch List
Before the day ends, write down three things in a notes app: the breached service, the date you took action, and a reminder to check in on yourself two weeks from now. The reason for the follow-up is that some consequences of a breach do not show up immediately. Stolen credentials may sit in a database for months before they are used. Putting a calendar reminder in for two weeks and three months from today gives you a chance to spot anything that surfaces later.
Reduce the Damage of the Next One
Breaches will happen again, to other services, no matter what you do. The goal is not to prevent every breach but to make sure the one that affects you does as little damage as possible.
- Use a password manager. Every account gets a unique, long, randomly generated password. A breach of one site cannot affect any other.
- Use two-factor authentication everywhere it is offered. Especially on email and financial accounts.
- Reduce how many services have your real email. Use a temporary email for low-trust sign-ups. If a future breach hits a site you registered with a disposable address, your real inbox is not on the leaked list.
- Subscribe to breach alerts. Have I Been Pwned offers free notifications when your address appears in a future leak.
The Calm Version of a Breach Response
The internet is built so that breaches are inevitable. What is not inevitable is the level of damage you experience when one happens. Most of the harm comes from a single failure mode, password reuse, and most of the rest comes from acting too fast on phishing emails that show up while you are still rattled. Slow down, work through the steps above in order, and you will close the doors that matter long before any attacker can walk through them.