Rotate breached passwords and re-secure those accounts

    Once you know what leaked, the fix is straightforward: change anything reused, lock those accounts back down, and add a second factor so a stolen password alone isn't enough.

    Order of operations

      1. Email accounts first — they're the master key for password resets
      2. Banking and financial accounts next
      3. Anywhere you reused the breached password (this is usually most of your accounts)
      4. Lower-priority accounts (shopping, forums) last

    While you're in there

      • Remove old payment methods or shipping addresses you no longer use
      • Revoke 'connected apps' you don't recognise
      • Check recovery email and phone are still under your control

    More from Identity Recovery

    No image

    Stop the next breach from hurting you

    Set up monitoring and unique credentials so future breaches don't cascade.
    No image

    Document the impersonation before reporting

    Build the evidence pack you'll need for police, banks and credit bureaus.
    No image

    Confirm exactly which breach exposed you

    Pin down which services leaked, what fields were exposed, and which passwords are now public.