# Data Breach
# Problem description
Your email address and possibly other personal data related to it has been stolen or accidentally exposed from a database. Usually, this happens when you provide your email address and other personal data to a company or organization when you subscribe to a service, and that company or organization then gets hacked or otherwise fails to protect your personal data adequately.
Along with your email address, a data breach may include personal information such as passwords, home addresses, phone numbers or credit card numbers, depending what information you have given to the service and what has been exposed. Breached data can be published online or used by hackers for bad purposes.
Information about these kinds of data breaches along with exposed email addresses are collected by a widely-publicized and credible data breach reporting service Have I Been Pwned, operated by security researcher Troy Hunt. You can read more about the data breaches collected by them at Who's been pwned (opens new window). You can also learn more about data breaches in general in their FAQ (opens new window).
# Suggestions for repair
Since the data breach has already occurred, the most important thing is to stay calm. Many of the reported data breaches happened a long time ago. In most of the reported data breaches, the company or organization from where your data got stolen has already sent you a notification about the breach, asking you to protect your account by changing your password and providing other advice on how to stay safe. If you have done these things after the breach occurred, you should be quite safe. Your information can of course still be found among the breached data, but your account is protected from abuse.
If you have not known about the breach or if you have not yet acted according to the instructions, you should go to the affected service and change your password immediately. If you have been using the same password in other services, you should change those passwords too. In general, you should always use a different password for different services, so that data stolen from one service provider cannot be used to hack your other services.
# Protecting against future data breaches
There are many other common-sense things you can do to protect against data breaches in the future. These are a few well-proven suggestions:
- Use hard-to-guess passwords (opens new window). Do not use common words (e.g., your own name) or numbers (1234). Use random words or characters, with punctuation marks and numbers thrown in to further reduce guessability.
- Use a password manager application (opens new window) to generate and store good passwords on your behalf.
- Use two-factor authentication (opens new window) in services that support it. That way, if an attacker gets hold of your password, they still cannot access your account easily.