Your email showed up in a data breach. Now what?
A breach result sounds scary, but it's a prompt, not a catastrophe. Here's exactly what to do in the first hour, the first day, and the long term.
Finding your email in a breach database doesn't mean you were personally hacked. It means a company that had your information was compromised, and your data was part of the leak. The right response is calm and methodical.
In the first hour
- Change the password for the breached account, and any other account where you reused it.
- Turn on two-factor authentication, ideally with an authenticator app rather than SMS.
- Watch for phishing — attackers often follow a breach with emails that pretend to be the breached company.
In the first day
- Move to unique passwords with a password manager so one leak can't unlock everything.
- Review the types of data exposed — a leaked password is more urgent than a leaked newsletter signup.
- Check whether the same email appears in other breaches.
For the long term
Historical breach datasets can't be erased, but you can shrink your overall footprint so future leaks expose less. That means removing your information from data brokers and people-search sites, and re-checking periodically.
Detected checks your email exposure, explains what was leaked in plain English, and — with Protect Plus — helps submit removal requests and keeps monitoring so you're not doing it alone.
Take control of your safety & privacy
Detected brings dark web monitoring, room scanning, safety walks, and SOS into one app for iPhone.