A data breach is when sensitive data is accessed or exposed without authorization. That data can include emails, passwords, phone numbers, personal details, payment information, or internal business data.
Why it matters for account recovery
Breaches matter because they often create secondary risk. Stolen passwords fuel credential stuffing. Stolen personal details fuel social engineering and fraud.
The right response depends on what was exposed. A breached email address is different from breached passwords or breached identity documents.
Common failure modes and misconceptions
- Assuming the breach is "someone else's problem": If you reused passwords, you inherited the incident.
- Resetting one password only: If reuse existed, the scope is all reused accounts, starting with email.
- Ignoring downstream fraud: Breaches can enable SIM swaps, account recovery scams, and payment fraud later.
Safe best practices
- Eliminate password reuse with a password manager.
- Use strong authentication (see 2FA) on control plane accounts.
- Watch for phishing follow-ups after a breach announcement.
Related terms
Related guides
- What to do if you're the victim of a data breach
- Was your information stolen in the massive Facebook hack?
Breach response is about scope control. If you remove reuse and harden the control plane, you reduce the chance that breach data turns into an account takeover.