You check your email and see a notification from a website you use: "We're writing to inform you that we experienced a security incident that may have affected your account." Your stomach drops. What now?

Or maybe you notice login attempts from a location you've never been. Perhaps you can't log into an account because someone changed your password. These are signs your password may be compromised.

Don't panic. While a compromised password is serious, knowing what to do can limit the damage. This guide will walk you through the signs of compromise, immediate action steps, and how to prevent this from happening in the future.

How to Detect If Your Password Is Compromised

Warning Signs to Watch For

Your password might be compromised if you notice any of these red flags:

  • Unexpected login notifications from locations you haven't been
  • Password reset emails you didn't request
  • Account activity you don't recognize - purchases, posts, messages you didn't make
  • Friends receiving strange messages from your accounts
  • Inability to log in because your password no longer works
  • Data breach notifications from companies you have accounts with

Check If You've Been Part of a Known Breach

Visit Have I Been Pwned at haveibeenpwned.com. This free service, run by security expert Troy Hunt, lets you check if your email address or phone number has appeared in known data breaches.

Simply enter your email address, and it will show you which breaches have included your information, what data was exposed, and when it happened. This isn't speculation - it's based on actual leaked databases that have been verified.

Understanding Breach Notifications

If your email appears in a breach from a site you've never heard of, don't be surprised. Data brokers and old websites you might have used once years ago all collect data. A single breach can expose information from millions of accounts.

Immediate Steps When You Discover a Compromise

Time matters when a password is compromised. Take these steps immediately, in this order:

Step 1: Change the Password on the Affected Account

If you can still access the account, change the password right away. Make the new password:

  • Completely different from the old one - don't just add a number at the end
  • Long - at least 12 characters, preferably 16 or more
  • Unique - never used on any other account
  • Random - use your password manager's generator if possible

If you can't log in because someone already changed your password, use the account recovery process. Check your email for password reset links, or look for "Forgot Password" on the login page.

Step 2: Check for Unauthorized Activity

Once you regain access, look for signs of what the attacker might have done:

  • Review recent login history if the service provides it
  • Check for unauthorized purchases if it's a shopping or financial account
  • Look for sent messages you didn't write
  • Review account changes like updated email addresses or phone numbers
  • Check privacy settings to ensure they weren't changed

For Financial Accounts

If a banking or payment account was compromised, immediately check for unauthorized transactions. Contact your bank's fraud department right away. They can freeze your account, reverse fraudulent charges, and issue new cards if needed.

Step 3: Enable Two-Factor Authentication

If the compromised account offers two-factor authentication and you haven't enabled it yet, do it now. This ensures that even if someone gets your new password, they still can't access your account without the second factor.

Prefer authenticator apps over SMS when possible, as they're more secure.

Step 4: Change Passwords on Other Accounts Using the Same Password

This is the critical step many people skip. If you reused that password on other accounts, those accounts are now at risk too. Hackers specifically look for password reuse - it's called "credential stuffing."

Go through your accounts and change the password anywhere you used the same or similar password. Yes, this is tedious. This is exactly why you should use a password manager going forward.

Step 5: Review Account Recovery Options

Make sure your account recovery information is accurate and secure:

  • Update recovery email addresses to ones you currently use
  • Update phone numbers if yours has changed
  • Remove old recovery methods you no longer have access to
  • Add additional recovery methods if available

Specific Scenarios and How to Handle Them

If Your Email Was Compromised

Email compromise is particularly serious because your email is the recovery method for most other accounts. Take extra precautions:

  1. Change your email password immediately
  2. Enable the strongest 2FA available (preferably a security key)
  3. Check your email forwarding rules - attackers often set up forwarding to receive copies of your emails
  4. Review your email filters - they may have created filters to hide their activity
  5. Change passwords on all important accounts linked to that email
  6. Check if your email signature was changed

If You Fell for a Phishing Attack

If you entered your password into a fake website:

  1. Change your password immediately on the real site
  2. Enable 2FA if you haven't already
  3. Change the password anywhere else you used it
  4. Report the phishing site to your browser (most have a built-in reporting feature)
  5. Learn the warning signs to avoid falling for phishing again

If a Website You Use Was Breached

When a company notifies you of a breach:

  1. Read the notification carefully to understand what information was exposed
  2. Change your password on that site, even if the company claims passwords were encrypted
  3. If you used that password elsewhere, change it on those sites too
  4. Monitor your credit if Social Security numbers or financial information was exposed
  5. Watch for phishing emails pretending to be from the breached company

Preventing Future Password Compromises

Once you've dealt with the immediate crisis, take steps to prevent this from happening again:

Start Using a Password Manager

A password manager generates unique, random passwords for every account and stores them securely. This means if one site gets breached, only that one password is compromised. Your other accounts remain safe because they each have different passwords.

Password managers also help you avoid phishing because they won't auto-fill your password on a fake site.

Enable Two-Factor Authentication Everywhere

Make 2FA your standard practice, not something you add after a problem occurs. Start with your most important accounts and gradually enable it everywhere it's offered.

Use Breach Monitoring

Set up monitoring so you learn about breaches quickly:

  • Subscribe to notifications on Have I Been Pwned
  • Enable breach monitoring in your password manager if it offers it
  • Sign up for credit monitoring services for financial protection

Stay Alert for Phishing

Most password compromises start with phishing. Learn to recognize the warning signs:

  • Unexpected emails asking you to log in or verify your account
  • Links that don't match the official website address
  • Urgent language trying to make you act quickly
  • Poor grammar or spelling in official-looking emails

When in doubt, don't click email links. Instead, type the website address directly into your browser or use a bookmarked link.

Long-Term Account Security

Beyond the immediate response, build these habits:

Monthly Security Checklist

  • Review login notifications for unusual activity
  • Check your accounts for unfamiliar activity
  • Update any passwords that haven't been changed in over a year
  • Review which devices have access to your accounts
  • Check for software updates on all your devices

When to Seek Additional Help

Some situations require professional assistance:

  • Identity theft: If personal information like your Social Security number was exposed, contact the FTC at IdentityTheft.gov
  • Financial fraud: Contact your bank's fraud department and consider a credit freeze
  • Business accounts: Notify your IT department or security team immediately
  • Persistent problems: If you keep getting locked out or seeing unauthorized activity, the problem may be deeper - consider professional cybersecurity help

Moving Forward

Discovering a compromised password is stressful, but it's also a wake-up call. Most people only implement strong security measures after something goes wrong. You now have the opportunity to build better security habits that will protect you in the future.

The immediate actions - changing passwords, enabling 2FA, checking for unauthorized activity - stop the current breach. The long-term actions - using a password manager, enabling 2FA everywhere, staying alert for phishing - prevent future breaches.

Think of this incident not as a failure, but as a chance to build security practices that will serve you well for years to come. The time you invest now in setting up proper security will save you countless hours and significant stress in the future.