In response to the growing number of data breaches, Proton Mail offers a feature to paid subscribers called Dark Web Monitoring(new window). Our system checks if your credentials or other data have been leaked to illegal marketplaces and alerts you if so. Often a quick reaction to a data breach can protect your digital identity and prevent any losses.

The impact a breach can have on your life depends greatly on the type of information that was exposed and to whom.

There are two general classes of data breaches: those where the service that leaked your information is known, and those where it is not. Massive data breaches like those that have occurred for LinkedIn(new window), Facebook(new window), and window) pose a different set of problems to those where a set of email/password combinations (combo lists) are sold or given away online by hackers.

This article includes general recommendations to mitigate the damage if your data leaks in a variety of scenarios. If you use Proton Mail’s Dark Web Monitoring service, we will give you actionable advice along with any breach notification you receive.

What is a data breach?

A data breach is when confidential, sensitive, or protected information is accessed or disclosed without authorization. This can involve the unintended release of personal data, such as social security numbers, credit card details, personal health information, or other personally identifiable information (PII). Data breaches can result from cybersecurity attacks, such as hacking or phishing, as well as from internal leaks or failures to secure data adequately.

Steps to take after a data breach

If the source of a data breach is known, you should immediately go to the service and check for any signs of unauthorized activity on your accounts, such as difficulty logging in, unexpected changes to security settings, receiving unfamiliar messages or notifications from your account, logins from unusual locations or at odd times, and unauthorized money transfers or purchases from your online accounts.

Some general steps to follow to secure a breached service include:

  1. If you’re unable to log in to the account, contact the provider’s customer support to try to regain access.
  2. If you have access, ensure your security settings, such as your recovery email, have not been changed. If they have, change them back.
  3. Change your password and use a password manager such as Proton Pass(new window).
  4. Log all devices and apps out of your account.
  5. Set up two-factor authentication(new window) (2FA).
  6. If the breached service is an email provider, it’s important to review your email filtering and forwarding rules. Criminals often establish forwarding rules on compromised email accounts to receive copies of all incoming emails, enabling them to intercept 2FA codes or reset passwords, for instance.
  7. If the service is a communication system or social network more generally, it can be a good idea to notify contacts that you have been breached and for them to watch out for suspicious messages and posts.

Dealing with the aftermath of a data leak

Even if you manage to secure a breached account, your email address, password, credit card number, physical address, and other information could have been leaked at the same time.

While all leaked information has some level of potential damage, some information is clearly more valuable than others, in particular:

  • Email addresses: Your email address is your online identity(new window), the passport all your accounts ask for when you log in. However, if your email address is all that’s exposed, you should be safe (hackers will still need to try to brute force your password to access your account). 

You should:

  • Remain vigilant for phishing emails, especially those that may arrive sometime after the breach becomes public knowledge. Look out for senders impersonating services that write to you regarding “resetting passwords”, “claiming compensation”, or “missed deliveries’’. These and urgent requests to act immediately or within a limited timeframe are red flags.
  • Enabling 2FA is an excellent way to protect your account from attackers because even if they obtain your password they will still be unable to enter your account without an additional piece of information on your device.
  • Use hide-my-email aliases(new window) when signing up to sites to protect your identity.
  • Passwords: Exposed passwords, login credentials, or encryption keys can enable unauthorized entry into your accounts, potentially resulting in additional security breaches and data theft. While plaintext passwords are generally more severe in nature, some websites may store passwords using weak hashing methods like MD5, which can also leave your passwords vulnerable to attack. Conversely, passwords leaked from websites where passwords were encrypted or hashed using stronger algorithms such as SHA256 or bcrypt will inherently offer greater resistance to attacks.
    Therefore, if plaintext or weakly hashed passwords have been exposed, you must change them immediately. We strongly recommend using a password manager, such as Proton Pass(new window), and 2FA(new window) wherever possible.
  • Credit card numbers: If your credit card number is leaked, you should put a hold on it immediately by calling the emergency number on the back of the card. It is also worth paying attention to your bank accounts and credit card statements and reporting any fraudulent transactions as soon as possible.
    If the source of the data breach is known, they will often provide subscriptions to credit monitoring software such as Experian so that you can mitigate financial risks.
  • Phone numbers: This can lead hackers to target you with phishing text messages, trying to catch you when you’re tired or not paying attention. You can protect yourself from spam calls in the UK with the Telephone Preference Service(new window) or in the US with the National Do Not Call Registry(new window). Other countries likely have similar services, which you can search for online. In addition, be wary of phishing attempts.
  • Social Security numbers: Social Security numbers are an important piece of information, particularly in the US, and can be used along with your name, address, and date of birth to set up credit cards or take out loans in your name. If you find out your Social Security number has been stolen, you should immediately report the theft to window), place a credit freeze, and add a fraud alert.

Though not exhaustive, this list covers the most commonly breached information. With almost 4,000 data breaches of 1.8 billion records happening in February 2024 alone, criminals are able to build up information about users across breaches to construct profiles containing not only your email addresses and passwords, but also your occupation, past employment, marital status, and more, making it easier to carry out more sophisticated phishing attacks. For example, this tool(new window) allows you to visualize your breach profile here.

Use better encryption to prevent data leaks

Many data breaches could be prevented if more online services used end-to-end encryption. At Proton, this form of encryption is at the heart of our security architecture. Whether it’s protecting your emails and attachments in Proton Mail or securing your files in Proton Drive, your data is encrypted on your device before uploading to our servers. That way, if hackers ever were to gain access to our systems, your information would remain encrypted because only you can unlock your data with your private key.

Learn more about Proton’s end-to-end encryption(new window)

Secure your emails, protect your privacy
Get Proton Mail free

Related articles

What to do if someone steals your Social Security number
If you’re a United States citizen or permanent resident, you have a Social Security number (SSN). This number is the linchpin of much of your existence, linked to everything from your tax records to your credit cards. Theft is a massive problem, whic
compromised passwords
Compromised passwords are a common issue and probably one of the biggest cybersecurity threats for regular people. How do passwords get compromised, and is there anything you can do to prevent it? * What does compromised password mean? * How do pa
Is WeTransfer safe?
  • Privacy basics
WeTransfer is a popular service used by millions worldwide to send large files. You may have wondered if it’s safe or whether you should use it to share sensitive files. We answer these questions below and present a WeTransfer alternative that may su
what is a dictionary attack
Dictionary attacks are a common method hackers use to try to crack passwords and break into online accounts.  While these attacks may be effective against people with poor account security, it’s extremely easy to protect yourself against them by usi
Data breaches are increasingly common. Whenever you sign up for an online service, you provide it with personal information that’s valuable to hackers, such as email addresses, passwords, phone numbers, and more. Unfortunately, many online services f
Secure, seamless communication is the foundation of every business. As more organizations secure their data with Proton, we’ve dramatically expanded our ecosystem with new products and services, from our password manager to Dark Web Monitoring for cr