Help! My Security Checkup shows my email has been breached.
If your data has been leaked by malicious hackers, here are a few things you can do to protect yourself.
When you create your HQ account, you can see if your email address has been a part of any leaked data. This feature is called "Security Checkup" and is available in your dashboard.
If your email address appears in any data breaches, you will see a list of the accounts that were affected and the data that was leaked.
What's a "breach"?
A security breach is when an intruder gains unauthorized access to company's computer systems and data. Malicious hackers or Cybercriminals use various techniques to steal data, which is then typically sold or shared in order to facilitate further cybercrimes such as phishing, identity theft, ransomware, etc.
What should I do?
Immediately change the password for your account on the service that has been compromised. Use a randomly generated, complex password. Review the type of data that was leaked, and assess the risk. Be extra mindful of phishing attacks and other accounts that may be compromised using the leaked data.
If you had an account with the service...
If you had an account with the service that was breached, make sure to immediately change your password to keep your account secure. If you no longer use the service, make sure to delete your account.
If you never interacted with the service or website...
Some of the data breaches affected data that was scraped from other services that you used like LinkedIn. In this case, there is no account for you to remove. For these breaches, be aware of the data that was lost and beware of phishing attempts that use the data.
For credit and financial information, you may want to start a credit freeze so no one can open new accounts without extra steps.
This is a good time to make sure your passwords are unique for all services and that you have closed accounts that you are no longer using that may have sensitive data.
If your password was leaked, make sure that password was not used as the password for any other accounts. We recommend using a password manager, like the one built into Safari, LastPass, 1Password, or Bitwarden (open source) to generate a unique password for each account you create.
Set up 2 factor authentication
For any account that has it available, you should set up a 2-factor authentication app so that even if your password is stolen, you have an extra line of defense against hackers.
Where is the data from?
Security researchers at Have I Been Pwned (HIBP).