Your Accounts Were Hacked: 8 Steps to Take Right Now

← Back to Blog

You just received a notification about unusual activity on one of your accounts. Or maybe you discovered that your email address appeared in a data breach. Perhaps you noticed unauthorized transactions or login attempts you do not recognize. Whatever the sign, here are the 8 steps you should take immediately to contain the damage and protect your digital life.

Step 1: Do Not Panic

Take a deep breath. A compromised account is serious, but it is manageable if you act methodically. Panicking leads to mistakes — clicking on phishing links in fake "security alert" emails, rushing through steps, or making changes that lock you out of your own accounts.

Before you do anything, verify that the alert is legitimate. If you received an email about a breach, do not click links in the email. Instead, go directly to the service's website by typing the URL in your browser. Check their official security blog or status page for confirmation.

Watch for fake alerts: Attackers sometimes send phishing emails disguised as breach notifications. "Your account has been compromised, click here to reset your password" is a classic phishing template. Always navigate to the site directly.

Step 2: Change the Compromised Password Immediately

Log into the affected account and change the password right away. Use a password generator to create a strong, unique replacement — at least 16 characters with a mix of uppercase, lowercase, numbers, and symbols. Do not create the new password based on the old one (no incrementing numbers or changing one character).

If you are locked out of the account, use the service's account recovery process immediately. The sooner you regain control, the less damage the attacker can do.

Go to the service's login page directly (type the URL, do not click email links)
Use "Forgot Password" if your current password no longer works
Set a new, unique, generated password
Log out all other sessions if the option is available

Step 3: Enable Two-Factor Authentication (2FA)

If the affected account supports two-factor authentication and you have not already enabled it, do so now. 2FA adds a second verification step (usually a 6-digit code from an authenticator app) that an attacker cannot bypass even if they have your password.

Prefer app-based TOTP (Time-based One-Time Password) over SMS-based 2FA. SMS codes can be intercepted through SIM-swapping attacks, while TOTP codes generated by an authenticator are significantly more secure.

Priority accounts for 2FA: Email (the most important, since it controls password resets for everything else), banking, cloud storage, social media, and any account containing personal or financial information.

Step 4: Check If Other Accounts Use the Same Password

This is the critical step that most people skip. If you used the compromised password on any other account, those accounts are now vulnerable too. Credential stuffing attacks test stolen passwords across hundreds of services automatically.

Go through your accounts and identify every service where you used the same or a similar password. Change each one to a unique, generated password. Yes, this is tedious — which is exactly why a password manager is essential for preventing this situation in the future.

The domino effect: If your LinkedIn password was MySecure#2024 and you used the same password on Gmail, your bank, and Amazon, all four accounts are now compromised. Attackers will try the stolen password on every major service within hours.

Step 5: Run a Breach Scan on All Your Passwords

A breach scan checks your passwords against databases of known leaked credentials (such as Have I Been Pwned, which contains over 12 billion compromised passwords). This tells you which of your passwords have already been exposed in previous breaches, even if you were not aware.

A password manager with a built-in breach scanner can check all your stored credentials at once and flag every compromised password. Without one, you would need to check each password individually — a process most people will never complete for 100+ accounts.

Step 6: Check Your Email for Unauthorized Activity

Your email account is the master key to your digital life. Attackers who gain access to your email can:

Reset passwords on other services using "Forgot Password" links
Read confirmation emails to learn which services you use
Send phishing emails to your contacts from your address
Delete security alerts so you do not notice the breach
Set up email forwarding rules to intercept future messages

Check your email for the following signs of compromise:

Sent folder: Look for emails you did not send
Deleted items: Check for security alerts that were deleted
Forwarding rules: In your email settings, verify no forwarding rules were added (attackers often set up forwarding to receive copies of all your incoming mail)
Connected apps: Check for unauthorized third-party apps with access to your email
Recent login activity: Most email providers show recent login locations and devices

Step 7: Monitor Your Financial Accounts

If any financial accounts may have been exposed, take immediate action:

Check recent transactions for unauthorized charges, no matter how small (attackers often test with small amounts first)
Contact your bank if you see suspicious activity; they can freeze the account and reverse fraudulent charges
Set up transaction alerts so you are notified of every transaction in real time
Check your credit report for new accounts or inquiries you did not initiate
Consider a credit freeze if personal information (Social Security number, date of birth) was exposed

Small charges matter: Attackers often make small test transactions ($1-5) to verify that a stolen card works before making larger purchases. Report even small unauthorized charges immediately.

Step 8: Use a Password Manager Going Forward

The reason most people end up in this situation is password reuse. A password manager eliminates this risk entirely by generating and storing a unique, strong password for every account. After recovering from a breach, setting up a password manager should be your top priority.

Here is how it prevents future incidents:

Every account gets a unique password — A breach on one site cannot affect any other account
Passwords are generated randomly — No patterns, no dictionary words, no personal information that could be guessed
Breach monitoring runs continuously — You are alerted the moment a stored password appears in a known breach
Autofill protects against phishing — The extension only fills credentials on the correct domain
Password health dashboard — See at a glance which passwords are weak, reused, or old

How the UnveilPass Breach Scanner Helps

The UnveilPass Breach Scanner uses the Have I Been Pwned k-anonymity API to check your passwords without ever sending them in full to any external service. Here is how it works:

Your password → SHA-1 hash computed locally
↓
First 5 characters of hash sent to HIBP API
↓
API returns all matching hashes
↓
Your browser checks locally if your full hash is in the list
↓
Your password never leaves your device

You can scan your entire vault with one click and immediately see which credentials need to be changed. Each compromised entry links directly to the edit view so you can generate a new password on the spot.

Scan Your Passwords Now with UnveilPass

Check all your credentials against known breaches in one click. Zero-knowledge: your passwords never leave your browser. Free to start.

Get Started Free

The Bottom Line

Discovering a compromised account is stressful, but following these 8 steps will help you contain the damage and prevent it from happening again. The most important takeaway: stop reusing passwords. A password manager makes this effortless by generating, storing, and monitoring unique passwords for every account you own. Set one up today, and the next breach notification becomes a minor inconvenience instead of a crisis.