Free Training · Modern Threats and Life Admin

When a Company You Use Gets Breached

Sooner or later a service you use will be hacked. Here is the calm, ordered response that limits the damage.

Data breaches are now a fact of online life. At some point a company you have an account with will be hacked and your details will end up in a leaked database. This is not usually your fault, and it is not a reason to panic. It is a reason to have a short, reliable routine, because how you respond in the days after a breach determines whether it stays a nuisance or turns into a real problem.

The first and most important step is to change the password on the breached account, and to change it anywhere else you used the same password. This is the moment reused passwords come back to bite people, because attackers take the leaked email-and-password pair and try it on hundreds of other sites. If every account had a unique password, a single breach stays contained to that one service. If you already use a password manager, this step is quick.

Next, turn on two-factor authentication for the affected account if it was not already on, so that even a leaked password is no longer enough to get in. Then watch for the second wave, which is follow-on phishing. After a breach, criminals often send convincing messages that reference the very service that was hacked, hoping your worry makes you click. Treat any such message with extra suspicion and reach the company through its official site rather than a link.

Finally, take stock calmly. If financial details were exposed, alert your bank and watch your statements, and consider whether freezing your credit is warranted. You can check whether your email has appeared in known breaches using a reputable breach-notification service, which will also warn you of future ones. A breach is rarely an emergency if you have unique passwords and two-factor authentication in place. It becomes one only when the same password unlocks everything, which is exactly the situation this course is designed to prevent.

Quick quiz

A couple of quick questions to lock in what you just read. Nothing is saved — pick an answer to see if you got it.

  1. The first step after a service you use is breached is:

  2. After a breach, the common second wave is:

  3. A breach is rarely an emergency if you already have:

Keep going

Subscribe for new lessons and a printable security checklist.

Get the plain-English security newsletter

One short email when we publish something useful. No spam, no fearmongering. Unsubscribe anytime.