Your Password & Email Were Found in a Data Breach: What to Do

You're logging into a site, and Google Chrome flashes a warning: The password you used was found in a data breach. Or maybe Google says a password found in a data breach matches one of your saved credentials. Or you check your email and find out your email address was caught up in a breach you'd never even heard of. 

It's alarming – but it's also more common than most people realize. Data breaches expose billions of credentials every year, and chances are your email address has appeared in at least one. Here's what it means and exactly what to do about it. 

What Does It Mean When Your Password or Email Is Found in a Breach? 

When Chrome finds one of your passwords in a data breach, a warning appears, which means a site or app you used previously was compromised, and the email and password combination you used there was exposed. That data often ends up on the dark web, where it can be bought and used by bad actors to attempt logins on other sites. 

If your email address is in a data breach but no password was listed, it still matters. Your email account could be targeted with phishing attempts, spam, or social engineering attacks using information from the breach. 

You can check whether your email address has been caught in known data breaches for free at HaveIBeenPwned.com, one of the most trusted tools for this. 

What Does "Password Exposed in a Non-Google Data Breach" Mean? 

This specific warning confuses a lot of people. If Google says your password was exposed in a non-Google data breach, it simply means Google detected your credentials in a breach that happened at another company, not at Google itself. Google Chrome cross-references saved passwords against known databases of compromised passwords and alerts you when there's a match. 

It doesn't mean your Google account was hacked. It means the same password you use elsewhere showed up in someone else's breach. This is exactly why password reuse is so dangerous. 

What to Do If Your Password Was Found in a Data Breach 

Act quickly. Here's the step-by-step: 

Step 1. Change the Compromised Password Immediately 

Go directly to the site where the password was exposed and change it. Don't use a variation of the old one, but instead, create something entirely new, long, and unique. If you're not sure where to start, a password manager can generate a strong one for you automatically. 

Step 2. Change It Everywhere Else You Used It 

This is the critical step most people skip. If you used the same password on multiple accounts – email, social media, banking, shopping – change it on every single one. Compromised passwords from one breach are routinely tested on other sites in what's called a credential stuffing attack. 

Step 3. Enable Two-Factor Authentication 

Once your password is updated, turn on two-factor authentication on any account that offers it. Even if someone has your password, they won't be able to get in without the second verification step. 

Step 4. Check What Else May Have Been Exposed 

If your email address was in the breach, check what other data was exposed, such as a phone number, physical address, or financial information. If sensitive financial data was included, consider placing a credit freeze with the major credit bureaus and pulling your credit reports to check for any suspicious activity. 

Step 5. Start Using a Password Manager 

If the breach revealed that you've been reusing weak passwords across multiple sites, this is the moment to fix that for good. A password manager stores unique passwords for every account, so you never have to reuse one again, and flags compromised passwords automatically going forward. 

Step 6. Add Identity Theft and Cyber Protection 

A password manager helps prevent one breached password from putting all your accounts at risk. But if your personal information is already out there, it can also help to have extra protection in place. Buckeye’s Cyber AssuranceIndemnity (Cyber AI) can help monitor for signs of identity theft and protect your devices with antivirus and browser protection. It also includes support if your identity is stolen, including help from Certified Protection Experts and reimbursement for eligible identity theft expenses, depending on your plan.  

Stay Safer Online with Buckeye 

Data breaches are out of your control, but how you respond isn't. Strong, unique passwords for every account and two-factor authentication on everything important are the two most effective things you can do to limit the damage when data is exposed. 

At Buckeye, keeping our community safe online matters to us. Every Buckeye internet plan includes the option to add Cyber AI to help protect your household's online activity. And if you have questions about securing your devices or home network, the Brainiacs team is here 24/7 with real, local support. 

Learn more at BuckeyeBroadband.com or call 419-828-0022.