Data breaches happen every day, and your email might be compromised without you knowing. Here’s how to check if your email has been hacked and what steps to take to secure your accounts.
Step 1: Check Have I Been Pwned
Go to haveibeenpwned.com and enter your email address. This free tool checks if your email appears in any known data breaches. If it shows breaches, your email data (and possibly password) has been exposed.
Step 2: Look for Warning Signs
- Unfamiliar emails in your Sent folder
- Password reset emails you didn’t request
- Login notifications from unknown locations/devices
- Friends receiving spam from your email
- Unable to log into your account
- Changes to your account settings you didn’t make
Step 3: Immediate Actions
- Change your password immediately — Use a strong, unique password (16+ characters)
- Enable two-factor authentication (2FA) — Use an authenticator app, not SMS
- Check connected apps — Remove any apps you don’t recognize that have access to your email
- Review forwarding rules — Hackers sometimes set up email forwarding to silently receive copies of your emails
- Log out of all sessions — Most email providers let you sign out of all devices at once
Step 4: Secure Other Accounts
If your email was breached, change passwords on all accounts linked to that email — banking, social media, shopping, etc. Use a password manager like Bitwarden or 1Password to generate unique passwords for each account.
Step 5: Monitor for Identity Theft
Set up credit monitoring alerts. Check your bank statements for unfamiliar transactions. Consider freezing your credit if the breach included sensitive personal information.
Prevention Tips
- Never reuse passwords across sites
- Use a password manager
- Enable 2FA everywhere
- Don’t click suspicious links in emails
- Use email aliases for different services